AD Attributes

Active Directory Attributes » Active Directory password attribute: ms-PKI-AccountCredentials

Active Directory password attribute: ms-PKI-AccountCredentials

This attribute stores the encrypted user credential token BLOBS for roaming users.

CN ms-PKI-AccountCredentials
Ldap-Display-Name msPKIAccountCredentials
Attribute-Id 1.2.840.113556.1.4.1894
System-Id-Guid b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7

For more details about this attribute, refer to this Microsoft document.

Do you have roaming users in your organization? If you receive a lot of password-related help desk calls from remote users, try ADSelfService Plus for free and enable self-service password reset for them. Some of the highlights of ADSelfService Plus include:

  1. Self-service password reset for remote users: Allows remote users to reset their passwords on their own right from the login screen of their Windows, Linux, and Mac clients, and automatically updates the cached credentials as well.
  2. Multi-factor authentication (MFA) for remote desktop logons: Adds an extra layer of security by enabling MFA through YubiKey, biometric, Google Authenticator, etc., for local and remote desktop logons.

Simplify password management with ADSelfService Plus.

  • Please enter a business email id
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.