• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4855
  • Last Modified:

Add Employee ID field to Active Directory

I know this question has been asked a few times but I'm not real comfortable with what the solutions were.  Is there any supported way or specific directions from MS to show/add the Employee ID field in Active Directory?  Something that I don't have to just trust a script written by someone on the Internet to use?  
0
jpletcher1
Asked:
jpletcher1
  • 3
  • 3
  • 2
2 Solutions
 
Mike KlineCommented:
I'm assuming you are talking about a thread like this on the net
http://forums.techarena.in/active-directory/692788.htm
Joe Richards had a link to the msdn page and Tony had a link to a script.  
Not sure if there are step by step instructions from Microsoft, but I'll check and let you know.
Do you have a VM environment of lab where you can test first? May make you more comfortable.
Thanks
Mike
0
 
jpletcher1Author Commented:
Yes that was one I saw.  It just seems like there should be something from MS with a little more backing on this, but maybe not.  It's a very common thing to do and there are many different articles on how to to it with people who have varying results so it makes me a little nervous.  I should setup a test lab but it would still be nice to have something a little more solid to go off.  
0
 
bluntTonyCommented:
Hi,

Please see this q I answered a while back. While you can't actually modify the AD Users and Computers mmc with writing a DLL, you can add context menus to enable you to view/edit the info. You're gonna have to edit AD with ADSIEdit.msc from the support tools though.

(And I've tested this on my own domain so you can trust it!)

1. Save the below code as a VBS and store it in your netlogon share.
2. Open adsiedit.msc, browse to : CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=DOMAIN,DC=LOCAL
3. View it's properties, then edit the attribute 'adminContextMenu'
4. Create a new entry in the list (usually number 4) like so:

4, &Show Employee ID,\\domain.local\netlogon\yourvbsscript.vbs

OK your changes and close ADSIEdit.msc. Re-open ADUC and when you right click a user object, you'll have 'Show Employee ID' as an option. When you select it this runs the below script which allows you to view and edit the attribute.

(I'm sure I don't have to say this, but substitute the domain name and UNC of netlogon, and the name of the vbs script to suit your needs)
On Error Resume Next
 
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
 
str1 = objUser.employeeID
 
str1New = InputBox("Employee ID","Employee ID",str1)
 
objUser.employeeID = str1New
objUser.SetInfo

Open in new window

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
bluntTonyCommented:
There's a step by step for adding custom attributes, then creating context menus to view them from MS (http://technet.microsoft.com/en-gb/library/bb727064.aspx#EAAA), but the above is a condensed version for your needs, as you don't actually need to create the attribute.

There's a slight modification to the above script - this one below allows you to clear the attribute (an oversight on my part)
On Error Resume Next
Const ADS_PROPERTY_CLEAR = 1
 
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
 
str1 = objUser.employeeID
 
str1New = InputBox("Employee ID","Employee ID",str1)
 
If str1New <> "" Then
	objUser.employeeID = str1New
Else
	objUser.PutEx ADS_PROPERTY_CLEAR, "employeeID", vbNull
End If
objUser.SetInfo

Open in new window

0
 
Mike KlineCommented:
I also just tested it out for you (since you lab is not setup)
Take a look at
http://adisfun.blogspot.com/2009/05/add-employee-id-field-aduc.html
Let me know if you have any questions on that.
Thanks
Mike
0
 
jpletcher1Author Commented:
Thanks guys, I appreciate it.  I'll give it a try soon.  The reason I'm doing this is so that we can have a common ID between our HR systems and AD.  I'm guessing if this works the next question I'll get is how to populate the Employee ID field and how to run things against it...
0
 
bluntTonyCommented:
I would definitely use the script in the article that Mike has posted. It's more watertight than the one I wrote.

The one thing I can't figure out, and the script in the article doesn't either, is if you want to clear the employee ID. The InputBox function in VBS doesn't know what button you pressed - it either returns the value if you click OK, or null ("") if you click cancel, but it also returns null if you clear the attribute then click OK.

So the script doesn't know if you cleared the attribute or clicked cancel. The second script I wrote I thought had fixed this, but it'll clear the attribute whether you actually do clear it, or click cancel. My first script, and the one in the article, will not allow you to clear the attribute at all.

I was trying to figure it out but I do think this is a limitation of VBS. And I'm glad someone else had trouble doing both as well :).

The only thing I can think of is that you specify a special string (e.g. *CLEAR*, or a single space) that you can type into the inputbox which then clears the attribute, but that's a bit clunky.

If you need the script modifying let us know.
0
 
Mike KlineCommented:
You can populate it by right clicking and entering data
...if you want to sync up between the HR system and AD that will take some research between you and the HR system vendor.
Thanks
Mike
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now