active-directoryldapazure-active-directoryldapjs

How to know what are the attributes and its values will be populated by Microsoft Active Directory server for particular object?

Whenever I am trying to create the computer object in Microsoft Active Directory as below:

var ldap = require('ldapjs');

var client = ldap.createClient({
  url: 'ldap://<<host>>:389'
});

client.bind('<<Admin DN>>', '<<password>>', function(err) {
  if(err){
      console.log('error',err);
  }else{
      console.log('bind is success');
  }
});

var newDN = "CN=testcomputeruser,OU=testou,DC=test,DC=com";
var newUser = {
    cn: 'newtestComputer334',
    objectClass: 'computer',
    description: 'This is test implementation hence this is test description.', 
    //System will populate 'netbootInitialization':'TestNetbootInitialization',
    //System will populate 'netbootGUID':'b0ae470c-16bc-4019-b455-8c96ec515f55',
    //System will populate 'netbootMachineFilePath':'TestNetbootMachineFilePath',
    //System will populate 'siteGUID':'1010101011', 
    //System will populate 'netbootSIFFile':'TestnetbootSIFFile',
    //System will populate 'netbootMirrorDataFile':'TestnetbootMirrorDataFile',
    //System will populate 'msDS-AdditionalDnsHostName':'TestmsDS-AdditionalDnsHostName',
    //System will populate 'msDS-AdditionalSamAccountName':'TestmsDS-AdditionalSamAccountName',
    //System will populate 'msDS-ExecuteScriptPassword':'10100111100011100',    
    //System will populate 'netbootDUID':'10100111100011010101',    
  }

client.add(newDN, newUser,function(err, resp) {
    console.log('newDN : ', newDN);
    console.log('newUser : ' ,newUser);
  if(err){
      console.log('error',err);
  }else{
      console.log('new user is success');
      //////////////////////////////////////////
      client.unbind(function(err) {
          if(err){
              console.log('error unbind : ',err);
          }else{
              console.log('unbind is success');
          }
        });
      //////////////////////////////////////////    
  }
})

Here values for the attributes like netbootSIFFile, netbootMirrorDataFile, msDS-AdditionalDnsHostName, msDS-AdditionalSamAccountName, msDS-ExecuteScriptPassword and netbootDUID will be populated by Microsoft Active Directory.

As per the schema we could not find any indicators for the same.

Is there any way to find the system attributes from the Active Directory(LDAP) schema for each object class?

Solution

  • If you read the class object for Computer in the schema via LDAP (e.g. CN=Computer,CN=Schema,CN=Configuration,DC=test,DC=com), you can read the systemMayContain attribute, which is a list of attributes that "can only be modified by the system."

    Or you could just create a computer object, setting the least amount of attributes that it will let you, then read back all the attributes that have values. All the attributes with values that you didn't set are ones that were set by the system.