API Search and Response Columns
ADManager Plus APIs allow administrators to retrieve and filter Active Directory (AD) data with precision. Each API endpoint, such as users, groups, computers, contacts, and organizational units supports a set of columns that define what can be searched and what can be returned in the API response.
- Search columns: Attributes that can be used as filters in API queries to narrow down results.
- Response columns: Attributes that can be included in the API response payload.
Understanding these columns ensures you can build optimized API requests, return only the attributes needed, and improve performance when integrating ADManager Plus with other applications or scripts.
Below is the complete list of supported search and response columns, mapped with their LDAP attributes and a description of each.
Note
- Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
- With search object APIs , such as Search User, Search Group, Search Computer, Search Contact, and Search OU , the attributes that are returned in the response or that are available for filtering depend on what is enabled under Response Columns and Search Columns. To configure these, go to Admin > System Settings > Integrations > Rest API and click the gear icon next to the respective API.
Pop-up for configuring response and search columns in the REST API settings.
Users API
This API supports a wide range of user attributes that can be searched or retrieved as part of the response. These columns help administrators filter users effectively and return only the required details during queries.
Note:
Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
| Attribute LDAP name | Column name | Search | Response | Description |
|---|---|---|---|---|
| userAccountControl | ACCOUNT_STATUS | No | Yes | Indicates the current account status (enabled, disabled, locked) |
| accountExpires | ACCOUNT_EXPIRY_DATE | No | Yes | The date when the user account is set to expire |
| company | COMPANY | Yes | Yes | The company name associated with the user account |
| co | COUNTRY | Yes | Yes | Country or region assigned to the user account |
| department | DEPARTMENT | Yes | Yes | Department to which the user account belongs |
| displayName | DISPLAY_NAME | Yes | Yes | Full display name of the user account |
| employeeID | EMPLOYEE_ID | Yes | Yes | Unique employee ID for the user account |
| facsimileTelephoneNumber | FAX | Yes | Yes | User account's fax number |
| givenName | FIRST_NAME | Yes | Yes | User account’s first name |
| homeDirectory | HOME_DIRECTORY | No | Yes | Path to the user account’s home directory |
| homePhone | HOME_PHONE | Yes | Yes | User account’s home phone number |
| info | NOTES | Yes | Yes | Additional notes about the user account |
| initials | INITIAL | Yes | Yes | User account’s initials |
| ipPhone | IP_PHONE | Yes | Yes | IP phone number for the user account |
| l | CITY | Yes | Yes | City associated with the user account |
| EMAIL_ADDRESS | Yes | Yes | User account’s email address | |
| mobile | MOBILE | Yes | Yes | Mobile number of the user account |
| name | FULL_NAME | Yes | Yes | Full name of the user account |
| pager | PAGER | Yes | Yes | Pager number assigned to the user account |
| postalCode | ZIP_POSTAL_CODE | Yes | Yes | Zip or postal code of the user account’s location |
| profilePath | PROFILE_PATH | Yes | Yes | Path to the user account’s profile |
| sAMAccountName | SAM_ACCOUNT_NAME | Yes | Yes | Pre-Windows 2000 logon name of the user account |
| scriptPath | SCRIPT_PATH | Yes | Yes | Path to the logon script for the user account |
| sn | LAST_NAME | Yes | Yes | User account’s last name (surname) |
| streetAddress | STREET_ADDRESS | Yes | Yes | Street address of the user account |
| st | STATE_PROVINCE | Yes | Yes | State or province of the user account’s location |
