So today I needed to test a script and as part of the test I needed to update a multi-value attribute on my own ID without admin rights. I wasn’t sure off the top of my head which attributes I could modify were multi-value so just told Active Directory to tell me…
for /f %i in (‘adfind -default -f "name=joe is freezing" allowedattributeseffective -list’) do @adfind -sc s:%i -af issinglevalued=FALSE -nodn attr:%i issinglevalued -csv –nocsvheader
That gave output like
"otherPager","FALSE"
"otherHomePhone","FALSE"
"otherTelephone","FALSE"
"otherFacsimileTelephoneNumber","FALSE"
"otherMobile","FALSE"
"otherIpPhone","FALSE"
"url","FALSE"
"userCertificate","FALSE"
"userSharedFolderOther","FALSE"
"preferredDeliveryMethod","FALSE"
"mSMQDigests","FALSE"
"registeredAddress","FALSE"
"internationalISDNNumber","FALSE"
"x121Address","FALSE"
"teletexTerminalIdentifier","FALSE"
"telexNumber","FALSE"
"postOfficeBox","FALSE"
"postalAddress","FALSE"
"msPKIDPAPIMasterKeys","FALSE"
"msPKIAccountCredentials","FALSE"
"msPKI-CredentialRoamingTokens","FALSE"
"userSMIMECertificate","FALSE"
In this case, the FALSE is a reference to the value of isSingleValued and of course a multivalued attribute would have a FALSE value for that property for the attribute in the schema.
joe
