A question came to me last week when I was doing a deep drill of Azure AD Connect user attribute mapping and replication:
What attributes can an Active Directory user object possibly have? Not just the populated ones. Not just the ones visible in AD Users & Computers advanced view. But: ALL OF THEM!
I looked around and found a couple of half answers. One post suggested looking at the mayContain and systemMayContain attributes of the User object in the AD Schema. Also, in forums you’ll see partial answers to this intriguing question.
To get THE FULL answer you need to understand the way Active Directory schema classes inherit their attributes.
Active Directory Classes and Attribute Inheritance
In the Active Directory schema you will find all definitions of classes and attributes.
A class can be of three types:
- Structural – you can create an actual object from this type of class
- Abstract – you can inherit from this class but not create an object
- Auxiliary – defines supplemental classes implemented by a class
A class (of any type) may have up to four lists of attributes included in it’s definition. These lists are defined in the following class attributes:
- mayContain
- mustContain
- systemMayContain
- systemMustContain
Additionally, all classes inherit from a parent class (except the root of all classes, the “top” class).
The following diagram shows you how the user class is designed in the Active Directory schema:

It inherits from the organizationPerson class, which again inherits from the person class, which again inherits from the top class.
The user class includes the class definition (more attributes!) from a number of supplemental classes as defined in the auxiliaryClass and systemAuxiliaryClass attributes.
The user class, all the inherited classes and all the supplemental classes define the attributes that can be included in a user object (in the above diagram the mayContain, mustContain, systemMayContain and systemMustContain are only shown for the user class to keep it simple).
Extending AD Management to Include Office 365
Using third-party tools like Easy365Manager allows you to manage Office 365 licenses and mailboxes directly from AD Users & Computers:

With Easy365Manager you no longer have to log into to multiple web consoles and have an on-premises Exchange Server to manage your hybrid Office 365 environment.
Using PowerShell to List All AD User Attributes
Per the previous AD class overview you need to examine the following to get the full list of potential attributes for any class definition:
- Find a list of all classes inherited by the class (inheritance chain)
- Find a list of all supplemental (auxiliary) classes for the classes found in the previous step
- Find all attribute lists in the four mustContain/mayContain attributes of the classes found in the two previous (don’t forget the class itself)
A PowerShell script to undertake this task could look like this:
Import-Module ActiveDirectory
$Loop = $True
$ClassName = "User"
$ClassArray = [System.Collections.ArrayList]@()
$UserAttributes = [System.Collections.ArrayList]@()
# Retrieve the User class and any parent classes
While ($Loop) {
$Class = Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -Like $ClassName } -Properties AuxiliaryClass, SystemAuxiliaryClass, mayContain, mustContain, systemMayContain, systemMustContain, subClassOf, ldapDisplayName
If ($Class.ldapDisplayName -eq $Class.subClassOf) {
$Loop = $False
