Research LDAP* Properties for the User Object
This page explains the common LDAP attributes which are used in VBS scripts and PowerShell. Programs like VBScript (WSH), CSVDE and LDIFDE rely on these LDAP attributes to create or modify objects in Active Directory. For example, when you bulk import users you will include the LDAP attributes: dn and sAMAccountName.
* LDAP is the Lightweight Directory Access Protocol.
Topics for LDAP Attributes
Hall of Fame LDAP Attribute - DN Distinguished Name
As the word 'distinguished' suggests, this is THE LDAP attribute that uniquely defines an object. Each DN must have a different name and location from all other objects in Active Directory. The other side of the coin is that DN provides a way of selecting any object in Active Directory. Once you have selected the object, then you can change its attributes.
Time spent in getting to know the DN attribute will repay many fold. Observe the different components CN=common name, OU = organizational
unit. DC often comes with two entries, DC=CP, DC=COM. Note that DC=CP.COM would be wrong. Incidentally in this situation, DC means domain content rather than domain controller.
Another point with the syntax is to check the speech marks; when used with VBScript commands, DN is often enclosed in "speech marks". Even the speech marks have to be of the right type, "double quotes are correct", 'single quotes may be ignored', with unpredictable results. Finally, pay particular attention to commas in distinguished names.
LDAP Attributes from Active Directory Users and Computers
The diagram below is taken from Active Directory Users and Computers. It shows the commonest LDAP attributes for vbs scripts.
When you write your scripts, check how the LDAP attributes map to the Active Directory boxes.
One of my favourite techniques is to add values in the active directory property boxes, then export using CSVDE. Next, open the .csv file in Excel, search for the value, and read the LDAP field name from row 1.