Getting all the attributes from AD

[reach4bawer]

I am trying to get all attributes related to users so when I use attrlist=['*'] in the paged search I get about 125 attributes. When I tried the Get-ADUser in Powershell to to enumerate all the attributes there are about 205. I am trying to get the remaining attributes as well is there a way to do that? The missing attributes include -

AccountNotDelegated, AllowReversiblePasswordEncryption, BadLogonCount, CannotChangePassword, DoesNotRequirePreAuth etc.

example code -

with client.connect() as conn:
    result = conn.paged_search(base=base, scope=2, filter_exp=query, attrlist=['*'], 
                               page_size=1000, attrsonly=False)

Powershell code -

Get-ADUser -Server $Server -Filter $Filter -ResultPageSize 1000 -Properties *

[noirello]

If you explicitly add these attributes to the attrlist can you collect them?

[reach4bawer]

I tried doing that but the attributes didn't return.

with client.connect() as conn:
    result = conn.paged_search(base=base, scope=2, filter_exp=query, attrlist=['AccountNotDelegated', 'AllowReversiblePasswordEncryption'], page_size=1000, attrsonly=False)

The result only has 'dn'

[noirello]

Can it be access rights problem? Is there a UserAccountControl attribute for the entity?

[reach4bawer]

Looked through the docs but I cannot find all the attributes. Some might be there but if multiple flags are True this wasn't very reliable. The following are the UserControl Attributes that I tried to match with -

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties https://jackstromberg.com/2013/01/useraccountcontrol-attributeflag-values/

[reach4bawer]

I double checked if it's access related then I wouldn't be able to query the same using Powershell.

[noirello]

In 1.3.0 added a UserAccountControl class to easily parse the attribute.