{"id":72557,"date":"2022-11-29T12:00:00","date_gmt":"2022-11-29T17:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=72557"},"modified":"2024-11-05T18:32:13","modified_gmt":"2024-11-05T23:32:13","slug":"active-directory-attributes","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes","title":{"rendered":"Active Directory Attributes"},"content":{"rendered":"\n<p><a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-faq\">Active Directory (AD)<\/a> is a directory service\/identity provider (IdP) that administrators use to connect users to resources on Windows-based networks. It\u2019s built into Windows Server and works through <a href=\"https:\/\/jumpcloud.com\/blog\/ad-ds\">Active Directory Domain Services<\/a> (AD DS) to secure PCs, file shares, and applications. AD DS stores information about network objects (e.g., users, groups, systems, etc.) and their relationship to one another. Your organization may still be using AD because it can provide user-based policies for access control and you feel that it\u2019s necessary.&nbsp;<\/p>\n\n\n\n<p>Attributes are what determine user permissions and make it possible for admins to query AD and produce compliance reports. Understanding how AD stores this user information makes it easier to manage multiple domains, configure single sign-on (SSO) when it\u2019s necessary to access external resources or create <a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/compliance\/information-barriers-policies\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">information barriers<\/a> between departments.&nbsp;<\/p>\n\n\n\n<p>SSO breaks down identity silos and makes it possible to centralize your policies and controls with groups. However, that\u2019s not possible if users aren\u2019t decorated with the right attributes, or attributes aren\u2019t mapped to a cloud directory that modernizes AD. This article focuses on users and how AD stores information that can be used for group management and flow into identity and access management (IAM) systems to make access decisions in your network and beyond. The goal is to increase IT efficiency and establish stronger security for users and devices.<\/p>\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/large-202303-EB-Resource-BreakingUpWithAD-290x175-SiteDisplay-aspect-ratio-160-110.png\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n            Breaking Up with Active Directory        <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Don\u2019t let your directory hold you back. Learn why it\u2019s time to break up with AD.        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/resources\/ebook-breaking-up-with-active-directory\" data-promo=\"Breaking Up with Active Directory\" class=\"button is-primary-green promo-small-banner-link\">Read Now<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading1\">Object Classes Defined<\/h2>\n\n\n\n<p>First, let\u2019s cover some core terminology:<\/p>\n\n\n\n<p><strong>User objects:<\/strong> User objects represent individuals within your organization who are a part of the domain. The user object resides within the higher level user class, and attributes determine what information each class can hold. This concept is called a Directory Information Tree (DIT). These concepts are outlined in more detail below.<\/p>\n\n\n\n<p><strong>Directory Service Tree:<\/strong> The DIT consists of the Distinguished Names (DNs) of directory service entries, a unique identifier that\u2019s familiar to AD administrators and PowerShell users. For example, a DN makes it possible to execute a command on an object such as a user account. Microsoft uses \u201ctree\u201d as terminology for when multiple domains are grouped together; multiple trees form a forest, which can encapsulate multiple locations and IT teams. Organizational units (OUs) organize groups, users, and devices at all levels of the AD forest.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"184\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/11\/1.gif\" alt=\"Microsoft TechNet Wiki\" class=\"wp-image-72566\" title=\"Cc977992.DSBB12(en-us,TechNet.10).gif\"\/><figcaption class=\"wp-element-caption\"><em>Image credit: Microsoft TechNet Wiki<\/em><\/figcaption><\/figure>\n\n\n\n<p><strong>Object attributes:<\/strong> Object attributes define basic properties\/information about them, such as first or last name. Attributes are essential to how the directory functions. Think of them as key-value pairs in a database that have predefined names so that Lightweight Directory Access Protocol (LDAP) can function as an open protocol in an IdP. A collection of attributes is an entry, such as an individual user in AD.&nbsp;<\/p>\n\n\n\n<p>Entries are differentiated from one another using their DN. Attributes can belong to multiple classes in AD, because the classScheme and attributeSchema are defined separately. Windows admins who have the schema master role can use the Schema Management Microsoft Management Console (MMC) snap-in to introduce custom attributes by registering schemas.