Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4767
  • Last Modified:

Add New Field on Active Directory Users Account

I'm currently running a Windows 2003 domain that has two DC and 110 Windows XP workstations. I would like to add another field to the network users account page. For Example when you right click a active directory user account and go to properties on the general tab page I would like to create a fied that states some thing like:   Application User ID (then has a blank text field) Basically something similar to the Description attribute on the general page.
1) Is this possible?
2) If I can do this, how hard is it to do?
3) How can I do this?
0
compdigit44
Asked:
compdigit44
  • 7
  • 6
  • 4
  • +1
1 Solution
 
loftywormCommented:
I know it can be done, using the schema.  It is notsomething I have done though, and would have to research it.  Bu the simple answer is "yes"  it can be done.
0
 
compdigit44Author Commented:
This is good news but I have never done it eithre...Looking for step-by-step instructions....
0
 
Chris DentPowerShell DeveloperCommented:

You can add an attribute to the Schema, but I would debate the need. I advise you use one of the existing fields, there are many. If you installed Exchange there are 15 fields, extensionAttribute1 - 15 that can be used for whatever you please.

As those are visible in AD Users and Computers with Exchange 2003, or in the Exchange System Console with Exchange 2007 it puts you a huge leap ahead of adding your own options.

You can view all the attributes available to you by opening ADSIEdit.msc (Start, Run), then opening the properties for a user. Many of the attributes listed are not exposed in the GUI.

Which leads us onto adding fields to AD Users and Computers.

There are a number of ways to achieve this. The easiest is to add an option to the context menu (right click on a user) and have that fire a script off and pop up a box. It's basic, but not all that hard to do.

Actually adding fields into the existing property sheets on the other hand is difficult. You need to have a programming background to even begin thinking about that one (in my opinion). We certainly wouldn't be able to provide step-by-step instructions for it, only point you at the appropriate starting point in MSDN.

Chris
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
compdigit44Author Commented:
Chris-Dent - Thanks for your reply. I have opened adsiedit.msc and expanded the schema. Here are my new questions:
1) In the screen shot can I rename any of the CN fields to be called something else?
2) How can I force some of these attritubes currently listed to show up in AD users properties
ScreenShot-1.bmp
0
 
Chris DentPowerShell DeveloperCommented:

No :) Please do not modify any of the default fields in the Schema. In fact, please be exceptionally careful with the Schema, if you break anything there you must rebuild / restore every single DC in your Forest.

You would have to extend AD Users and Computers, which is back to requiring Programming experience. If you are interested in chasing that one up you would start here:

http://msdn.microsoft.com/en-us/library/aa814672(VS.85).aspx

Chris
0
 
compdigit44Author Commented:
I could have sworn that AD user properties were like a rolodex and that you are given a default paramete but could also create custom fields as well??? This is what I was also told anyway??? There has to be an easier way to do this???? I'm not a programer...Any other ideas or some way I could use the existing field to fit my needs???
0
 
exx1976Commented:
Yes, you can create custom fields.  You were told correctly.  Notice that you did not say "I was told there was an easy way to do this".  Anyone that told you so was lying.  If you want the property field to display on one of the pages, you need a programming background.

Now, if you just want to extend the schema and then be able to access those fields programmatically, that's a little easier to do.  Like Chris-Dent said, though, there are already 15 extensionAttribute fields that you can use.

What I would personally recommend is to just find a field in the user object that you don't use, and that doesn't affect anything, and use that to hold the data you're trying to store.  PO Box comes to mind..   I have already repurposed that field in my AD..  :-)
0
 
compdigit44Author Commented:
OK Stupid question: IN ADSIEDIt.msc where do I find this 15 existing fields and how do I make them show up???
0
 
exx1976Commented:
In ADSIEdit they are visible as       extensionAttribute1  extensionAttribute10  extensionAttribute11  12  13  14  15  2  3  4  5  6  7  8  9   .  You can't make then show up any way that I'm aware of, it's like the employeeID field.  They can only be accessed programmatically (or using ADSIEdit - they don't show in ADU&C).

