Revision #2

You are currently reviewing an older revision of this page.
Go to current version
Each of the PowerShell Active Directory Modules, like Get-ADUser and Get-ADComputer, displays a default set of properties for all objects retrieved. You can specify other properties with the -Properties parameter, but the default set will always be included. There is another set of extended properties that can be specified. In addition, any Active Directory attribute appropriate to the class of objects can be included by specifying the LDAPDisplayName of the attribute in the -Properties parameter.

 
 Work in progress

 
Both the default and extended properties are really methods. They return values based on the actual Active Directory attributes of the objects, converted in some cases for display. This article documents the default and extended properties for many of the cmdlets that come with the Active Directory module in PowerShell Version 2.0. This article does not document the Active Directory attributes that apply to each class of object.


Properties Parameter

All of the Get-AD* cmdlets support the -Properties parameter. If the -Properties parameter is not included, only the default properties are retrieved. You can specify default properties, extended properties, or the LDAPDisplayName of any Active Directory attribute appropriate for the class of object. Many, but not all, of these properties and attributes can also be assigned values using the corresponding Set-AD* cmdlet.

Default Properties

For convenience, the Active Directory Get-AD* cmdlets always return a default set of properties. In many cases these correspond to mandatory attributes so they will always have values. These property names do not always match the LDAPDisplayName of the corresponding Active Directory attribute. For example, the SID property is in the default set for Get-ADUser and Get-ADComputer, but there is no such attribute in Active Directory. The SID property will be the objectSID attribute, which is a byte array, converted into a string.

Extended Properties

Each Active Directory Get-AD* cmdlet also supports extended properties. These are only retrieved if they are specified in the -Properties parameter of the cmdlet. Many can also be assigned values using the corresponding Set-AD* cmdlet. Again, the names of these properties may or may not match the LDAPDisplayName of the corresponding Active Directory attribute.

Active Directory Attributes

In addition, you can specify the LDAPDisplayName of any Active Directory attribute appropriate for the class of object with the -Properties parameter. If the attribute value cannot be displayed, such as nTSecurityDescriptor, then the class definition is displayed.

Get-ADUser

The default properties retrieved by the Get-ADUser cmdlet are documented below. The column labled "R/RW" documents whether the property is Read-Only (R) or Read-Write (RW). The last column documents the Active Directory attribute that the property is based on.

Property Syntax R/RW lDAPDisplayName
DistinguishedName String (DN) R distinguishedName
Enabled Boolean RW userAccountControl (bit mask Not 2)
GivenName String RW givenName
Name String R cn (Relative Distinguished Name)
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string
SamAccountName String RW sAMAccountName
SID Sid R objectSID converted to string
Surname String RW sn
UserPrincipalName String RW userPrincipalName

Get-ADComputer

The default properties retrieved by the Get-ADComputer cmdlet are documented below.

Property Syntax R/RW lDAPDisplayName
DistinguishedName String (DN) R distinguishedName
DNSHostName String RW dNSHostName
Enabled Boolean RW userAccountControl (bit mask Not 2)
Name String R cn (Relative Distinguished Name)
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string
SamAccountName String RW sAMAccountName
SID Sid R objectSID converted to string
UserPrincipalName String RW userPrincipalName

Get-ADGroup

The default properties retrieved by the Get-ADGroup cmdlet are documented below.

Property Syntax R/RW lDAPDisplayName
DistinguishedName String (DN) R distinguishedName
GroupCategory String RW groupType (bit mask 2147483648)
GroupScope String RW groupType (bit mask 1, 2, 4, or 8)
Name String R cn (Relative Distinguished Name)
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string
SamAccountName String RW sAMAccountName
SID Sid R objectSID converted to string

Get-ADObject

The default properties retrieved by the Get-ADObject cmdlet are documented below.

Property Syntax R/RW lDAPDisplayName
DistinguishedName String (DN) R distinguishedName
Name String R Relative Distinguished Name
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string

Get-ADOrganizationalUnit

The default properties retrieved by the Get-ADOrganizationalUnit cmdlet are documented below.

Property Syntax R/RW lDAPDisplayName
City String RW l
Country String RW c
DistinguishedName String (DN) R distinguishedName
LinkedGroupPolicyObjects ADCollection R
ManagedBy String (DN) RW managedBy
Name String R ou (Relative Distinguished Name)
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string
PostalCode String RW postalCode
State String RW st
StreetAddress String RW streetAddress