<\/p>\n\n\n\n<p><strong>ObjectClasses:<\/strong> ObjectClasses are essentially a collection of attributes (a container). The <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-ldap-authentication\">LDAP standard<\/a> uses directory schemas to define ObjectClasses and class hierarchy to store and retrieve data. Attributes that are associated with ObjectClasses are used to describe something, such as a person, so a person would fall within the user class type. ObjectClasses can also be an attribute that\u2019s used in directory search operations and reporting. ObjectClasses are outlined by the <a href=\"https:\/\/jumpcloud.com\/blog\/how-to-connect-your-application-to-ldap\">LDAP standard<\/a>, which AD was built on, and fall into three categories:&nbsp;<\/p>\n\n\n\n<ul>\n<li><strong>Abstract class:<\/strong> Recall the concept of object-oriented programming where abstractions make code reusable and extendable. It indicates the top of the inheritance chain in LDAP. The \u201ctop object\u201d class, which serves as root classes for most other object classes, is a well-known example. Abstract classes are sub-classed entries that inherit attribute types, which make them useful as templates for creating new classes in AD. They create a common definition of a base class that multiple subclasses can share. The function is nearly identical to structural classes in AD, but objects that are instances of abstract classes aren\u2019t instantiated within AD DS.<\/li>\n\n\n\n<li><strong>Structural class:<\/strong> These classes outline where entries may occur in the DIT and what attributes are allowed. These are the only classes that have instances in AD DS.&nbsp;<\/li>\n\n\n\n<li><strong>Auxiliary class:<\/strong> Auxiliary classes are included in the schema definition of all classes and list the attributes for an entry\/class. They don\u2019t define a core entry but establish the requisite characteristics. For instance, AD uses \u201cMust-Contain\u201d or \u201cMay-Contain\u201d to mandate (or make optional) attributes when a class is created by governing its values. Active Directory\u2019s technical specification supports <a href=\"https:\/\/learn.microsoft.com\/en-us\/openspecs\/windows_protocols\/ms-adts\/06f3acb8-8cff-49e9-94ad-6737fa0a9503\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">statically linking<\/a> auxiliary classes to the ClassSchema other object classes in order of inheritance from the top class. \u201csecurityPrincipal\u201d is an example of an auxiliary class in Active Directory that Windows uses then to permit or deny entities (groups or users) rights to the operating system.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Note that AD has <a href=\"https:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/52570.active-directory-syntaxes-of-attributes.aspx\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">syntaxes, called DataType<\/a>, that determine what type of data can be stored within an attribute. It can be a confusing topic because there may be more than one name for the same attribute in AD.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading2\">Common Active Directory Object Attributes<\/h2>\n\n\n\n<p>Active Directory stores attributes for applications, computers, printers, shared folders, and users. Think back to the AD user object. An organization would store attributes such as:<\/p>\n\n\n\n<ul>\n<li>First name<\/li>\n\n\n\n<li>Last name<\/li>\n\n\n\n<li>Email<\/li>\n\n\n\n<li>Telephone<\/li>\n\n\n\n<li>Title<\/li>\n\n\n\n<li>Department<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"400\" height=\"512\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/11\/2.jpeg\" alt=\"Microsoft TechNet\" class=\"wp-image-72567\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/2.jpeg 400w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/2-234x300.jpeg 234w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><figcaption class=\"wp-element-caption\"><em>Image credit: Microsoft TechNet<\/em><\/figcaption><\/figure>\n\n\n\n<p>AD object attributes make it possible to drill down into events to learn which user on which computer (by computer name) may have accessed a particular resource. This is possible because LDAP requires that every attribute has an LDAP name that can be used in queries.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IT Efficiency and Zero Trust Security<\/h3>\n\n\n\n<p>AD DS relies on an access control entry (ACE) to grant or deny an object (such as a user or group) access to a resource. Entries are collectively known as an access control list (ACL). An ACL contains many different ACEs, which presents the risk of many outdated group memberships or the wrong denial rule grinding operations to a halt.