Share via

Querying and Setting Computer Account Attributes Without LDAP

E-8437 1 Reputation point
2025-01-23T09:33:33.5833333+00:00

Hi,

I am looking for a way to query and set specific computer account attributes in Active Directory without using the LDAP protocol. Currently, I am using the DRSUAPI protocol to set the servicePrincipalName property. However, I couldn't find an alternative protocol (other than LDAP) to query the value of msDS-KeyVersionNumber or to set the value of msDS-SupportedEncryptionTypes.

Is there another protocol that can be used to query and set these specific attributes?

Thank you for your assistance.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,824 questions
Windows Open Specifications
Windows Open Specifications
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Open Specifications: Technical documents for protocols, computer languages, standards support, and data portability. The goal with Open Specifications is to help developers open new opportunities to interoperate with Windows, SQL, Office, and SharePoint.
45 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Obaid Farooqi MSFT 591 Reputation points Microsoft Employee
    2025-01-27T17:37:07.3466667+00:00

    Hi E-8437:

    Currently LDAP is the only way to set/query the attributes you mentioned.

    Legacy protocols like MS-SAMR are not being enhanced to account for new attributes in AD.

    Please let me know if this does not answer your question.

    Regards,

    Obaid Farooqi -MSFT

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.