I’ve been working with the Windows Server 2008 R2 Active Directory cmdlets quite a bit recently. If you’ve come from a background of using ADFIND, the cmdlets take a bit of getting used, but for me it’s definitely been worth the time spent. One thing that frustrates me a little is that the names used by the cmdlets for AD attributes tend to vary greatly. Not only is there inconsistency between cmdlets that stem from different modules and snap-ins, but also between the cmdlets and the traditional UI tools. The table below shows some examples:
|
AD Users and Computers |
ldapDisplayName |
AD cmdlet property name |
Exchange 2010 cmdlet property name |
|
Telephone Number |
telephoneNumber |
OfficePhone |
Phone |
|
|
|
EmailAddress |
WindowsEmailAddress |
|
P.O. Box |
postofficeBox |
POBox |
PostOfficeBox |
I guess the Microsoft Product Groups try to protect the long-suffering customer from the obscurity of some of the attribute LDAP display names by giving them friendly names. This approach would work well if there were universal consistency, but it not it just becomes confusing. My preference is always to use the ldapDisplayName values whenever possible – and certainly always with the AD cmdlets, e.g.
Get-ADUser –LDAPFilter “(samaccountname=bobm)”
If in doubt however, refer to the object model:
get-help about_ActiveDirectory_ObjectModel
Tony