&nbsp;<\/p>\n\n\n\n<p>Nested groups streamline granting permissions, but also have <a href=\"https:\/\/jumpcloud.com\/blog\/nested-groups\">downsides and risks<\/a>. AD\u2019s access control is a manual process that\u2019s prone to human error. Moreover, there&#8217;s no context in the authentication decision that takes risk(s) into account. The good news is that attributes from AD can be leveraged to automate access resources in IAM systems.&nbsp;<\/p>\n\n\n\n<p>For example, JumpCloud\u2019s <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-integration\">Active Directory Integration<\/a> (ADI) syncs with AD and places users into groups based on their attributes. This is made possible via <a href=\"https:\/\/jumpcloud.com\/blog\/the-immediate-advantages-of-attribute-based-access-control\">attribute-based access control<\/a> (ABAC), which works a bit differently than AD admins may be used to. For instance, a user that changes departments may no longer require access to an accounting system.&nbsp;<\/p>\n\n\n\n<p>AD DS would grant any user that belongs to a group access, despite organizational attributes having changed. AD creates higher administrative overhead and it doesn\u2019t offer <a href=\"https:\/\/jumpcloud.com\/resources\/zero-trust-security\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust security<\/a>. Meaning, AD has no insight into system state or user and session risks and nothing challenges the authentication decision. That places information and identities at risk.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Some AD admins like having user-based policies on shared devices. It helps to think of that approach as building a wall in the front yard but leaving the backyard open. It makes more sense to apply a strong posture across all users on all devices.<\/p><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading3\">How to Find Active Directory Attributes<\/h2>\n\n\n\n<p>Admins can query AD from the Active Directory Users and Computer (ADUC) console, an add-on to MMC in Windows Server. It\u2019s the go-to tool for managing objects and their attributes. There\u2019s a hidden tab in ADUC called Active Directory Attribute Editor that lists all attributes and their corresponding values, including hidden attributes. Some attributes are marked confidential and values can be hidden from admins.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"425\" height=\"329\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/11\/3.jpeg\" alt=\"Microsoft TechNet user community\" class=\"wp-image-72568\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/3.jpeg 425w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/3-300x232.jpeg 300w\" sizes=\"(max-width: 425px) 100vw, 425px\" \/><figcaption class=\"wp-element-caption\"><em>Image credit: Microsoft TechNet user community<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"399\" height=\"492\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/11\/4-2.png\" alt=\"Microsoft Learn\" class=\"wp-image-72569\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/4-2.png 399w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/4-2-243x300.png 243w\" sizes=\"(max-width: 399px) 100vw, 399px\" \/><figcaption class=\"wp-element-caption\"><em>Image credit: Microsoft Learn<\/em><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">PowerShell<\/h3>\n\n\n\n<p>The Active Directory PowerShell module is part of the Remote Server Administration Tools (RSAT) for Windows and can be used as an alternative method by command line gurus. The Get-ADUser command is used in combination with filtering to return user properties.<\/p>\n\n\n\n<p>For example:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>Get-ADUser -Identity WorthingtonDavid -Properties *<br><br>Surname &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : David<br>Name&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : Worthington David<br>UserPrincipalName :<br>GivenName &nbsp; &nbsp; &nbsp; &nbsp; : David<br>Enabled &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : False<br>SamAccountName&nbsp; &nbsp; : WorthingtonDavid<br>ObjectClass &nbsp; &nbsp; &nbsp; : user<br>SID &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; : S-2-6-31-47795136661-7810167215-4424248291-7722<br>ObjectGUID&nbsp; &nbsp; &nbsp; &nbsp; : 4bec018b-dbbc-4adc-8872-a6b182ac1e5d<br>DistinguishedName : CN=Worthington David,OU=NorthAmerica,OU=Marketing,OU=UserAccounts,DC=JUMPCLOUD,DC=COM<\/p>\n<\/div><\/div>\n\n\n\n<p>It\u2019s also possible to use services that integrate with AD to review attributes and more, including managing access control to your web applications. Integrations with directory services such as JumpCloud and Entra ID can extend authentication to SaaS applications for SSO with the ability to permit AD to make access decisions when it makes sense to.