User Object Properties

A user object has a number of properties. This section documents the key properties that are used by the Windows® 2000 operating system, administrative tools, and the Windows Address Book (WAB). It does not describe all properties (many are not used) on the user object.

Some properties are stored in the directory (such as cn, nTSecurityDescriptor, objectGUID, and so on) and replicated to all domain controllers within a domain. A subset of these properties is also replicated to the global catalog.

Non-replicated properties are stored on each domain controller but are not replicated elsewhere (such as badPwdCount, lastLogon, lastLogoff, and so on). The non-replicated properties are properties that pertain to a particular domain controller. For example, lastLogon is the last date and time that the user's network logon was validated by the particular domain controller that is returning the property.

A user object also has constructed properties that are not stored in the directory but are calculated by the domain controller (such as canonicalName, distinguishedName, allowedAttributes, ADsPath, and so on). Note that distinguishedName and ADsPath are not defined in the schema.

Properties for user objects fall into the following categories:

• Base object. This category covers properties required on all directory objects, such as objectClass, nTSecurityDescriptor, and so on.
• Naming/Identity. This category covers properties that are referring to or identifying the object, such as distinguishedName, objectGUID, objectSid, and so on.
• Security. This category covers properties for logon and access control purposes.
• Address book. This category covers properties for e-mail and general information about the user.
• Application-specific information. This category covers user-specific configuration information for specific applications such as dial-up networking.

For more information about the User class, including a complete list of the mayContain and mustContain properties of the class, see User.