Active Directory: Get-ADComputer Default and Extended Properties

Active Directory: Get-ADComputer Default and Extended Properties

The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADComputer cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADComputer cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink.
Property Syntax R/RW lDAPDisplayName
AccountExpirationDate DateTime RW accountExpires, local time
AccountLockoutTime DateTime RW lockoutTime, local time
AccountNotDelegated Boolean RW userAccountControl (bit mask 1048576)
AllowReversiblePasswordEncryption Boolean RW userAccountControl (bit mask 128)
BadLogonCount Int32 R badPwdCount
CannotChangePassword Boolean RW nTSecurityDescriptor
CanonicalName String R canonicalName
Certificates ADCollection RW userCertificate
CN String R cn
Created DateTime R whenCreated
Deleted Boolean R isDeleted
Description String RW description
DisplayName String RW displayName
DistinguishedName String (DN) R distinguishedName
DNSHostName String RW dNSHostName
DoesNotRequirePreAuth Boolean RW userAccountControl (bit mask 4194304)
Enabled Boolean RW userAccountControl (bit mask not 2)
HomedirRequired Boolean RW userAccountControl (bit mask 8)
HomePage String RW wWWHomePage
IPv4Address String R
IPv6Address String R
LastBadPasswordAttempt DateTime R badPasswordTime, local time
LastKnownParent String (DN) R lastKnownParent
LastLogonDate DateTime R lastLogonTimeStamp, local time
Location String RW location
LockedOut Boolean RW msDS-User-Account-Control-Computed (bit mask 16)
ManagedBy String (DN) RW managedBy
MemberOf ADCollection R memberOf
MNSLogonAccount Boolean RW userAccountControl (bit mask 131072)
Modified DateTime R whenChanged
Name String R cn (Relative Distinguished Name)
ObjectCategory String R objectCategory
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string
OperatingSystem String RW operatingSystem
OperatingSystemHotfix String RW operatingSystemHotFix
OperatingSystemServicePack String RW operatingSystemServicePack
OperatingSystemVersion String RW operatingSystemVersion
PasswordExpired Boolean RW msDS-User-Account-Control-Computed (bit mask 8388608)
PasswordLastSet DateTime RW pwdLastSet, local time
PasswordNeverExpires Boolean RW userAccountControl (bit mask 64)
PasswordNotRequired Boolean RW userAccountControl (bit maks 32)
PrimaryGroup String R Group with primaryGroupToken
ProtectedFromAccidentalDeletion Boolean RW nTSecurityDescriptor
SamAccountName String RW sAMAccountName
ServiceAccount ADCollection RW msDS-HostServiceAccount
ServicePrincipalNames ADCollection RW servicePrincipalName
SID Sid R objectSID converted to string
SIDHistory ADCollection R sIDHistory
TrustedForDelegation Boolean RW userAccountControl (bit mask 524288)
TrustedToAuthForDelegation Boolean RW userAccountControl (bit mask 16777216)
UseDESKeyOnly Boolean RW userAccountControl (bit mask 2097152)
UserPrincipalName String RW userPrincipalName

See Also

Leave a Comment
  • Please add 8 and 5 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
  • Richard Mueller edited Original. Comment: Updated values in table

Page 3 of 3 (21 items) 123
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
  • Richard Mueller edited Revision 14. Comment: Explained that properties with lower case initial letter are AD attributes

  • Richard Mueller edited Revision 15. Comment: Clarified -Properties parameter not case sensitive

  • Richard Mueller edited Revision 16. Comment: Used colors to designate default and extended properties

  • Richard Mueller edited Revision 17. Comment: Change color formatting

  • Richard Mueller edited Revision 18. Comment: Removed lDAPDisplayNames of AD attributes from the table, so it only documents default and extended properties

  • I decided to remove all AD attributes from the table. The table now only documents the default and extended properties exposed by Get-ADComputer. I decided that the AD attributes in the table were no different from any other attributes appropriate for the class of object. This table was never intended to document all computer object attributes.

    When you specify -Properties * with Get-ADComputer, all default and extended properties are retrieved, plus the values of AD attributes that have values. The table originally included some AD attributes, but only because they nearly always have values. When you specify properties using the -Properties parameter, the names are case insensitive. However, when the cmdlet returns property names, all default and extended property names begin with an upper case letter. Any AD attribute names begin with a lower case letter.

  • Richard Mueller edited Revision 19. Comment: Changed whenModified to whenChanged

  • Richard Mueller edited Revision 21. Comment: Remove "Return to top" link.

Page 2 of 2 (23 items) 12