&nbsp;<\/p>\n\n\n\n<p>JumpCloud also provides access to network devices, similar to the <a href=\"https:\/\/jumpcloud.com\/blog\/freeradius-vs-windows-nps\">Network Policy Server<\/a> (NPS) role for Windows, but without <a href=\"https:\/\/jumpcloud.com\/blog\/microsoft-server-core-licensing-costs-more\">additional overhead<\/a>. It can also contain AD\u2019s footprint for lower costs and higher efficiency: containing head count, server room expenses, and hardware costs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading4\">AD Attributes and JumpCloud<\/h2>\n\n\n\n<p>Your AD user attributes can become a useful element of your IAM strategy. JumpCloud\u2019s groups utilize ABAC and can automate membership changes or make suggestions that admins can act on. JumpCloud also imports the preexisting group structures and memberships from AD. Additional user attributes may be <a href=\"https:\/\/jumpcloud.com\/blog\/how-jumpclouds-hris-integration-works\">imported from an HRIS system<\/a> to align HR and IT operations.&nbsp;<\/p>\n\n\n\n<p>JumpCloud\u2019s ABAC establishes more mature entitlement management than AD with less administrative overhead. Group memberships can be combined with environment-wide <a href=\"https:\/\/jumpcloud.com\/platform\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">multi-factor authentication<\/a> (MFA) and <a href=\"https:\/\/jumpcloud.com\/blog\/conditional-access-policies-examples\">conditional access<\/a> for privileged users. The directory supports OIDC, RADIUS, LDAP, and SAML authentication methods with MFA everywhere.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"344\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/11\/5-4.png\" alt=\"An Activity Directory domain that\u2019s integrated with JumpCloud\" class=\"wp-image-72570\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/5-4.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/5-4-300x202.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><figcaption class=\"wp-element-caption\"><em>An Activity Directory domain that\u2019s integrated with JumpCloud<\/em><\/figcaption><\/figure>\n\n\n\n<p>AD attributes can be managed through JumpCloud when Windows domains are <a href=\"https:\/\/jumpcloud.com\/use-cases\/replace-ad\">integrated with JumpCloud\u2019s open directory<\/a>. JumpCloud\u2019s <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/the-jumpcloud-powershell-module\" target=\"_blank\" rel=\"noreferrer noopener\">PowerShell Module<\/a> will query all user attributes in addition to taking <a href=\"https:\/\/github.com\/TheJumpCloud\/support\/wiki\/Using-the-JumpCloud-PowerShell-Module\" target=\"_blank\" rel=\"noreferrer noopener\">bulk actions<\/a> to add, modify, or implement custom attributes to AD.<\/p>\n\n\n\n<p>For example:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>&nbsp;Set-JCUser -username bobby.boy -NumberOfCustomAttributes 2 -Attribute1_name Department -Attribute1_value Dev -Attribute2_name Location -Attribute2_value Boulder<\/p>\n<\/div><\/div>\n\n\n\n<p>AD is otherwise maintained as the \u201csystem of record\u201d for your attributes.<\/p>\n\n\n\n<p>There are even more ways to capture your AD attributes within JumpCloud. The <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-directory-insights\">Directory Insights<\/a> reporting tool captures telemetry, including user attributes. The <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/Introduction-to-the-Directory-Insights-API\" target=\"_blank\" rel=\"noreferrer noopener\">Directory Insights API <\/a>may also be used to review activity within your directory using other reporting tools.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"167\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/11\/6-1.png\" alt=\"Directory insights reporting tool screenshot\" class=\"wp-image-72571\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/6-1.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/11\/6-1-300x98.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>One of the many benefits of AD integration is that JumpCloud\u2019s <a href=\"https:\/\/support.jumpcloud.com\/s\/article\/Configuring-the-Active-Directory-Integration\" target=\"_blank\" rel=\"noreferrer noopener\">Active Directory Integration<\/a> (ADI) application will automatically import basic attributes from AD, including:<\/p>\n\n\n\n<ul>\n<li>First name<\/li>\n\n\n\n<li>Last name<\/li>\n\n\n\n<li>Password<\/li>\n\n\n\n<li>Password expiration<\/li>\n\n\n\n<li>Email<\/li>\n\n\n\n<li>Username (logon name in AD)<\/li>\n\n\n\n<li>User state<\/li>\n\n\n\n<li>Department<\/li>\n\n\n\n<li>Employee type<\/li>\n\n\n\n<li>Job title<\/li>\n\n\n\n<li>Company<\/li>\n\n\n\n<li>Manager<\/li>\n<\/ul>\n\n\n\n<p>Changes made within AD will reflect in the JumpCloud tenant within 90 seconds.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Organizations that are also using Azure Active Directory (AAD) can perform bilateral attribute mapping with JumpCloud.