}
$ClassArray.Add($Class)
$ClassName = $Class.subClassOf
}
# Loop through all the classes and get all auxiliary class attributes and direct attributes
$ClassArray | % {
# Get Auxiliary class attributes
$Aux = $_.AuxiliaryClass | % { Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -like $_ } -Properties mayContain, mustContain, systemMayContain, systemMustContain } |
Select-Object @{n = "Attributes"; e = { $_.mayContain + $_.mustContain + $_.systemMaycontain + $_.systemMustContain } } |
Select-Object -ExpandProperty Attributes
# Get SystemAuxiliary class attributes
$SysAux = $_.SystemAuxiliaryClass | % { Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -like $_ } -Properties MayContain, SystemMayContain, systemMustContain } |
Select-Object @{n = "Attributes"; e = { $_.maycontain + $_.systemmaycontain + $_.systemMustContain } } |
Select-Object -ExpandProperty Attributes
# Get direct attributes
$UserAttributes += $Aux + $SysAux + $_.mayContain + $_.mustContain + $_.systemMayContain + $_.systemMustContain
}
$UserAttributes | Sort-Object | Get-Unique
The output of the script depends of course on what schema version and extensions you’re running. In my test lab the output looks like this:
accountExpires accountNameHistory aCSPolicyName adminCount adminDescription adminDisplayName allowedAttributes allowedAttributesEffective allowedChildClasses allowedChildClassesEffective altRecipient altRecipientBL altSecurityIdentities assistant attributeCertificate attributeCertificateAttribute audio authOrig authOrigBL autoReply autoReplyMessage badPasswordTime badPwdCount bridgeheadServerListBL businessCategory businessRoles c canonicalName carLicense cn co codePage comment company controlAccessRights countryCode createTimeStamp dBCSPwd defaultClassStore deletedItemFlags delivContLength deliverAndRedirect deliveryMechanism delivExtContTypes department departmentNumber description desktopProfile destinationIndicator directReports displayName displayNamePrintable distinguishedName division dLMemDefault dLMemRejectPerms dLMemRejectPermsBL dLMemSubmitPerms dLMemSubmitPermsBL dnQualifier dSASignature dSCorePropagationData dynamicLDAPServer employeeID employeeNumber employeeType enabledProtocols expirationTime extensionAttribute1 extensionAttribute10 extensionAttribute11 extensionAttribute12 extensionAttribute13 extensionAttribute14 extensionAttribute15 extensionAttribute2 extensionAttribute3 extensionAttribute4 extensionAttribute5 extensionAttribute6 extensionAttribute7 extensionAttribute8 extensionAttribute9 extensionData extensionName facsimileTelephoneNumber flags folderPathname formData forwardingAddress fromEntry frsComputerReferenceBL fRSMemberReferenceBL fSMORoleOwner garbageCollPeriod gecos generationQualifier gidNumber givenName groupMembershipSAM groupPriority groupsToIgnore heuristics homeDirectory homeDrive homeMDB homeMTA homePhone homePostalAddress houseIdentifier importedFrom info initials instanceType internationalISDNNumber internetEncoding ipPhone isCriticalSystemObject isDeleted isPrivilegeHolder isRecycled jpegPhoto kMServer l labeledURI language languageCode lastKnownParent lastLogoff lastLogon lastLogonTimestamp legacyExchangeDN lmPwdHistory localeID lockoutTime loginShell logonCount logonHours logonWorkstation mail mailNickname managedObjects manager mAPIRecipient masteredBy maxStorage mDBOverHardQuotaLimit mDBOverQuotaLimit mDBStorageQuota mDBUseDefaults memberOf mhsORAddress