Unless anyone else knows a trick?
0
 
Chris DentPowerShell DeveloperCommented:

Yeah, they appear under the Exchange, er, General? Tab in if you're running Exchange 2003 and it's extension for AD Users and Computers. They're accessed with the Custom Attributes button.

For Exchange 2007 they're accessed through the Exchange Management Console, there's no AD extension for that one.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Yep, it's Exchange General. That opens up a simple list of boxes for each of the attributes.

Chris
0
 
exx1976Commented:
Ahh.  Thank you for pointing that out.  I don't ever even bother to go and look for anything anymore, I admin my entire directory with VBS..    Lazy me.  LOL
0
 
compdigit44Author Commented:
Thanks for the reply everyone...Here one more problem / though I want to have this information placed in one of the "default ADUC" fields becuase not all AD users including our help desk have the Exchange 2003 admin interface installed on there workstation.
0
 
Chris DentPowerShell DeveloperCommented:

Then you must use a default field, one that is already exposed in the default GUI, there's no other way to do it.

If I were you I would drop AD Users and Computers for that one and throw together a small web application to deal with displaying and updating the attribute.

Chris
0
 
compdigit44Author Commented:
I like the idea of a web page the only problem is that I'm not a web developer or programmers :-(
0
 
Chris DentPowerShell DeveloperCommented:

Don't worry, not one of us is either (unless I'm mistaken about exx1976) :)

That said, we can probably help you on the way to building one, but it would be more of a tutorial than a packaged solution (for the reason above).

Is that any use to you? Otherwise it would be more appropriate to use command line or script based modification.

If you are interested, you will either need Visual Studio 2008, or Visual Web Developer 2008 Express Edition. The latter is free, but has less features (which has never been a problem for me).

You can find the Express edition downloads here:

http://www.microsoft.com/express/default.aspx

Chris
0
 
exx1976Commented:
You are correct, Chris, I'm not a programmer either.  I dabble, but only out of necessity.  I consider myself near Expert-level on VBS (again, from necessity), but only maybe novice or intermediate at VB.NET and ASP..  I took a few semesters of C++ and JAVA in college, and I retained enough of it at least to still be able to do the logic portions..  LOL

OP - with the above out of the way, it has been infinitely helpful to me that I can at least write SOME code..  Makes administration a lot easier, and the automation I've been able to add into my systems has been priceless.  It's a lot of work to admin large numbers of servers/users, so any part of it that you can streamline/put on autopilot is very helpful.  A great book (that I still reference from time-to-time) on VBS is Windows 2000 Scripting Bible, ISBN 0-7645-4677-5.  It's $30 USD, and worth every penny.  Even if you have no programming background, this book is an excellent stating point, and I highly recommend it.  I'd also recommend using PrimalScript for your IDE (Integrated Development Environment) for scripting.  You can download it from www.sapien.com

HTH,
-exx
0
 
Chris DentPowerShell DeveloperCommented:

I'm very similar to Exx on this one. VbScript was my first and remains my strongest (and ASP by association), Perl visited briefly, VB .NET and C# .NET came afterwards and PowerShell most recently.

I recommend PowerShell rather than VbScript these days. You can do things in a couple of lines of PowerShell that take hundreds of lines of VbScript. I replaced some of my excessively complex VbScript this way.

Doesn't work very well if you have to do Logon Scripts, but for administration side scripting it's great. Besides, administration for things like Exchange 2007 is based in PowerShell.

It's here if you want to take a look:

http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx

With some plug-ins here for extra ease of use:

AD - http://www.quest.com/powershell/
Group Policy - http://www.sdmsoftware.com/

Scripting is less help for this one really as we want to provide a user interface. But I do very much agree with Exx that having some scripting under your belt is invaluable. It's a real enabler... it enables me to play foosball instead of spending 4 hours clicking on stuff :)

Back on topic a bit, quite happy to help out with the web-interface for this although making things visually pretty is truly beyond me. That will be .NET if it's my choice because it involves the least code for the prettiest return.

Chris
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 6
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now