<\/p><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Try JumpCloud<\/h2>\n\n\n\n<p>JumpCloud provides a smooth path to migrate off or modernize AD. ADI has configuration options that will enable you to determine where and how you want to manage users, groups, and passwords. It also provides a migration tool to <a href=\"https:\/\/jumpcloud.com\/blog\/automate-active-directory-migration-tool\">transfer identities<\/a>.<\/p>\n\n\n\n<p>Cross-OS device management is a critical component to control and protect modern IT infrastructures. JumpCloud pairs the ability to manage every endpoint with an <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-directory\" target=\"_blank\" rel=\"noreferrer noopener\">open directory platform<\/a> to secure every identity and resource. This unified approach delivers strong access control while consolidating your tools for increased IT operational efficiency.&nbsp;<\/p>\n\n\n\n<p>JumpCloud also provides SSO, <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-the-radius-protocol\">cloud RADIUS<\/a> to manage access to network devices and Wi-Fi, and additional IT management features including a free <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-introduces-remote-assist\">Remote Assist<\/a> tool, <a href=\"https:\/\/jumpcloud.com\/platform\/patch-management\">patch management<\/a> for devices and browsers, and a <a href=\"https:\/\/jumpcloud.com\/platform\/password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a> to keep your identities and resources safe.<\/p>\n\n\n\n<p><a href=\"https:\/\/console.jumpcloud.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">Try JumpCloud for free<\/a> and find out if it\u2019s the right option for your organization\u2019s journey away from AD.<\/p>\n\n\n\n<p>Our customers tell us that asset management is also important for security and IT operations. <a href=\"https:\/\/jumpcloud.com\/blog\/jumpcloud-acquires-resmo-for-integrated-asset-management\">JumpCloud is enhancing its platform<\/a> to unify SaaS, security, and <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-it-asset-management-itam\">IT asset management<\/a>.<\/p>\n\n\n\n<p>Learn more about how admins will be able to consolidate security, asset, device, access, and identity management with JumpCloud and how those features go hand in hand.<\/p>\n\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/01\/men-collaborating-with-laptop-aspect-ratio-160-110.jpg\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n            Pricing Options for Every Organization        <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Packages and A La Carte Pricing        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/pricing\" data-promo=\"Explore Pricing\" class=\"button is-primary-green promo-small-banner-link\">Explore JumpCloud Pricing<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\">Active Directory Attribute FAQs<\/h2>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#what_are_active_directory_attributes_in_windows_server_\" data-action=\"collapse\">What are Active Directory attributes in Windows Server?<\/a><div id=\"what_are_active_directory_attributes_in_windows_server_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Active Directory attributes are properties that define characteristics of objects stored in the Active Directory database, such as users, computers, groups, and organizational units (OUs).<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_many_types_of_attributes_are_there_in_active_directory_\" data-action=\"collapse\">How many types of attributes are there in Active Directory?<\/a><div id=\"how_many_types_of_attributes_are_there_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Active Directory attributes can be categorized into two types: built-in attributes, which are predefined by the system, and extension attributes, which can be customized to meet specific organizational needs.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#what_are_some_common_built_in_attributes_in_active_directory_\" data-action=\"collapse\">What are some common built-in attributes in Active Directory?<\/a><div id=\"what_are_some_common_built_in_attributes_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Common built-in attributes in Active Directory include username (sAMAccountName), full name (displayName), email (mail), phone number (telephoneNumber), and group membership (memberOf).<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#can_i_create_custom_attributes_in_active_directory_\" data-action=\"collapse\">Can I create custom attributes in Active Directory?<\/a><div id=\"can_i_create_custom_attributes_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Yes, you can extend the Active Directory schema to create custom attributes tailored to your organization&#8217;s requirements. However, schema modifications using the Active Directory Schema MMC Snap-In should be done with caution and proper planning. Creating objects is a permanent operation, and while objects may be disabled, they cannot be deleted.