{"id":5880,"date":"2020-01-07T09:28:51","date_gmt":"2020-01-07T14:28:51","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=5880"},"modified":"2020-01-07T09:29:04","modified_gmt":"2020-01-07T14:29:04","slug":"identifying-system-only-ad-attributes","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=5880","title":{"rendered":"Identifying System-Only AD Attributes"},"content":{"rendered":"<div class=\"post-text\">\n<p>This information is specific to Active Directory. MSDN has documentation for each schema attribute &#8212; e.g. <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/adschema\/a-canonicalname\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CN<\/a> &#8212; which documents if the attribute is &#8220;system only&#8221; or not.<\/p>\n<p>For an automated process, search at the base <code>cn=schema,cn=configuration,dc=example,dc=com<\/code> with the filter <code>(&amp;(ldapDisplayName=AttributeName))<\/code>and return the value of <code>systemOnly<\/code>. E.G. this shows that operatingSystemServicePack is user writable.<\/p>\n<pre><code>***Searching...\r\nldap_search_s(ld, \"cn=schema,cn=configuration,dc=example,dc=com\", 2, \"(&amp;(ldapDisplayName=operatingSystemServicePack))\", attrList,  0, &amp;msg)\r\nGetting 1 entries:\r\nDn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,dc=example,dc=com\r\nsystemOnly: FALSE; \r\n<\/code><\/pre>\n<p>You can also list <em>all<\/em> of the system-only attributes by using the filter <code>(&amp;(systemOnly=TRUE))<\/code> and returning <code>ldapDisplayName<\/code><\/p>\n<pre><code>***Searching...\r\nldap_search_s(ld, \"cn=schema,cn=configuration,dc=example,dc=com\", 2, \"(&amp;(systemOnly=TRUE))\", attrList,  0, &amp;msg)\r\nGetting 189 entries:\r\nDn: CN=OM-Object-Class,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: oMObjectClass; \r\n\r\nDn: CN=Canonical-Name,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: canonicalName; \r\n\r\nDn: CN=Managed-Objects,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: managedObjects; \r\n\r\nDn: CN=MAPI-ID,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: mAPIID; \r\n\r\nDn: CN=Mastered-By,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: masteredBy; \r\n\r\nDn: CN=Top,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: top; \r\n\r\nDn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: nTDSDSARO; \r\n\r\nDn: CN=Application-Process,CN=Schema,CN=Configuration,dc=example,dc=com\r\nlDAPDisplayName: applicationProcess; \r\n...\r\n<\/code><\/pre>\n<\/div>\n<div class=\"grid mb0 fw-wrap ai-start jc-end gs8 gsy\">\n<p>&nbsp;<\/p>\n<div class=\"grid--cell mr16\">\n<div class=\"post-menu\"><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This information is specific to Active Directory. MSDN has documentation for each schema attribute &#8212; e.g. CN &#8212; which documents if the attribute is &#8220;system only&#8221; or not. For an automated process, search at the base cn=schema,cn=configuration,dc=example,dc=com with the filter (&amp;(ldapDisplayName=AttributeName))and return the value of systemOnly. E.G. this shows that operatingSystemServicePack is user writable. ***Searching&#8230; &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[68,303,887],"class_list":["post-5880","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-active-directory","tag-ldap","tag-schema"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/5880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5880"}],"version-history":[{"count":2,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/5880\/revisions"}],"predecessor-version":[{"id":5882,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/5880\/revisions\/5882"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}