Changing the DN display format
Many Active Directory attributes, such as the 'Manager' attribute, use a distinguished name format, such as:
When displaying these directory attributes, Hyena displays them by default using the actual information in the directory, that is, the DN string.
Starting with Hyena v12.0, you can enable an advanced setting (Tools > Settings > Advanced) 'DnDisplayFormat' and set it to one of the following values:
1 - CN (name) only
2 - Canonical Name format
3 - CN (name) only with escape characters (' \ ') removed
Setting the 'DnDisplayFormat' to a '1' for example, will display just 'JaneDoe' for the 'Manager' in the above example.
Modifying AD Queries Video
For users unfamiliar with how to customize Hyena's Active Directory queries, see this new video:
This is a must-have skill for anyone using Hyena extensively to manage Active Directory.
Using Special Symbols in AD Queries
Any Active Directory view can be customized in Hyena by modifying the directory attributes that are displayed, including the order and default sort sequence. Besides choosing any directory attribute from pre-selected categories, you can also choose from several pre-defined symbols or manually enter a directory attribute.
Note: If you are unfamiliar with modifying Hyena AD queries, watch the video in the previous tip above.
To select a special calculated symbol, select 'Special AD Symbols' from the 'Attribute Category' list. These symbols are calculated at run-time by Hyena. For example, to display the AD container name for a directory object, add the %SYM_AD_CONTAINER_NODOMAIN% symbol to a directory query.
For more information on any symbol, along with performance considerations, see the help file section under Active Directory > Querying Active Directory > Changing Query Attributes.
Manual (Other) Attributes
To specify an attribute that you don't see in the normal listing (or can't find it), select 'Other (Specify Attribute)' from the 'Attribute Category' list. This will display a dialog where one or more attribute names can be manually entered. The names must be entered exactly, as Active Directory will not generate any errors when asked for fields which don't exist, just empty information will be returned. Some examples:
userCertificate - a multi-valued attribute that contains the DER-encoded X509v3 certificates issued to the user. Be aware that this attribute contains the public key certificates issued to this user by Microsoft Certificate Service.
msDs-UserPasswordExpiryTimeComputed - its a long name, but this special directory attribute will show the date/time that the user's password will expire, taking into account all policies and even fine-grained password settings.