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_do_attributes_affect_user_authentication_in_active_directory_\" data-action=\"collapse\">How do attributes affect user authentication in Active Directory?<\/a><div id=\"how_do_attributes_affect_user_authentication_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Attributes including username and password are crucial for user authentication in Active Directory. Domain Controller checks these attributes for validity when a user attempts to log in.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#what_is_the_purpose_of_the_distinguishedname_attribute_in_active_directory_\" data-action=\"collapse\">What is the purpose of the distinguishedName attribute in Active Directory?<\/a><div id=\"what_is_the_purpose_of_the_distinguishedname_attribute_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>The distinguishedName (DN) attribute uniquely identifies each object in Active Directory and represents its hierarchical path within the domain.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_can_i_view_and_manage_active_directory_attributes_for_users_and_other_objects_\" data-action=\"collapse\">How can I view and manage Active Directory attributes for users and other objects?<\/a><div id=\"how_can_i_view_and_manage_active_directory_attributes_for_users_and_other_objects_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Active Directory attributes can be managed using various tools, such as Active Directory Users and Computers (ADUC), PowerShell cmdlets, and third-party management consoles.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#are_there_attributes_specific_to_computers_in_active_directory_\" data-action=\"collapse\">Are there attributes specific to computers in Active Directory?<\/a><div id=\"are_there_attributes_specific_to_computers_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Yes, computers in Active Directory have unique attributes, including hostname (name), operating system (operatingSystem), and service pack version (operatingSystemServicePack).<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_do_i_query_active_directory_attributes_using_ldap_queries_\" data-action=\"collapse\">How do I query Active Directory attributes using LDAP queries?<\/a><div id=\"how_do_i_query_active_directory_attributes_using_ldap_queries_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>LDAP (Lightweight Directory Access Protocol) queries allow you to search and retrieve specific attributes from Active Directory, providing valuable information for various administrative tasks. However, LDAP auditing must be enabled on your endpoints in order to do this.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#can_i_delegate_control_of_specific_attributes_to_non_administrative_users_\" data-action=\"collapse\">Can I delegate control of specific attributes to non-administrative users?<\/a><div id=\"can_i_delegate_control_of_specific_attributes_to_non_administrative_users_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Yes, you can use Active Directory&#8217;s delegation features to grant non-administrative users permission to modify specific attributes while restricting access to other parts of the directory. This requires using the Delegate Control wizard in Active Directory Users and Computers.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_can_i_enforce_attribute_constraints_and_validation_in_active_directory_\" data-action=\"collapse\">How can I enforce attribute constraints and validation in Active Directory?<\/a><div id=\"how_can_i_enforce_attribute_constraints_and_validation_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Attribute <a href=\"https:\/\/learn.microsoft.com\/en-us\/openspecs\/windows_protocols\/ms-adts\/7dfeb38c-3cb9-4215-ae1c-ef209fd251ae\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">constraints and validation<\/a> can be enforced using custom scripts, PowerShell validation functions, or by setting attribute limits in the schema.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_do_attributes_play_a_role_in_group_policy_management_in_active_directory_\" data-action=\"collapse\">How do attributes play a role in Group Policy management in Active Directory?<\/a><div id=\"how_do_attributes_play_a_role_in_group_policy_management_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Attributes such as user group membership and computer attributes are essential for applying Group Policy settings to specific users and computers within the domain.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_can_i_control_access_to_sensitive_active_directory_attributes_\" data-action=\"collapse\">How can I control access to sensitive Active Directory attributes?