List all attributeID-s via Powershell

Hi,

In my research to an Exchange issue I came across a very useful cmdlet which allowed me to list all AD attributes which are enabled to be resolved by ANR in Outlook.

The cmdlet:
Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext)  -SearchScope OneLevel -LDAPFilter "(searchFlags:1.2.840.113556.1.4.803:=4)" -Property objectClass, name, whenChanged,  whenCreated, LDAPDisplayName

I have some trouble understanding the searchflag. Unless you specifically the number you cannot do the search, but how to find which number is what?

I found in Adsiedit that the number is an attributeID parameter which is listed under schema objects.
e.g. ACS-Max-Peak-Bandwidth is  1.2.840.113556.1.4.767.

Is there a way I can get a list of all objects that have this parameter set?

Regards,

Szabolcs

February 23rd, 2015 9:50am


I have some trouble understanding the searchflag. Unless you specifically the number you cannot do the search, but how to find which number is what?

Open page 66 of "Active Directory 4th edition" by Brian Desmond and you will have all those bits there. :)

But in a nutshell bit 4 means to include it in ANR search.  8 for example preserves the attribute when the object is deleted and so on. I have the full list in the book I mentioned above. Read it because it is not possible to include all the bits here.

That 1.2.840.113556.1.4.767 you mentioned is the full OID. What is the data type? If Boolean I believe you can include it with -Filter and -Properties parameter of appropriate PowerShell cm

Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2015 10:10am
You might want to start with this:
http://adadmin.blogspot.co.uk/2009/10/finding-out-what-searchflags-are-set-on.html
http://www.frickelsoft.net/blog/?p=151
February 23rd, 2015 10:22am

The searchFlags attribute is documented here:

https://msdn.microsoft.com/en-us/library/cc223153.aspx

ANR, and how to find attributes in the set (or add to the set) is described in this Wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/22653.active-directory-ambiguous-name-resolution.aspx

Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2015 11:28am

Hi Mahdi,

Thank you for the information. I was unable to find any detailed information yesterday. Already got the book, I am going to check it out.

Regards,

February 24th, 2015 4:47am

Hi Richard,

Thank you for the links. I have already read the second but I did not know the first.

Regards,

Free Windows Admin Tool Kit Click here and download it now
February 24th, 2015 4:48am

Hi Ahmed,

I will have to take a good look at the links. Thank you,

Regards,

PS: Why google did not get me any of these beats me...

February 24th, 2015 4:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics