HomeLiongardRequest a DemoKnowledge Base

What are Active Directory's Trim Levels?

Suggest Edits

Trim Level 1

Trim Level 1 removes the following values.

From the "User" objects in the Data Print, it removes the following keys:

  • AccountNotDelegated
  • AllowReversiblePasswordEncryption
  • Certificates
  • City
  • Company
  • Country
  • CreateTime
  • DefaultSystemUser
  • Department
  • Division
  • DoesNotRequirePreAuth
  • EmployeeID
  • EmployeeNumber
  • Fax
  • HomeDirectory
  • HomedirRequired
  • HomeDrive
  • HomePage
  • HomePhone
  • Initials
  • LastKnownParent
  • LogonWorkstations
  • Manager
  • MNSLogonAccount
  • Office
  • OfficePhone
  • OtherName
  • POBox
  • PostalCode
  • ProfilePath
  • ScriptPath
  • SIDHistory
  • SmartcardLogonRequired
  • State
  • StreetAddress
  • Title
  • TrustedForDelegation
  • TrustedToAuthForDelegation
  • UseDESKeyOnly
  • ModifyTime
  • ObjectClass

From the "Group" objects in the Data Print, it removes the following values:

  • Type
  • Members
  • HomePage
  • GroupScope
  • SIDHistory
  • ObjectClass
  • ImmediateMembersList

Trim Levels 2-4

Trim levels 2-4 are reserved for future use. They currently fall back to Trim Level 1.

Trim Level 5

Instead of removing keys, Trim Level 5 keeps certain keys and removes the others. These are the keys that Trim Level 5 will keep while removing everything else:

From the "User" objects in the Data Print, it keeps the following values:

  • UserName
  • GivenName
  • Surname
  • Email
  • Privileged
  • UserStatus
  • Description
  • UserActivity
  • AnomalousActivity
  • SecurityScore
  • LastLogonDate
  • LastBadPasswordAttempt
  • PasswordLastSet
  • AccountLockoutTime
  • MemberOfStr

From the "Group" objects in the Data Print, it keeps the following values:

  • Name
  • Privileged
  • MembersStr
  • MemberOfStr
  • Description
  • Tree
  • GroupScopeStr
  • isDeleted
  • ProtectedFromAccidentalDeletion
  • createTimeStamp
  • modifyTimeStamp

Updated 5 months ago