middleName mobile modifyTimeStamp msCOM-PartitionSetLink msCOM-UserLink msCOM-UserPartitionSetLink msDFSR-ComputerReferenceBL msDFSR-MemberReferenceBL msDRM-IdentityCertificate msDS-AllowedToActOnBehalfOfOtherIdentity msDS-AllowedToDelegateTo msDS-Approx-Immed-Subordinates msDS-AssignedAuthNPolicy msDS-AssignedAuthNPolicySilo msDS-AuthenticatedAtDC msDS-AuthenticatedToAccountlist msDS-AuthNPolicySiloMembersBL msDS-Cached-Membership msDS-Cached-Membership-Time-Stamp msDS-ClaimSharesPossibleValuesWithBL msDS-CloudAnchor msDS-cloudExtensionAttribute1 msDS-cloudExtensionAttribute10 msDS-cloudExtensionAttribute11 msDS-cloudExtensionAttribute12 msDS-cloudExtensionAttribute13 msDS-cloudExtensionAttribute14 msDS-cloudExtensionAttribute15 msDS-cloudExtensionAttribute16 msDS-cloudExtensionAttribute17 msDS-cloudExtensionAttribute18 msDS-cloudExtensionAttribute19 msDS-cloudExtensionAttribute2 msDS-cloudExtensionAttribute20 msDS-cloudExtensionAttribute3 msDS-cloudExtensionAttribute4 msDS-cloudExtensionAttribute5 msDS-cloudExtensionAttribute6 msDS-cloudExtensionAttribute7 msDS-cloudExtensionAttribute8 msDS-cloudExtensionAttribute9 mS-DS-ConsistencyChildCount mS-DS-ConsistencyGuid mS-DS-CreatorSID msDS-EnabledFeatureBL msDS-ExternalDirectoryObjectId msDS-FailedInteractiveLogonCount msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon msDS-GeoCoordinatesAltitude msDS-GeoCoordinatesLatitude msDS-GeoCoordinatesLongitude msDS-HABSeniorityIndex msDS-HostServiceAccountBL msDS-IsDomainFor msDS-IsFullReplicaFor msDS-IsPartialReplicaFor msDS-IsPrimaryComputerFor msDS-KeyCredentialLink msDS-KeyPrincipalBL msDS-KeyVersionNumber msDS-KrbTgtLinkBl msDS-LastFailedInteractiveLogonTime msDS-LastKnownRDN msDS-LastSuccessfulInteractiveLogonTime msDS-LocalEffectiveDeletionTime msDS-LocalEffectiveRecycleTime msDs-masteredBy msds-memberOfTransitive msDS-MembersForAzRoleBL msDS-MembersOfResourcePropertyListBL msds-memberTransitive msDS-NCReplCursors msDS-NCReplInboundNeighbors msDS-NCReplOutboundNeighbors msDS-NC-RO-Replica-Locations-BL msDS-NcType msDS-NonMembersBL msDS-ObjectReferenceBL msDS-ObjectSoa msDS-OIDToGroupLinkBl msDS-OperationsForAzRoleBL msDS-OperationsForAzTaskBL msDS-parentdistname msDS-PhoneticCompanyName msDS-PhoneticDepartment msDS-PhoneticDisplayName msDS-PhoneticFirstName msDS-PhoneticLastName msDS-PrimaryComputer msDS-PrincipalName msDS-PSOApplied msDS-ReplAttributeMetaData msDS-ReplValueMetaData msDS-ReplValueMetaDataExt msDS-ResultantPSO msDS-RevealedDSAs msDS-RevealedListBL msDS-SecondaryKrbTgtNumber msDS-Site-Affinity msDS-SourceAnchor msDS-SourceObjectDN msDS-SupportedEncryptionTypes msDS-SyncServerUrl msDS-TasksForAzRoleBL msDS-TasksForAzTaskBL msDS-TDOEgressBL msDS-TDOIngressBL msds-tokenGroupNames msds-tokenGroupNamesGlobalAndUniversal msds-tokenGroupNamesNoGCAcceptable msDS-User-Account-Control-Computed msDS-UserPasswordExpiryTimeComputed msDS-ValueTypeReferenceBL msExchADCGlobalNames msExchAddressBookFlags msExchAggregationSubscriptionCredential msExchALObjectVersion msExchAlternateMailboxes msExchApprovalApplicationLink msExchArbitrationMailbox msExchArchiveAddress msExchArchiveDatabaseBL msExchArchiveDatabaseLink msExchArchiveGUID msExchArchiveName msExchArchiveQuota msExchArchiveStatus msExchArchiveWarnQuota msExchAssistantName msExchAuditAdmin msExchAuditDelegate msExchAuditDelegateAdmin msExchAuditOwner msExchAvailabilityOrgWideAccountBL msExchAvailabilityPerUserAccountBL msExchBlockedSendersHash