NetTools

The Swiss army knife of AD troubleshooting

Skip to content
  • Home
  • Features
  • Screenshots
  • Download
  • Blog
  • Other Tools
    • NTFS ACL Viewer
    • GPO Viewer
  • FAQ
  • Contact Us

LDAP Search – Attributes

The Attributes field defines what attributes should be returned by the query, the attributes are specified as a comma separated list. The attributes field also support an number of additional functions for formatting, decode types, and updates.

The Attributes field has the following format:

Syntax: [Attribute[;Conditional Attribute][;DecodeType][;Type][=<Op><Value>]][,][Meta.<Type>.<Attribute>[,] []

Attribute - the name of the attribute to be returned, the list of attributes is provided in a comma separated list, i.e. name, whencreated, pwdlastset.  If the attributes field is left blank all attributes of the object are returned, with the exception of constructed attributes.  

Conditional Attributes - Conditional Attributes allow the user to define the value that is returned based on a true or false conditional statement. See Conditional Attributes

DecodeType - the option is used to change the default DecodeType of an attribute i.e. LastLogonTimeStamp;int64.  See Decode Types for a full list of Decode Types 

Type - These are the Microsoft supported options that provide additional server side functionality, they are:

Range:x-x
Binary

=Op - These are the parameters to complete update queries. See Update Query

Meta.<Type>.<Attribute> - This provides the ability to return the meta data details of an attribute in a query result.  The meta data for an attribute includes the following fields - version number, local USN, originating server, time, and originating DC, any of these can be returned.  The meta data is from the server being queried, to see the meta across all DC use the Meta Data option.

Type:

ver - Version
lusn - Local USN
ousn - Originating USN
time - Time of change
dc - Originating DC

Attribute - The name of the attribute

Examples:

meta.ver.objectclass 
meta.time.pwdlastset
meta.dc.lastlogontimestamp

This entry was posted in Information and tagged Conditional Attributes, Decode Types, Meta Data, Update Queries on 28 July 2019 by NetTools.

Post navigation

← LDAP Search Favorites LDAP Search – Conditional Attributes →

Recent Posts

  • How To View the Permissions that will be assigned by the SDProp Process
  • NetTools v1.31.0
  • How To Compare the Permissions of Two AD Objects
  • How To Import an AD Permissions Report Filter
  • How To Test GPOs as GPOTool.exe is no longer available
  • How To Display the RootDSE of an AD Domain Controller
  • How To Find Assigned Permissions in AD (v1.30.8+)
  • How To Restore deleted AD objects
  • How To Display which Fine Grain Password Policy is applied
  • How To Find Assigned Permissions in AD (pre v1.30.8)
  • How To Display the Meta Data of an AD object
  • How To Troubleshot which GPOs have been applied
  • Mapping Get-ADTrust attributes to the TDO Object
  • How To: Display the time when members were added or removed from a group
  • NetTools v1.30.0
  • How To Find Active Directory Effective Rights
  • How To: Clear the group membership for a list of users
  • NLTEST Flags – what does 0x20000 mean?
  • How To: Using Search Stats OID 1.2.840.113556.1.4.970
  • Process Flow for LDAP Search
Proudly powered by WordPress