compdigit44
asked on
Add New Field on Active Directory Users Account
I'm currently running a Windows 2003 domain that has two DC and 110 Windows XP workstations. I would like to add another field to the network users account page. For Example when you right click a active directory user account and go to properties on the general tab page I would like to create a fied that states some thing like: Application User ID (then has a blank text field) Basically something similar to the Description attribute on the general page.
1) Is this possible?
2) If I can do this, how hard is it to do?
3) How can I do this?
1) Is this possible?
2) If I can do this, how hard is it to do?
3) How can I do this?
Lofty Worm
I know it can be done, using the schema. It is notsomething I have done though, and would have to research it. Bu the simple answer is "yes" it can be done.
ASKER
This is good news but I have never done it eithre...Looking for step-by-step instructions....
You can add an attribute to the Schema, but I would debate the need. I advise you use one of the existing fields, there are many. If you installed Exchange there are 15 fields, extensionAttribute1 - 15 that can be used for whatever you please.
As those are visible in AD Users and Computers with Exchange 2003, or in the Exchange System Console with Exchange 2007 it puts you a huge leap ahead of adding your own options.
You can view all the attributes available to you by opening ADSIEdit.msc (Start, Run), then opening the properties for a user. Many of the attributes listed are not exposed in the GUI.
Which leads us onto adding fields to AD Users and Computers.
There are a number of ways to achieve this. The easiest is to add an option to the context menu (right click on a user) and have that fire a script off and pop up a box. It's basic, but not all that hard to do.
Actually adding fields into the existing property sheets on the other hand is difficult. You need to have a programming background to even begin thinking about that one (in my opinion). We certainly wouldn't be able to provide step-by-step instructions for it, only point you at the appropriate starting point in MSDN.
Chris
ASKER
Chris-Dent - Thanks for your reply. I have opened adsiedit.msc and expanded the schema. Here are my new questions:
1) In the screen shot can I rename any of the CN fields to be called something else?
2) How can I force some of these attritubes currently listed to show up in AD users properties
ScreenShot-1.bmp
1) In the screen shot can I rename any of the CN fields to be called something else?
2) How can I force some of these attritubes currently listed to show up in AD users properties
ScreenShot-1.bmp
No :) Please do not modify any of the default fields in the Schema. In fact, please be exceptionally careful with the Schema, if you break anything there you must rebuild / restore every single DC in your Forest.
You would have to extend AD Users and Computers, which is back to requiring Programming experience. If you are interested in chasing that one up you would start here:
http://msdn.microsoft.com/en-us/library/aa814672(VS.85).aspx
Chris
ASKER
I could have sworn that AD user properties were like a rolodex and that you are given a default paramete but could also create custom fields as well??? This is what I was also told anyway??? There has to be an easier way to do this???? I'm not a programer...Any other ideas or some way I could use the existing field to fit my needs???
Yes, you can create custom fields. You were told correctly. Notice that you did not say "I was told there was an easy way to do this". Anyone that told you so was lying. If you want the property field to display on one of the pages, you need a programming background.
Now, if you just want to extend the schema and then be able to access those fields programmatically, that's a little easier to do. Like Chris-Dent said, though, there are already 15 extensionAttribute fields that you can use.
What I would personally recommend is to just find a field in the user object that you don't use, and that doesn't affect anything, and use that to hold the data you're trying to store. PO Box comes to mind.. I have already repurposed that field in my AD.. :-)
Now, if you just want to extend the schema and then be able to access those fields programmatically, that's a little easier to do. Like Chris-Dent said, though, there are already 15 extensionAttribute fields that you can use.
What I would personally recommend is to just find a field in the user object that you don't use, and that doesn't affect anything, and use that to hold the data you're trying to store. PO Box comes to mind.. I have already repurposed that field in my AD.. :-)
ASKER
OK Stupid question: IN ADSIEDIt.msc where do I find this 15 existing fields and how do I make them show up???
In ADSIEdit they are visible as extensionAttribute1 extensionAttribute10 extensionAttribute11 12 13 14 15 2 3 4 5 6 7 8 9 . You can't make then show up any way that I'm aware of, it's like the employeeID field. They can only be accessed programmatically (or using ADSIEdit - they don't show in ADU&C).
Unless anyone else knows a trick?
Unless anyone else knows a trick?
Yeah, they appear under the Exchange, er, General? Tab in if you're running Exchange 2003 and it's extension for AD Users and Computers. They're accessed with the Custom Attributes button.
For Exchange 2007 they're accessed through the Exchange Management Console, there's no AD extension for that one.
Chris
Yep, it's Exchange General. That opens up a simple list of boxes for each of the attributes.
Chris
Ahh. Thank you for pointing that out. I don't ever even bother to go and look for anything anymore, I admin my entire directory with VBS.. Lazy me. LOL
ASKER
Thanks for the reply everyone...Here one more problem / though I want to have this information placed in one of the "default ADUC" fields becuase not all AD users including our help desk have the Exchange 2003 admin interface installed on there workstation.
Then you must use a default field, one that is already exposed in the default GUI, there's no other way to do it.
If I were you I would drop AD Users and Computers for that one and throw together a small web application to deal with displaying and updating the attribute.
Chris
ASKER
I like the idea of a web page the only problem is that I'm not a web developer or programmers :-(
Don't worry, not one of us is either (unless I'm mistaken about exx1976) :)
That said, we can probably help you on the way to building one, but it would be more of a tutorial than a packaged solution (for the reason above).
Is that any use to you? Otherwise it would be more appropriate to use command line or script based modification.
If you are interested, you will either need Visual Studio 2008, or Visual Web Developer 2008 Express Edition. The latter is free, but has less features (which has never been a problem for me).
You can find the Express edition downloads here:
http://www.microsoft.com/express/default.aspx
Chris
You are correct, Chris, I'm not a programmer either. I dabble, but only out of necessity. I consider myself near Expert-level on VBS (again, from necessity), but only maybe novice or intermediate at VB.NET and ASP.. I took a few semesters of C++ and JAVA in college, and I retained enough of it at least to still be able to do the logic portions.. LOL
OP - with the above out of the way, it has been infinitely helpful to me that I can at least write SOME code.. Makes administration a lot easier, and the automation I've been able to add into my systems has been priceless. It's a lot of work to admin large numbers of servers/users, so any part of it that you can streamline/put on autopilot is very helpful. A great book (that I still reference from time-to-time) on VBS is Windows 2000 Scripting Bible, ISBN 0-7645-4677-5. It's $30 USD, and worth every penny. Even if you have no programming background, this book is an excellent stating point, and I highly recommend it. I'd also recommend using PrimalScript for your IDE (Integrated Development Environment) for scripting. You can download it from www.sapien.com
HTH,
-exx
OP - with the above out of the way, it has been infinitely helpful to me that I can at least write SOME code.. Makes administration a lot easier, and the automation I've been able to add into my systems has been priceless. It's a lot of work to admin large numbers of servers/users, so any part of it that you can streamline/put on autopilot is very helpful. A great book (that I still reference from time-to-time) on VBS is Windows 2000 Scripting Bible, ISBN 0-7645-4677-5. It's $30 USD, and worth every penny. Even if you have no programming background, this book is an excellent stating point, and I highly recommend it. I'd also recommend using PrimalScript for your IDE (Integrated Development Environment) for scripting. You can download it from www.sapien.com
HTH,
-exx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.