| telephoneNumber | TELEPHONE_NUMBER | Yes | Yes | Primary telephone number of the user account |
| title | TITLE | Yes | Yes | Job title or designation of the user account |
| userPrincipalName | LOGON_NAME | Yes | Yes | User account's logon name (UPN format) |
| wWWHomePage | WEB_PAGE | Yes | Yes | User account’s personal or work web page |
| description | DESCRIPTION | Yes | Yes | Description or notes field for the user account |
| physicalDeliveryOfficeName | OFFICE | Yes | Yes | User account’s office location |
| cn | COMMON_NAME | Yes | Yes | Common name (CN) of the user account |
| canonicalName | CANONICAL_NAME | Yes | Yes | Canonical name path of the user account |
| employeeNumber | EMPLOYEE_NUMBER | Yes | Yes | Employee number of the user account (different from employee ID) |
| domainName | DOMAIN_NAME | No | Yes | Domain in which the user account resides |
| memberOf | MEMBER_OF | No | Yes | Groups of which the user account is a member |
| primaryGroupID | PRIMARY_GROUP_ID | No | Yes | Primary group ID assigned to the user account |
| objectSID | SID_STRING | No | Yes | Security identifier (SID) of the user account |
| objectGUID | OBJECT_GUID | No | Yes | Globally unique identifier (GUID) of the user account |
| distinguishedName | DISTINGUISHED_NAME | No | Yes | Distinguished name (DN) of the user account in AD |
| whenChanged | WHEN_CHANGED | No | Yes | Last modified date and time of the user account |
| whenCreated | WHEN_CREATED | No | Yes | Creation date and time of the user account |
| msDS-PSOApplied | PSO_APPLIED | No | Yes | Password settings object (PSO) applied to the user account |
| msDS-ResultantPSO | PSO_RESULTANT | No | Yes | Effective PSO applied to the user account |
| pwdLastSet | PASSWORD_STATUS | No | Yes | Indicates password status (set or expired) |
| pwdLastSet | PASSWORD_LAST_SET | No | Yes | Timestamp of when the password was last set |
| pwdLastSet | PASSWORD_EXPIRY_DATE | No | Yes | Date on which the password will expire |
| lastLogon | LAST_LOGON_TIME | No | Yes | Timestamp of the last logon |
| lastLogon | DAYS_SINCE_LAST_LOGON | No | Yes | Number of days since last logon |
| pwdLastSet | DAYS_TO_EXPIRE_PASSWORD | No | Yes | Number of days left before the password expires |
| badPasswordTime | BAD_PASSWORD_TIME | No | Yes | Last time an incorrect password was attempted |
| badPwdCount | BAD_PASSWORD_COUNT | No | Yes | Number of failed logon attempts |
| logonCount | LOGON_COUNT | No | Yes | Number of successful logons |
| userWorkstations | LOGON_TO | No | Yes | Workstations from which the user account can log on |
| lockoutTime | LOCK_OUT_TIME | No | Yes | Time when the user account was locked out |
| pwdLastSet | DAYS_SINCE_PASSWORD_SET | No | Yes | Number of days since the password was last set |
| userAccountControl | PWD_NEV_EXP_FLAG | No | Yes | Indicates if the password is set to never expire |
| lastLogonTimestamp | LAST_LOGON_TIMESTAMP | No | Yes | Replicated last logon timestamp |
| userAccountControl | SMART_CARD_FOR_INTERACTIVE_LOGIN | No | Yes | Indicates if a smart card is required for login |
| userAccountControl | USER_ACCOUNT_CONTROL | No | Yes | User account control attributes |
| userAccountControl | USER_ACCOUNT_CONTROL_FLAG | No | Yes | Detailed user account control flags |
| logonHours | LOGON_HOURS | No | Yes | Logon hours permitted for the user account |
| manager | MANAGER | No | Yes | User account’s manager in the directory |
| OUName | OU_NAME | Yes | Yes | OU of the user account |
| postOfficeBox | P_O_BOX | Yes | Yes | Post office box of the user account |
Groups API
This API supports a range of group attributes that can be used to filter results or return specific details about AD groups. These columns help administrators identify group properties, memberships, scope, and management information during queries.
