3.1.5.14.11 User Field to Attribute Name Mapping
This table specifies the field-to-database-attribute mapping, where the field is a field in a user-related structure such as SAMPR_USER_ALL_INFORMATION (section 2.2.6.6) and the database attribute is an attribute defined on a user object. These attributes are from the data model specified in section 3.1.1.
|
Field name |
Database attribute |
|---|---|
|
LastLogon |
lastLogon |
|
LastLogoff |
lastLogoff |
|
PasswordLastSet |
pwdLastSet |
|
AccountExpires |
accountExpires |
|
PasswordCanChange |
See section 3.1.5.14.3 for message processing. |
|
PasswordMustChange |
See section 3.1.5.14.4 for message processing. |
|
UserName |
sAMAccountName |
|
FullName |
displayName |
|
HomeDirectory |
homeDirectory |
|
HomeDirectoryDrive |
homeDrive |
|
ScriptPath |
scriptPath |
|
ProfilePath |
profilePath |
|
AdminComment |
description |
|
WorkStations |
userWorkstations |
|
UserComment |
comment |
|
Parameters |
userParameters |
|
UserId |
RID of objectSid |
|
PrimaryGroupId |
primaryGroupId |
|
UserAccountControl* |
userAccountControl |
|
LogonHours |
logonHours |
|
BadPasswordCount |
badPwdCount |
|
LogonCount |
logonCount |
|
CountryCode |
countryCode |
|
CodePage |
codePage |
|
NtOwfPassword** |
unicodePwd |
|
LmOwfPassword** |
dBCSPwd |
|
NtPasswordPresent** |
Not persisted as a database attribute |
|
LmPasswordPresent** |
Not persisted as a database attribute |
|
PrivateData** |
Not persisted as a database attribute |
|
PasswordExpired** |
Not persisted as a database attribute |
|
SecurityDescriptor** |
ntSecurityDescriptor |
*On read of UserAccountControl, the database attribute value MUST be:
Augmented with the UF_LOCKOUT bit if the lockoutTime attribute value on the target object is nonzero and if its value plus the Effective-LockoutDuration attribute value (section 3.1.1.5) is less than the current time.
Augmented with UF_PASSWORD_EXPIRED if PasswordMustChange is less than the current time.
Translated according to the table in section 3.1.5.14.2.
**NtOwfPassword, NtPasswordPresent, LmOwfPassword, LmPasswordPresent, PrivateData, PasswordExpired, and SecurityDescriptor cannot be returned by the SAM Remote Protocol, as indicated by the processing instructions specified in sections 3.1.5.5.6 and 3.1.5.5.5