msExchBypassAudit msExchBypassModerationBL msExchBypassModerationFromDLMembersBL msExchBypassModerationFromDLMembersLink msExchBypassModerationLink msExchCalculatedTargetAddress msExchCalendarRepairDisabled msExchCapabilityIdentifiers msExchCoManagedObjectsBL msExchConferenceMailboxBL msExchConfigurationUnitBL msExchContentConversionSettings msExchControllingZone msExchCU msExchCustomProxyAddresses msExchDelegateListBL msExchDelegateListLink msExchDeviceAccessControlRuleBL msExchDirsyncID msExchDirsyncSourceObjectClass msExchDisabledArchiveDatabaseLink msExchDisabledArchiveGUID msExchDumpsterQuota msExchDumpsterWarningQuota msExchEdgeSyncCookies msExchEdgeSyncRetryCount msExchEdgeSyncSourceGuid msExchELCExpirySuspensionEnd msExchELCExpirySuspensionStart msExchELCMailboxFlags msExchEnableModeration msExchEwsApplicationAccessPolicy msExchEwsEnabled msExchEwsExceptions msExchEwsWellKnownApplicationPolicies msExchExpansionServerName msExchExternalDirectoryObjectId msExchExternalOOFOptions msExchExternalSyncState msExchFBURL msExchForeignGroupSID msExchGenericForwardingAddress msExchHABRootDepartmentBL msExchHABShowInDepartments msExchHideFromAddressLists msExchHomeServerName msExchHouseIdentifier msExchIMACL msExchIMAddress msExchIMAP4Settings msExchIMAPOWAURLPrefixOverride msExchIMMetaPhysicalURL msExchImmutableId msExchIMPhysicalURL msExchIMVirtualServer msExchInconsistentState msExchIntendedMailboxPlanBL msExchIntendedMailboxPlanLink msExchInterruptUserOnAuditFailure msExchIsMSODirsynced msExchLabeledURI msExchLastExchangeChangedTime msExchLicenseToken msExchLitigationHoldDate msExchLitigationHoldOwner msExchMailboxAuditEnable msExchMailboxAuditLastAdminAccess msExchMailboxAuditLastDelegateAccess msExchMailboxAuditLastExternalAccess msExchMailboxAuditLogAgeLimit msExchMailboxFolderSet msExchMailboxFolderSet2 msExchMailboxGuid msExchMailboxMoveBatchName msExchMailboxMoveFlags msExchMailboxMoveRemoteHostName msExchMailboxMoveSourceArchiveMDBBL msExchMailboxMoveSourceArchiveMDBLink msExchMailboxMoveSourceMDBBL msExchMailboxMoveSourceMDBLink msExchMailboxMoveSourceUserBL msExchMailboxMoveStatus msExchMailboxMoveStorageMDBBL msExchMailboxMoveTargetArchiveMDBBL msExchMailboxMoveTargetArchiveMDBLink msExchMailboxMoveTargetMDBBL msExchMailboxMoveTargetMDBLink msExchMailboxMoveTargetUserBL msExchMailboxOABVirtualDirectoriesLink msExchMailboxPlanType msExchMailboxSecurityDescriptor msExchMailboxTemplateLink msExchMailboxUrl msExchManagementSettings msExchMasterAccountSid msExchMaxBlockedSenders msExchMaxSafeSenders msExchMDBRulesQuota msExchMessageHygieneFlags msExchMessageHygieneSCLDeleteThreshold msExchMessageHygieneSCLJunkThreshold msExchMessageHygieneSCLQuarantineThreshold msExchMessageHygieneSCLRejectThreshold msExchMobileAllowedDeviceIDs msExchMobileBlockedDeviceIDs msExchMobileDebugLogging msExchMobileMailboxFlags msExchMobileMailboxPolicyLink msExchMobileRemoteDocumentsAllowedServersBL msExchMobileRemoteDocumentsBlockedServersBL msExchMobileRemoteDocumentsInternalDomainSuffixListBL msExchMobileSettings msExchModeratedByLink msExchModeratedObjectsBL msExchModerationFlags msExchObjectCountQuota msExchObjectID msExchOmaAdminExtendedSettings msExchOmaAdminWirelessEnable msExchOnPremiseObjectGuid msExchOrganizationsAddressBookRootsBL msExchOrganizationsGlobalAddressListsBL msExchOrganizationsTemplateRootsBL msExchOriginatingForest msExchOURoot msExchOWAAllowedFileTypesBL msExchOWAAllowedMimeTypesBL