Author Posts

April 24, 2017 at 5:12 am

Hi,
Someone asked me to set a value for uidnumber on an AD user account. I ran set-aduser and it didnt fail.
When I try to list all properties of the account, it does not return uidnumber. Neither does adsiedit.
I listed all the attributes of the user class (and all parent classes) and uidnumber does not appear.
I discovered that uidnumber is a member of class posixaccount.
I cannot find the link between this schema class and the user schema class.
I've alooked at the systemauxiliaryclasses of the user class (and all its parents) and posixaccount does not appear.
Does nayone know where the link is and how to retrieve the value for a posixaccount attribute?
Thanks
David

April 24, 2017 at 1:40 pm

Well, the thing is, there's no direct link. Technically, a posixAccount can exist without a corresponding user. The best linkage, I'd think, would be NT-Security-Descriptor, which is mandatory.

April 24, 2017 at 10:56 pm

I can do 'set-aduser xxx -replace @{uidnumber=219}' and it works. I'm intrigued on how the system determines that this attribute is valid for a user account. I guess we'll never know 🙂
Thanks
David