Note:
Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
| Attribute LDAP name | Column name | Search | Response | Description |
|---|---|---|---|---|
| description | DESCRIPTION | Yes | Yes | Text description of the group’s purpose or role |
| EMAIL_ADDRESS | Yes | Yes | Primary email address of the group | |
| managedBy | MANAGER | No | Yes | User or group configured as the manager or owner of the group |
| name | FULL_NAME | No | Yes | Full name of the group object |
| groupType | GROUP_TYPE | No | Yes | Type of group (e.g., security or distribution) |
| info | NOTES | Yes | Yes | Additional notes or information about the group |
| sAMAccountName | SAM_ACCOUNT_NAME | Yes | Yes | Pre-Windows 2000 logon name of the group |
| cn | GROUP_NAME | Yes | Yes | CN of the group |
| distinguishedName - OU Name | OU_NAME | Yes | Yes | OU in which the group resides |
| groupType | GROUP_SCOPE | No | Yes | Scope of the group (domain local, global, or universal) |
| distinguishedName - Domain Name | DOMAIN_NAME | No | Yes | Domain to which the group belongs |
| objectClass | OBJECT_CLASS | No | Yes | Object class of the group (e.g., group) |
| distinguishedName | DISTINGUISHED_NAME | No | Yes | DN of the group object |
| whenCreated | CREATED_ON | No | Yes | Date and time when the group was created |
| whenChanged | CHANGED_ON | No | Yes | Date and time when the group was last modified |
| objectGUID | OBJECT_GUID | No | Yes | GUID of the group |
| objectSID | SID_STRING | No | Yes | SID of the group |
| memberOf | MEMBER_OF | No | Yes | Other groups of which this group is a member |
Computers API
This API supports retrieving and filtering AD computer objects. These columns allow administrators to query computer accounts for system details, operating system versions, status flags, and ownership information, making it easier to manage machines within the domain.
Note:
Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
| Attribute LDAP Name | Column Name | Search | Response | Description |
|---|---|---|---|---|
| name | COMPUTER_NAME | Yes | Yes | The name of the computer account in AD |
| dNSHostName | DNS_NAME | Yes | Yes | The fully qualified DNS host name of the computer account |
| description | DESCRIPTION | Yes | Yes | Description of the computer account, often used for notes |
| operatingSystem | OPERATING_SYSTEM | Yes | Yes | The operating system running on the computer account |
| operatingSystemServicePack | SERVICE_PACK | Yes | Yes | Service pack level installed on the computer account |
| operatingSystemVersion | VERSION | Yes | Yes | Version of the operating system |
| location | LOCATION | Yes | Yes | Physical or logical location of the computer account |
| department | DEPARTMENT | Yes | Yes | Department associated with the computer account |
| sAMAccountName | SAM_ACCOUNT_NAME | Yes | Yes | Pre-Windows 2000 logon name of the computer account |
| managedBy | MANAGER | Yes | Yes | User or group designated as the manager of the computer account |
| OUName | OU_NAME | Yes | Yes | OU where the computer account resides |
| distinguishedName - Domain Name | DOMAIN_NAME | No | Yes | Domain in which the computer account exists |
| objectGUID | OBJECT_GUID | No | Yes | GUID of the computer account |
| objectSID | SID_STRING | No | Yes | SID of the computer account |
| userAccountControl - Status Flag | COMPUTER_STATUS | No | Yes | Indicates whether the computer account is enabled or disabled |
| userAccountControl - Role Flag | ROLE | No | Yes | Role of the computer account (e.g., workstation, server, domain controller) |
| lastLogon | LAST_LOGON_TIME | No | Yes | Timestamp of the computer account’s last successful logon |
| pwdLastSet | PASSWORD_LAST_SET | No | Yes | Last time the computer account’s password was set |
| primaryGroupID | PRIMARY_GROUP_ID | No | Yes | Primary group ID associated with the computer account |
| userAccountControl - Trusted for Delegation Flag | TRUSTED_FOR_DELEGATION | No | Yes | Indicates whether the computer account is trusted for delegation |
| distinguishedName | DISTINGUISHED_NAME | No | Yes | DN of the computer account |
| distinguishedName - DC Name | DOMAIN_CONTROLLER_NAME | No | Yes | Name of the domain controller (DC) if the object is a DC |
| lastKnownParent | PARENT | No | Yes | Last known parent container of the computer account |
| lastLogonTimestamp | LAST_LOGON_TIMESTAMP | No | Yes | Replicated last logon timestamp for the computer account |
| bitlockerstatus | BITLOCKER_STATUS | No | Yes | Indicates whether BitLocker is enabled and its status |
Contacts API
This API supports retrieving and filtering contact objects in AD. These attributes allow administrators to query contacts for identification, communication details, organizational information, and location attributes.
