Solved

Add Employee ID field to Active Directory

Posted on 2009-05-13
8
4,522 Views
Last Modified: 2012-05-07
I know this question has been asked a few times but I'm not real comfortable with what the solutions were.  Is there any supported way or specific directions from MS to show/add the Employee ID field in Active Directory?  Something that I don't have to just trust a script written by someone on the Internet to use?  
0
Comment
Question by:jpletcher1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24376984
I'm assuming you are talking about a thread like this on the net
http://forums.techarena.in/active-directory/692788.htm
Joe Richards had a link to the msdn page and Tony had a link to a script.  
Not sure if there are step by step instructions from Microsoft, but I'll check and let you know.
Do you have a VM environment of lab where you can test first? May make you more comfortable.
Thanks
Mike
0
 

Author Comment

by:jpletcher1
ID: 24377091
Yes that was one I saw.  It just seems like there should be something from MS with a little more backing on this, but maybe not.  It's a very common thing to do and there are many different articles on how to to it with people who have varying results so it makes me a little nervous.  I should setup a test lab but it would still be nice to have something a little more solid to go off.  
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24377287
Hi,

Please see this q I answered a while back. While you can't actually modify the AD Users and Computers mmc with writing a DLL, you can add context menus to enable you to view/edit the info. You're gonna have to edit AD with ADSIEdit.msc from the support tools though.

(And I've tested this on my own domain so you can trust it!)

1. Save the below code as a VBS and store it in your netlogon share.
2. Open adsiedit.msc, browse to : CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=DOMAIN,DC=LOCAL
3. View it's properties, then edit the attribute 'adminContextMenu'
4. Create a new entry in the list (usually number 4) like so:

4, &Show Employee ID,\\domain.local\netlogon\yourvbsscript.vbs

OK your changes and close ADSIEdit.msc. Re-open ADUC and when you right click a user object, you'll have 'Show Employee ID' as an option. When you select it this runs the below script which allows you to view and edit the attribute.

(I'm sure I don't have to say this, but substitute the domain name and UNC of netlogon, and the name of the vbs script to suit your needs)
On Error Resume Next
 
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
 
str1 = objUser.employeeID
 
str1New = InputBox("Employee ID","Employee ID",str1)
 
objUser.employeeID = str1New
objUser.SetInfo

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 27

Accepted Solution

by:
bluntTony earned 125 total points
ID: 24377433
There's a step by step for adding custom attributes, then creating context menus to view them from MS (http://technet.microsoft.com/en-gb/library/bb727064.aspx#EAAA), but the above is a condensed version for your needs, as you don't actually need to create the attribute.

There's a slight modification to the above script - this one below allows you to clear the attribute (an oversight on my part)
On Error Resume Next
Const ADS_PROPERTY_CLEAR = 1
 
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
 
str1 = objUser.employeeID
 
str1New = InputBox("Employee ID","Employee ID",str1)
 
If str1New <> "" Then
	objUser.employeeID = str1New
Else
	objUser.PutEx ADS_PROPERTY_CLEAR, "employeeID", vbNull
End If
objUser.SetInfo

Open in new window

0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 24377503
I also just tested it out for you (since you lab is not setup)
Take a look at
http://adisfun.blogspot.com/2009/05/add-employee-id-field-aduc.html
Let me know if you have any questions on that.
Thanks
Mike
0
 

Author Comment

by:jpletcher1
ID: 24377581
Thanks guys, I appreciate it.  I'll give it a try soon.  The reason I'm doing this is so that we can have a common ID between our HR systems and AD.  I'm guessing if this works the next question I'll get is how to populate the Employee ID field and how to run things against it...
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24377724
I would definitely use the script in the article that Mike has posted. It's more watertight than the one I wrote.

The one thing I can't figure out, and the script in the article doesn't either, is if you want to clear the employee ID. The InputBox function in VBS doesn't know what button you pressed - it either returns the value if you click OK, or null ("") if you click cancel, but it also returns null if you clear the attribute then click OK.

So the script doesn't know if you cleared the attribute or clicked cancel. The second script I wrote I thought had fixed this, but it'll clear the attribute whether you actually do clear it, or click cancel. My first script, and the one in the article, will not allow you to clear the attribute at all.

I was trying to figure it out but I do think this is a limitation of VBS. And I'm glad someone else had trouble doing both as well :).

The only thing I can think of is that you specify a special string (e.g. *CLEAR*, or a single space) that you can type into the inputbox which then clears the attribute, but that's a bit clunky.

If you need the script modifying let us know.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24377732
You can populate it by right clicking and entering data
...if you want to sync up between the HR system and AD that will take some research between you and the HR system vendor.
Thanks
Mike
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question