<\/a><div id=\"how_can_i_control_access_to_sensitive_active_directory_attributes_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>To control access to sensitive attributes, use attribute-level permissions and Active Directory security groups to restrict modifications to specific users or administrative roles.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#what_are_some_best_practices_for_securing_active_directory_attributes_against_unauthorized_changes_\" data-action=\"collapse\">What are some best practices for securing Active Directory attributes against unauthorized changes?<\/a><div id=\"what_are_some_best_practices_for_securing_active_directory_attributes_against_unauthorized_changes_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Implementing the principle of least privilege, auditing attribute changes, enabling object access auditing, and regularly reviewing security logs are some best practices to secure Active Directory attributes.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#what_is_the__read_only__attribute_in_active_directory__and_can_it_enhance_security_\" data-action=\"collapse\">What is the &#8220;Read-Only&#8221; attribute in Active Directory, and can it enhance security?<\/a><div id=\"what_is_the__read_only__attribute_in_active_directory__and_can_it_enhance_security_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>The &#8220;Read-Only&#8221; attribute in Active Directory allows you to mark certain attributes as non-modifiable, ensuring that sensitive information remains immutable, even for administrators.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_can_i_detect_and_remediate_unauthorized_changes_to_critical_attributes_in_active_directory_\" data-action=\"collapse\">How can I detect and remediate unauthorized changes to critical attributes in Active Directory?<\/a><div id=\"how_can_i_detect_and_remediate_unauthorized_changes_to_critical_attributes_in_active_directory_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Employing Active Directory auditing and using third-party security information and event management (SIEM) solutions can help detect and respond to unauthorized changes to critical attributes promptly. You may also set various domain controller audit policies and PowerShell logging.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#can_i_encrypt_specific_active_directory_attributes_to_enhance_data_security_\" data-action=\"collapse\">Can I encrypt specific Active Directory attributes to enhance data security?<\/a><div id=\"can_i_encrypt_specific_active_directory_attributes_to_enhance_data_security_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Active Directory does not provide attribute-level encryption, but you can encrypt sensitive data using encryption mechanisms within applications or third-party encryption solutions before storing them in Active Directory.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_can_i_prevent_the_disclosure_of_sensitive_information_through_active_directory_attributes_\" data-action=\"collapse\">How can I prevent the disclosure of sensitive information through Active Directory attributes?<\/a><div id=\"how_can_i_prevent_the_disclosure_of_sensitive_information_through_active_directory_attributes_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Regularly review access permissions, configure attribute-level security, and provide proper training to administrators to prevent the unintentional disclosure of sensitive information.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_does_attribute_level_filtering_in_active_directory_improve_security_in_lightweight_directory_access_protocol__ldap__queries_\" data-action=\"collapse\">How does attribute-level filtering in Active Directory improve security in Lightweight Directory Access Protocol (LDAP) queries?<\/a><div id=\"how_does_attribute_level_filtering_in_active_directory_improve_security_in_lightweight_directory_access_protocol__ldap__queries_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Implementing attribute-level filtering in LDAP queries restricts the attributes returned in query results, reducing the risk of exposing sensitive data to unauthorized users.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#can_i_implement_data_masking_for_specific_active_directory_attributes_\" data-action=\"collapse\">Can I implement data masking for specific Active Directory attributes?<\/a><div id=\"can_i_implement_data_masking_for_specific_active_directory_attributes_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Active Directory does not natively support data masking, but you can implement data masking solutions at the application layer to protect sensitive attribute values.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#how_do_i_handle_the_security_of_attributes_when_migrating_or_integrating_active_directory_with_other_systems_\" data-action=\"collapse\">How do I handle the security of attributes when migrating or integrating Active Directory with other systems?