Note:
Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
| Attribute LDAP Name | Column Name | Search | Response | Description |
|---|---|---|---|---|
| givenName | FIRST_NAME | Yes | Yes | First name of the contact account |
| sn | LAST_NAME | Yes | Yes | Last name (surname) of the contact account |
| initials | INITIAL | Yes | Yes | Initials of the contact account |
| distinguishedName | DISTINGUISHED_NAME | Yes | Yes | DN of the contact account in AD |
| distinguishedName - OU DN | OU_DN_NAME | Yes | Yes | Distinguished name of the OU where the contact account resides |
| description | DESCRIPTION | Yes | Yes | Text description or notes about the contact account |
| cn | COMMON_NAME | Yes | Yes | CN of the contact account |
| displayName | DISPLAY_NAME | Yes | Yes | Full display name of the contact account |
| name | FULL_NAME | Yes | Yes | Full name of the contact account |
| objectClass | OBJECT_CLASS | No | Yes | Object class of the contact account (e.g., contact) |
| memberOf | MEMBER_OF | No | Yes | Groups of which the contact account is a member |
| whenChanged | WHEN_CHANGED | No | Yes | Last modified date and time of the contact account |
| whenCreated | WHEN_CREATED | No | Yes | Creation date and time of the contact account |
| EMAIL_ADDRESS | Yes | Yes | Primary email address of the contact account | |
| postOfficeBox | P_O_BOX | No | Yes | Post office box number of the contact account |
| l | CITY | Yes | Yes | City location of the contact account |
| st | STATE_PROVINCE | No | Yes | State or province of the contact account |
| postalCode | ZIP_POSTAL_CODE | No | Yes | Zip or postal code of the contact account's address |
| co | COUNTRY | No | Yes | Country name of the contact account |
| telephoneNumber | TELEPHONE_NUMBER | No | Yes | Primary telephone number of the contact account |
| homePhone | HOME_PHONE | No | Yes | Home phone number of the contact account |
| pager | PAGER | No | Yes | Pager number for the contact account |
| mobile | MOBILE | No | Yes | Mobile phone number of the contact account |
| facsimileTelephoneNumber | FAX | No | Yes | Fax number of the contact account |
| ipPhone | IP_PHONE | No | Yes | IP phone number of the contact account |
| wWWHomePage | WEB_PAGE | No | Yes | Web page URL associated with the contact account |
| title | TITLE | Yes | Yes | Job title or designation of the contact account |
| department | DEPARTMENT | Yes | Yes | Department of the contact account |
| company | COMPANY | No | Yes | Company attribute of the contact account |
| physicalDeliveryOfficeName | OFFICE | No | Yes | Office location of the contact account |
| manager | MANAGER | No | Yes | Manager associated with the contact account |
| info | NOTES | No | Yes | Additional notes or comments about the contact account |
| streetAddress | STREET_ADDRESS | No | Yes | Street address of the contact account |
| c | COUNRTY_TWO_DIGIT_CODE | No | Yes | Two-letter country code of the contact account |
| countryCode | COUNTRY_CODE | No | Yes | Numeric country code |
| distinguishedName - OU Name | OU_NAME | Yes | Yes | OU where the contact account resides |
| distinguishedName - Domain Name | DOMAIN_NAME | No | Yes | Domain in which the contact account exists |
| objectGUID | OBJECT_GUID | No | Yes | GUID of the contact account |
Organizational Units API
This API allows you to retrieve and filter details about Organizational Units (OUs) in AD. These attributes help administrators identify OU properties, their location in the domain, and metadata, such as creation or modification timestamps.