msExchOWABlockedFileTypesBL msExchOWABlockedMIMETypesBL msExchOWAForceSaveFileTypesBL msExchOWAForceSaveMIMETypesBL msExchOWAPolicy msExchOWARemoteDocumentsAllowedServersBL msExchOWARemoteDocumentsBlockedServersBL msExchOWARemoteDocumentsInternalDomainSuffixListBL msExchOWASettings msExchOWATranscodingFileTypesBL msExchOWATranscodingMimeTypesBL msExchParentPlanBL msExchParentPlanLink msExchPartnerGroupID msExchPfRootUrl msExchPoliciesExcluded msExchPoliciesIncluded msExchPolicyEnabled msExchPolicyOptionList msExchPOP3Settings msExchPreviousAccountSid msExchPreviousHomeMDB msExchPreviousMailboxGuid msExchProvisioningFlags msExchProxyCustomProxy msExchQueryBaseDN msExchRBACPolicyBL msExchRBACPolicyLink msExchRecipientDisplayType msExchRecipientTypeDetails msExchRecipientValidatorCookies msExchRecipLimit msExchRemoteRecipientType msExchRequireAuthToSendTo msExchResourceCapacity msExchResourceDisplay msExchResourceGUID msExchResourceMetaData msExchResourceProperties msExchResourceSearchProperties msExchRetentionComment msExchRetentionURL msExchRMSComputerAccountsBL msExchRMSComputerAccountsLink msExchSafeRecipientsHash msExchSafeSendersHash msExchSendAsAddresses msExchSenderHintTranslations msExchServerAssociationBL msExchServerAssociationLink msExchServerSiteBL msExchSetupStatus msExchShadowAssistantName msExchShadowC msExchShadowCo msExchShadowCompany msExchShadowCountryCode msExchShadowDepartment msExchShadowDisplayName msExchShadowFacsimileTelephoneNumber msExchShadowGivenName msExchShadowHomePhone msExchShadowInfo msExchShadowInitials msExchShadowL msExchShadowMailNickname msExchShadowManagerLink msExchShadowMobile msExchShadowOtherFacsimileTelephone msExchShadowOtherHomePhone msExchShadowOtherTelephone msExchShadowPager msExchShadowPhysicalDeliveryOfficeName msExchShadowPostalCode msExchShadowProxyAddresses msExchShadowSn msExchShadowSt msExchShadowStreetAddress msExchShadowTelephoneAssistant msExchShadowTelephoneNumber msExchShadowTitle msExchShadowWindowsLiveID msExchShadowWWWHomePage msExchSharingAnonymousIdentities msExchSharingPartnerIdentities msExchSharingPolicyLink msExchSignupAddresses msExchSMTPReceiveDefaultAcceptedDomainBL msExchSupervisionDLBL msExchSupervisionDLLink msExchSupervisionOneOffBL msExchSupervisionOneOffLink msExchSupervisionUserBL msExchSupervisionUserLink msExchSyncAccountsPolicyDN msExchTextMessagingState msExchThrottlingPolicyDN msExchTransportInboundSettings msExchTransportOutboundSettings msExchTransportRecipientSettingsFlags msExchTUIPassword msExchTUISpeed msExchTUIVolume msExchUCVoiceMailSettings msExchUMAddresses msExchUMAudioCodec msExchUMAudioCodec2 msExchUMCallingLineIDs msExchUMDtmfMap msExchUMEnabledFlags msExchUMEnabledFlags2 msExchUMFaxId msExchUMListInDirectorySearch msExchUMMailboxOVALanguage msExchUMMaxGreetingDuration msExchUMOperatorNumber msExchUMPhoneProvider msExchUMPinChecksum msExchUMRecipientDialPlanLink msExchUMServerWritableFlags msExchUMSpokenName msExchUMTemplateLink msExchUnmergedAttsPt msExchUsageLocation msExchUseOAB msExchUserAccountControl msExchUserBL msExchUserCulture msExchVersion msExchVoiceMailboxID msExchWhenMailboxCreated msExchWindowsLiveID msIIS-FTPDir msIIS-FTPRoot mSMQDigests mSMQDigestsMig mSMQSignCertificates mSMQSignCertificatesMig msNPAllowDialin msNPCallingStationID msNPSavedCallingStationID msOrg-LeadersBL msPKIAccountCredentials msPKI-CredentialRoamingTokens msPKIDPAPIMasterKeys msPKIRoamingTimeStamp