Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This table specifies the field-to-database-attribute mapping, where the field is a field in a user-related structure such as SAMPR_USER_ALL_INFORMATION (section 2.2.6.6) and the database attribute is an attribute defined on a user object. These attributes are from the data model specified in section 3.1.1.
|
Field name |
Database attribute |
|---|---|
|
LastLogon |
lastLogon |
|
LastLogoff |
lastLogoff |
|
PasswordLastSet |
pwdLastSet |
|
AccountExpires |
accountExpires |
|
PasswordCanChange |
See section 3.1.5.14.3 for message processing. |
|
PasswordMustChange |
See section 3.1.5.14.4 for message processing. |
|
UserName |
sAMAccountName |
|
FullName |
displayName |
|
HomeDirectory |
homeDirectory |
|
HomeDirectoryDrive |
homeDrive |
|
ScriptPath |
scriptPath |
|
ProfilePath |
profilePath |
|
AdminComment |
description |
|
WorkStations |
userWorkstations |
|
UserComment |
comment |
|
Parameters |
userParameters |
|
UserId |
RID of objectSid |
|
PrimaryGroupId |
primaryGroupId |
|
UserAccountControl* |
userAccountControl |
|
LogonHours |
logonHours |
|
BadPasswordCount |
badPwdCount |
|
LogonCount |
logonCount |
|
CountryCode |
countryCode |
|
CodePage |
codePage |
|
NtOwfPassword** |
unicodePwd |
|
LmOwfPassword** |
dBCSPwd |
|
NtPasswordPresent** |
Not persisted as a database attribute |
|
LmPasswordPresent** |
Not persisted as a database attribute |
|
PrivateData** |
Not persisted as a database attribute |
|
PasswordExpired** |
Not persisted as a database attribute |
|
SecurityDescriptor** |
ntSecurityDescriptor |
*On read of UserAccountControl, the database attribute value MUST be:
Augmented with the UF_LOCKOUT bit if the lockoutTime attribute value on the target object is nonzero and if its value plus the Effective-LockoutDuration attribute value (section 3.1.1.5) is less than the current time.
Augmented with UF_PASSWORD_EXPIRED if PasswordMustChange is less than the current time.
Translated according to the table in section 3.1.5.14.2.
**NtOwfPassword, NtPasswordPresent, LmOwfPassword, LmPasswordPresent, PrivateData, PasswordExpired, and SecurityDescriptor cannot be returned by the SAM Remote Protocol, as indicated by the processing instructions specified in sections 3.1.5.5.6 and 3.1.5.5.5