Note:
Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
| Attribute LDAP Name | Column Name | Search | Response | Description |
|---|---|---|---|---|
| name | NAME | Yes | Yes | Name of the OU |
| distinguishedName - Domain Name | DOMAIN_NAME | Yes | Yes | Domain in which the OU resides |
| managedBy | MANAGER | Yes | Yes | User or group configured as the manager of the OU |
| OUName | OU_NAME | Yes | Yes | Name of the OU within the directory hierarchy |
| l | CITY | Yes | Yes | City location associated with the OU |
| co | COUNTRY | Yes | Yes | Country name of the OU |
| objectGUID | OBJECT_GUID | No | Yes | GUID of the OU |
| distinguishedName | DISTINGUISHED_NAME | No | Yes | DN of the OU in AD |
| st | STATE_PROVINCE | No | Yes | State or province of the OU’s location |
| whenCreated | WHEN_CREATED | No | Yes | Date and time when the OU was created |
| whenChanged | WHEN_CHANGED | No | Yes | Date and time when the OU was last modified |
| description | DESCRIPTION | No | Yes | Description field for the OU, typically used for notes |
| street | STREET_ADDRESS | No | Yes | Street address of the OU’s location |
| postalCode | ZIP_POSTAL_CODE | No | Yes | Zip or postal code of the OU’s location |
| c | COUNRTY_TWO_DIGIT_CODE | No | Yes | Two-letter ISO country code |
| countryCode | COUNTRY_CODE | No | Yes | Numeric country code value |
| canonicalName - OU name | OU_NAME | No | Yes | Canonical name format of the OU |
| objectClass | OBJECT_CLASS | No | Yes | Object class of the OU (e.g., organizationalUnit ) |
Other APIs
Apart from core AD objects, ADManager Plus APIs also support additional endpoints that extend functionality for automation, customization, and advanced configurations. These include Orchestration Templates, Environment Variables, and Organization Attributes, each with their own searchable and response-ready fields.
Note:
Always use the Column Name (not the LDAP name) when specifying attributes in the filter, sort, and fields parameters of an API request.
| Orchestration | |||
| Column name | Search | Response | Description |
| TEMPLATE_ID | Yes | Yes | Unique identifier of the orchestration template |
| TEMPLATE_NAME | Yes | Yes | Name of the orchestration template |
| TEMPLATE_DESCRIPTION | Yes | Yes | Brief description of the orchestration template |
| STATUS | Yes | Yes | Current status of the orchestration template (e.g., enabled or disabled) |
| Environment Variables | |||
| Column name | Search | Response | Description |
| UNIQUE_ID | Yes | Yes | Unique identifier of the environment variable |
| VAR_NAME | Yes | Yes | Name of the environment variable |
| VAR_VALUE | No | Yes | Value assigned to the environment variable |
| DESCRIPTION | No | Yes | Text description of the environment variable |
| IS_SECURE | No | Yes | Indicates if the variable is marked as secure (hidden or protected) |
| Organization Attributes | |||
| Column name | Search | Response | Description |
| ORG_ATTRIB_ID | Yes | Yes | Unique identifier of the organization attribute |
| ORG_ATTRIB_NAME | Yes | Yes | Name of the organization attribute |
| ORG_ATTRIB_TYPE | No | Yes | Type of the organization attribute ( e.g., Department, Office, Title, Compan y) |