How to add AD attribute?

Adding Custom Attributes in Active Directory

Pre-requisites

Enable Schema Updates by Means of the Registry:

 

1.	Click Start, click Run, and then in the Open box, type: regedit Then press ENTER.
2.	Locate and click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
3.	On the Edit menu, click New, and then click DWORD Value.
4.	Enter the value data when the following registry value is displayed: Value Name: Schema Update Allowed Data Type: REG_DWORD Base: Binary Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.
5.	Quit Registry Editor.

Follow these steps to configure attributes

1. Install the Schema snap-in (Start, Run, regsvr32 schmmgmt.dll).
2. Go to Start -> Run -> Type MMC and press Enter
3. Go to File -> Add/Remove Snap-in -> click Add -> Select Active Directory Schema and click Add
4. Expand the Active Directory schema and Right Click Attributes
5. Click “Create Attribute”
6. Create New Attribute window will appear
7. In Common name enter “ROLLNUMBER”
8. Enter LDAP name also as “ROLLNUMBER”
9. Get OID please refer http://msdn2.microsoft.com/en-us/library/ms677620.aspx
10. For our demo we have used DUMMY Values like 1.2.3.4.5
11. Select the appropriate syntax, which in our case may be INTEGER. Assuming that in ROLLNUMBER we have all INTEGER Values.
12. Mention Minimum and Maximum values if required. These are optional you can leave them blank.
13. Once created your attribute will look as below

14. Once Attribute is created, select Classes
15. Expand CLASSES and Select PERSON

16. Rick click PERSON and select Properties
17. Click Attribute Tab and click Add
18. Select the Attribute you created and click OK.

19. Click OK to close all property windows
20. Goto Start ->Run -> Type ADSIEDIT.MSC. For running this command you may need to install the support tools from the Windows installation CD.
21. Open the Active Directory Service Interfaces (ADSI) Edit utility, then navigate to Configuration Container, CN=Configuration,
22. Click CN=DisplaySpecifiers
23. Click CN=409.

24. In the right-pane, locate and right-click CN=user-display, and select Properties.

25. Select AdminContextMenu and click EDIT
26. In the Edit Attribute box, type the following:

     27. Enter the following in the Empty box and Click Add

     3,&ROLL NUMBER, c:\EnterAttrib.vbs

Note:

3 is the serial number

&ROLL NUMBER is the Attribute which will appear in User and Computers context Menu

C:\EnterAttrib.vbs is the script which will add the value to attribute

Please do not change the Syntax

28. Click OK to close all window popups
29. Select Configuration in ADSIEDIT panel and Right Click
30. Click “UPDATE SCHEMA NOW”

31. These steps configure the options ROLL NUMBER on the context menu for a user in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in.
32. You must write and place the following scripts on your C drive or somewhere else in your file path:

Dim oVar

Dim oUsr

Dim tmp

Set oVar = Wscript.Arguments

Set oUsr = GetObject(oVar(0))

tmp = InputBox("The Roll Number of the user is: " & oUsr.ROLLNUMBER &  vbCRLF & vbCRLF & “Enter the new Roll Number Below“)

if tmp <> "" then oUsr.Put "ROLLNUMBER",tmp

oUsr.SetInfo

Set oUsr = Nothing

WScript.Quit

How To Add Custom Attributes to the Directory Service Find List

 

1.	Use ADSIEdit to select the Configuration namespace.
2.	Expand the displaySpecifier container.
3.	Expand the appropriate displaySpecifier container. For example, "409" is English.
4.	View the Properties for the user-Display object.
5.	Modify the attributeDisplayNames attribute by adding a value in the format: Your_new_Attribute,friendly_name For example, "Roll Number" looks like this: ROLLNUMBER,Roll Number

 

 

 

安裝 Active Directory 架構 MMC 管理單元

1. 打開命令提示符，單擊“Start”，單擊“Run...”，輸入“cmd”，然後單擊“OK”。

2. 在命令提示符處，鍵入：“regsvr32 schmmgmt.dll”

該命令將在計算機上註冊“schmmgmt.dll”。

3. 單擊“Start，單擊“Run...”，鍵入“mmc /a”，然後單擊“OK”。

4. 在“File”菜單上，單擊“Add or Remove Snap-ins”

5. 在“Snap-ins”下，雙擊“Active Directory Schema”，然後單擊“Add”, “OK”。

增加擴展屬性

1. 右鍵點擊“Attributes”，選擇“New”—“Attribute”。

2.填寫”Common Name”，”Object ID”，”描述”,語法選擇”Unicode String”，最後點擊“OK”

3.在”類別”中找到“user”標籤，右鍵點擊，選擇“Properties”

4.在Attributes頁點擊“Add”。

5.選擇新增的屬性，點擊“OK”後，再點擊屬性頁的“OK”。

6.擴展屬性增加完畢。

Setting up AD by scripting

How to run script

Note: This script must be run on AD server.

open a windows cmd, go to the folder where the script file is located, and execute command:

 ldifde -i -v -f <script file name> -j <log folder>

Example:

 ldifde -i -v -f initialization_AD.ldf -j c:

for more detailed info on ldifde cmd, please refer to Ldifde

Partial Script Description

Note: you need to modify the script to match your Active Directory environment before you run the script, such as DN, attribute name etc.

The following script is a sample to create an attribute. Basically, you need to modify DC, CN to match your Active Directory environment. You need to use owned attributeID. Please refer toSyntax the value you should set for attributeSyntax and oMSyntax. Also you can add more properties to attributes, and please refer toattributeSchema for the definition of each property.

dn: CN=npi,CN=Schema,CN=Configuration,DC=hsiplab,DC=local 
changetype: add 
objectClass: top 
objectClass: attributeSchema 
cn: npi 
attributeID: 2.1.1.1 
attributeSyntax: 2.5.5.12 
isSingleValued: TRUE 
oMSyntax: 64 
searchFlags: 0 
isMemberOfPartialAttributeSet: TRUE 
 
dn: 
changetype: modify 
replace: schemaupdatenow 
schemaupdatenow: 1 
-  

The following script is a sample to assign attributes to User class. Similarly, you need to modify DC. You need to add attributeID to mayContain to indicate what attribute you want to add to the User class.

dn: CN=User,CN=Schema,CN=Configuration,DC=hsiplab,DC=local 
changetype: Modify 
add: mayContain 
mayContain: 2.1.1.2 
- 
dn: 
changetype: modify 
add: schemaUpdateNow 
schemaUpdateNow: 1 
-  

The following script is a sample to create an OU, and create a group under the OU. You just need to change CN and DC to match your environment.

# ---------------------------------------------------------------------- # This section create OU and Groups, # ---------------------------------------------------------------------- # Create an OU, name is CIN dn: ou=CIN, DC=hsiplab,DC=local changetype: add                                                    

# Create a group under OU=CIN dn: cn=ClinicalAdmin,ou=CIN, DC=hsiplab,DC=local changetype: add objectclass: top objectclass: group cn: ClinicalAdmin sAMAccountName: ClinicalAdmin

You can refer to the Microsoft official website LDIFDE for some good samples.

Disadvantage of Using Script

The biggest disadvantage of script is it cannot be rolled back. The script file is sequentially executed based on the script order in the file. It will be broken once an error happens, such as a syntax error. It cannot be rolled back if there are tasks executed successfully before the error happens. Once this situation happens, it means you have to correct the error, and comment those scripts which are executed successfully earlier, and then run the script file again. One alternative solution is to separate tasks into different script files with one standalone task in each script file, and run the script files one by one. You only need to correct the file that contains an error.