<\/a><div id=\"how_do_i_handle_the_security_of_attributes_when_migrating_or_integrating_active_directory_with_other_systems_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>During migration or integration, ensure proper attribute mapping and consider the security implications of attribute synchronization to maintain data integrity and security across systems.<\/p>\n<\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#what_are_some_common_security_risks_associated_with_misconfigured_active_directory_attributes_\" data-action=\"collapse\">What are some common security risks associated with misconfigured Active Directory attributes?<\/a><div id=\"what_are_some_common_security_risks_associated_with_misconfigured_active_directory_attributes_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Misconfigured attributes can lead to privilege escalation, data leakage, unauthorized access, and account compromise. Regular security assessments can help identify and mitigate these risks.<\/p>\n<\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.<\/p>\n","protected":false},"author":150,"featured_media":43453,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"collection":[2779,2780],"platform":[],"funnel_stage":[3015],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Active Directory Attributes - JumpCloud<\/title>\n<meta name=\"description\" content=\"Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Active Directory Attributes\" \/>\n<meta property=\"og:description\" content=\"Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-29T17:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-05T23:32:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"Active Directory Attributes\",\"datePublished\":\"2022-11-29T17:00:00+00:00\",\"dateModified\":\"2024-11-05T23:32:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\"},\"wordCount\":2927,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\",\"url\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\",\"name\":\"Active Directory Attributes - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg\",\"datePublished\":\"2022-11-29T17:00:00+00:00\",\"dateModified\":\"2024-11-05T23:32:13+00:00\",\"description\":\"Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg\",\"width\":1280,\"height\":853,\"caption\":\"man wearing headphones working in front of a computer\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Active Directory Attributes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Active Directory Attributes - JumpCloud","description":"Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes","og_locale":"en_US","og_type":"article","og_title":"Active Directory Attributes","og_description":"Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.","og_url":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes","og_site_name":"JumpCloud","article_published_time":"2022-11-29T17:00:00+00:00","article_modified_time":"2024-11-05T23:32:13+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"Active Directory Attributes","datePublished":"2022-11-29T17:00:00+00:00","dateModified":"2024-11-05T23:32:13+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes"},"wordCount":2927,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes","url":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes","name":"Active Directory Attributes - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg","datePublished":"2022-11-29T17:00:00+00:00","dateModified":"2024-11-05T23:32:13+00:00","description":"Active Directory attributes help define user objects so that each object is unique. Learn more about object attributes and how to find them.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/active-directory-attributes"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/12\/on-demand-radius-server.jpg","width":1280,"height":853,"caption":"man wearing headphones working in front of a computer"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-attributes#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Active Directory Attributes"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/72557"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=72557"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/72557\/revisions"}],"predecessor-version":[{"id":117170,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/72557\/revisions\/117170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/43453"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=72557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=72557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=72557"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=72557"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=72557"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=72557"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=72557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}