msRADIUSCallbackNumber msRADIUS-FramedInterfaceId msRADIUSFramedIPAddress msRADIUS-FramedIpv6Prefix msRADIUS-FramedIpv6Route msRADIUSFramedRoute msRADIUS-SavedFramedInterfaceId msRADIUS-SavedFramedIpv6Prefix msRADIUS-SavedFramedIpv6Route msRADIUSServiceType msRASSavedCallbackNumber msRASSavedFramedIPAddress msRASSavedFramedRoute msSFU30Name msSFU30NisDomain msSFU30PosixMemberOf msTSAllowLogon msTSBrokenConnectionAction msTSConnectClientDrives msTSConnectPrinterDrives msTSDefaultToMainPrinter msTSExpireDate msTSExpireDate2 msTSExpireDate3 msTSExpireDate4 msTSHomeDirectory msTSHomeDrive msTSInitialProgram msTSLicenseVersion msTSLicenseVersion2 msTSLicenseVersion3 msTSLicenseVersion4 msTSLSProperty01 msTSLSProperty02 msTSManagingLS msTSManagingLS2 msTSManagingLS3 msTSManagingLS4 msTSMaxConnectionTime msTSMaxDisconnectionTime msTSMaxIdleTime msTSPrimaryDesktop msTSProfilePath msTSProperty01 msTSProperty02 msTSReconnectionAction msTSRemoteControl msTSSecondaryDesktops msTSWorkDirectory name netbootSCPBL networkAddress nonSecurityMemberBL ntPwdHistory nTSecurityDescriptor o objectCategory objectClass objectGUID objectSid objectVersion operatorCount otherFacsimileTelephoneNumber otherHomePhone otherIpPhone otherLoginWorkstations otherMailbox otherMobile otherPager otherTelephone otherWellKnownObjects ou ownerBL pager partialAttributeDeletionList partialAttributeSet personalPager personalTitle photo physicalDeliveryOfficeName pOPCharacterSet pOPContentFormat possibleInferiors postalAddress postalCode postOfficeBox preferredDeliveryMethod preferredLanguage preferredOU primaryGroupID primaryInternationalISDNNumber primaryTelexNumber profilePath protocolSettings proxiedObjectName proxyAddresses publicDelegates publicDelegatesBL pwdLastSet queryPolicyBL registeredAddress replicatedObjectVersion replicationSensitivity replicationSignature replPropertyMetaData replUpToDateVector repsFrom repsTo revision rid roomNumber sAMAccountName sAMAccountType scriptPath sDRightsEffective secretary securityIdentifier securityProtocol seeAlso serialNumber serverReferenceBL servicePrincipalName shadowExpire shadowFlag shadowInactive shadowLastChange shadowMax shadowMin shadowWarning showInAddressBook showInAdvancedViewOnly sIDHistory siteObjectBL sn st street streetAddress structuralObjectClass submissionContLength subRefs subSchemaSubEntry supplementalCredentials supportedAlgorithms systemFlags targetAddress telephoneAssistant telephoneNumber teletexTerminalIdentifier telexNumber terminalServer textEncodedORAddress thumbnailLogo thumbnailPhoto title tokenGroups tokenGroupsGlobalAndUniversal tokenGroupsNoGCAcceptable uid uidNumber unauthOrig unauthOrigBL unicodePwd unixHomeDirectory unixUserPassword unmergedAtts url userAccountControl userCert userCertificate userParameters userPassword userPKCS12 userPrincipalName userSharedFolder userSharedFolderOther userSMIMECertificate userWorkstations uSNChanged uSNCreated uSNDSALastObjRemoved USNIntersite uSNLastObjRem uSNSource versionNumber wbemPath wellKnownObjects whenChanged whenCreated wWWHomePage x121Address x500uniqueIdentifier
Summary
As illustrated it’s not a super simple task to list all attributes of a schema class definition.
You need to take parent classes and supplemental classes into account.
Plus you need to look at four different class attributes for each class definition associated with the class.
But then, and only then, you will see everything clearly! 😉