Powershell – List _all_ AD user properties with powershell

We have a former Win2k AD domain, which is migrated to W2k3 servers, and has a slew of schema extensions (Exchange, msSFU, and self-defined) from the past and various parts of the forest.

Searching users works just fine, I get the complete list of users. However, if I query the user objects, I get only an incomplete list of properties:

$user.properties.propertynames

delivers

objectClass
cn
distinguishedName
instanceType
whenCreated
whenChanged
uSNCreated
uSNChanged
name
objectGUID
userAccountControl
badPwdCount
codePage
countryCode
badPasswordTime
lastLogoff
lastLogon
pwdLastSet
primaryGroupID
objectSid
accountExpires
logonCount
sAMAccountName
sAMAccountType
objectCategory
isCriticalSystemObject
nTSecurityDescriptor

This response lacks quite a few properties that AD Explorer shows.

How can I list all the properties and values that really exist?
Any other hint for a tool to achieve that besides Powershell?

Background: We need to check the consistency of the user objects. It seems like if the object was created back then with W2k the user has a more complete set of properties than when they are set up on a W2k3 ADUC.
Some problems seem to arise from that, but I am not yet sure, and would like to sanity check the user properties.

I know how to use $objSearcher.PropertiesToLoad.Add (). But that is of no help since I also want to find if there are any unknown properties lurking in some user objects.

Some old user objects have up to 150 properties. But not all old users have the same set. I want to get a list of who has what.

How can I get the total list of available properties, that are used on any objects?