Platform SDK: Active Directory, ADSI, and Directory Services

User Object Properties

A user object has a number of properties. This section documents the key properties that are used by the Windows® 2000 operating system, administrative tools, and the Windows Address Book (WAB). It does not describe all properties (many are not used) on the user object.

Some properties are stored in the directory (such as cn, nTSecurityDescriptor, objectGUID, and so on) and replicated to all domain controllers within a domain. A subset of these properties is also replicated to the global catalog.

Non-replicated properties are stored on each domain controller but are not replicated elsewhere (such as badPwdCount, lastLogon, lastLogoff, and so on). The non-replicated properties are properties that pertain to a particular domain controller. For example, lastLogon is the last date and time that the user's network logon was validated by the particular domain controller that is returning the property.

A user object also has constructed properties that are not stored in the directory but are calculated by the domain controller (such as canonicalName, distinguishedName, allowedAttributes, ADsPath, and so on). Note that distinguishedName and ADsPath are not defined in the schema.

Properties for user objects fall into the following categories:

For more information about the User class, including a complete list of the mayContain and mustContain properties of the class, see User.