ad.ds_objects

Column Name	SQL Server	PostgreSQL	Notes
id	bigint	bigint	Primary key
db_domain_sid	varbinary(68)	bytea	SID of the domain itself
db_last_update	datetime2(3)	timestamp	Last update time for this entry in the database
object_guid	binary(16)	bytea	Object's GUID
object_category	nvarchar(256)	varchar(256)	Using LDAP display name, not FDN.
object_class	nvarchar(256)	varchar(256)	Only includes structural class value from this multi-value attribute.
object_sid	varbinary(68)	bytea	Object's Security Identifier
dn	nvarchar(max)	text	Distinguished name
upn	nvarchar(1024)	varchar(1024)	User principal name
sam_account_name	nvarchar(256)	varchar(256)	SAM account name
sam_account_type	integer	integer	See https://docs.microsoft.com/en-us/windows/win32/adschema/a-samaccounttype for details. Enum values: 0x00000000 - Domain 0x10000000 - Group 0x10000001 - Non-security Group object 0x20000000 - Alias object 0x20000001 - Non-security Alias object 0x30000000 - Normal User account 0x30000001 - Machine (computer) account 0x30000002 - Trust account 0x40000000 - APP_BASIC Group 0x40000001 - APP_QUERY Group
sam_principal_name	nvarchar(256)	varchar(256)	NetBIOS\SamAccountName. From msDS-PrincipalName. Note that the NetBIOS name here may be different from the associated domain NetBIOS name where this account was scanned. This is especially true for domain Builtin\* accounts and foreign security principals.
display_name	nvarchar(256)	varchar(256)
uac_flags	integer	integer	Combines both userAccessControl and msDs-User-Account-Control-Computed attribute values into a single flag. See the following for details: https://docs.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol https://docs.microsoft.com/en-us/windows/win32/adschema/a-msds-user-account-control-computed Flags values: 0x00000001 - Logon script is executed 0x00000002 - User Account disabled 0x00000008 - Home directory required 0x00000010 - Account currently locked out 0x00000020 - No password required 0x00000040 - User cannot change password 0x00000080 - User can send encrypted password 0x00000100 - Temporary duplicate account 0x00000200 - Normal account - typical user 0x00000800 - Inter-domain trust account 0x00001000 - Computer (Workstation / Member Server) account 0x00002000 - Domain controller computer account 0x00010000 - Password does not expire 0x00020000 - Majority Node Set (MNS) logon account 0x00040000 - Smart card required for logon 0x00080000 - Service account trusted for Kerberos delegation 0x00100000 - Account not allowed trust for delegation 0x00200000 - Account can only use DES keys 0x00400000 - Account does not require Kerberos pre-authentication for logon 0x00800000 - User password has expired 0x01000000 - Account enabled for delegation 0x04000000 - Partial secrets account 0x08000000 - Account can only use Use AES keys
account_expires	datetime2(0)	timestamp
create_timestamp	datetime2(0)	timestamp
description	nvarchar(1024)	varchar(1024)	Only uses first value of this multi-value attribute
mail	nvarchar(256)	varchar(256)
given_name	nvarchar(64)	varchar(64)
surname	nvarchar(64)	varchar(64)
last_logon_timestamp	datetime2(0)	timestamp	NOTE: This attribute only has 14-day granularity. See: https://docs.microsoft.com/en-us/windows/win32/adschema/a-lastlogontimestamp
department	nvarchar(64)	varchar(64)
title	nvarchar(128)	varchar(128)
primary_group_sid	varbinary(68)	bytea	SID of referenced object
managed_by_guid	binary(16)	bytea	GUID of referenced DS object
manager_guid	binary(16)	bytea	GUID of referenced DS object
group_type	integer	integer	See https://docs.microsoft.com/en-us/windows/win32/adschema/a-grouptype for details. Flags: 0x01 - System created group 0x02 - Global group 0x04 - Domain Local group 0x08 - Universal group 0x10 - APP_BASIC group for Windows Server Authorization Manager 0x20 - APP_QUERY group for Windows Server Authorization Manager 0x80000000 - Security Group. If not set, then a Distribution Group
dns_host_name	nvarchar(2048)	varchar(2048)	Applies to Computer objects