Constructed (or computed) Attributes are an important part of the way Active Directory is functioning. Basically, these are not real attributes, in the sense that they do not really exist, but are calculated by AD when being queried. They contain very useful info (for example well known primaryGroupToken and modifyTimeStamp) but they obviously have a few limitations such as not being “settable” or not available for filtering, so knowing which are which is quite useful!
Here’s how you get a list of all computed attributes in your AD:
Get-QADObject -SearchRoot “CN=Schema,CN=Configuration,dc=MyDomain,dc=COM“ -Type attributeSchema -IncludedProperties systemFlags -SizeLimit 0 | where {$_.SystemFlags -band 4}
Basically, this one-liner retrieves all (-SizeLimit 0) attributes (-type attributeSchema) from the Schema partition (-SearchRoot "CN=Schema,CN=Configuration,dc=MyDomain,dc=COM"), together with their system flags (-IncludedProperties systemFlags), and leaves just the ones with FLAG_ATTR_IS_CONSTRUCTED (where {$_.SystemFlags -band 4}).
Thanks to Andrey Moiseev who shared this with me recently!
[UPDATE] Check out Aleksandar’s post on making this oneliner run 40 times faster. 😉
Tags: AD, AD cmdlets, Active Directory, Examples, PowerShell, cmdlets, one-liner, oneliner
Subscribe by email
Dmitry's Blog: Cloud, PowerShell and beyond 
1 Response to “List all Constructed Attributes”