Solved

Add Employee ID field to Active Directory

Posted on 2009-05-13
8
4,347 Views
Last Modified: 2012-05-07
I know this question has been asked a few times but I'm not real comfortable with what the solutions were.  Is there any supported way or specific directions from MS to show/add the Employee ID field in Active Directory?  Something that I don't have to just trust a script written by someone on the Internet to use?  
0
Comment
Question by:jpletcher1
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24376984
I'm assuming you are talking about a thread like this on the net
http://forums.techarena.in/active-directory/692788.htm
Joe Richards had a link to the msdn page and Tony had a link to a script.  
Not sure if there are step by step instructions from Microsoft, but I'll check and let you know.
Do you have a VM environment of lab where you can test first? May make you more comfortable.
Thanks
Mike
0
 

Author Comment

by:jpletcher1
ID: 24377091
Yes that was one I saw.  It just seems like there should be something from MS with a little more backing on this, but maybe not.  It's a very common thing to do and there are many different articles on how to to it with people who have varying results so it makes me a little nervous.  I should setup a test lab but it would still be nice to have something a little more solid to go off.  
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24377287
Hi,

Please see this q I answered a while back. While you can't actually modify the AD Users and Computers mmc with writing a DLL, you can add context menus to enable you to view/edit the info. You're gonna have to edit AD with ADSIEdit.msc from the support tools though.

(And I've tested this on my own domain so you can trust it!)

1. Save the below code as a VBS and store it in your netlogon share.
2. Open adsiedit.msc, browse to : CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=DOMAIN,DC=LOCAL
3. View it's properties, then edit the attribute 'adminContextMenu'
4. Create a new entry in the list (usually number 4) like so:

4, &Show Employee ID,\\domain.local\netlogon\yourvbsscript.vbs

OK your changes and close ADSIEdit.msc. Re-open ADUC and when you right click a user object, you'll have 'Show Employee ID' as an option. When you select it this runs the below script which allows you to view and edit the attribute.

(I'm sure I don't have to say this, but substitute the domain name and UNC of netlogon, and the name of the vbs script to suit your needs)
On Error Resume Next
 
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
 
str1 = objUser.employeeID
 
str1New = InputBox("Employee ID","Employee ID",str1)
 
objUser.employeeID = str1New
objUser.SetInfo

Open in new window

0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 27

Accepted Solution

by:
bluntTony earned 125 total points
ID: 24377433
There's a step by step for adding custom attributes, then creating context menus to view them from MS (http://technet.microsoft.com/en-gb/library/bb727064.aspx#EAAA), but the above is a condensed version for your needs, as you don't actually need to create the attribute.

There's a slight modification to the above script - this one below allows you to clear the attribute (an oversight on my part)
On Error Resume Next
Const ADS_PROPERTY_CLEAR = 1
 
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
 
str1 = objUser.employeeID
 
str1New = InputBox("Employee ID","Employee ID",str1)
 
If str1New <> "" Then
	objUser.employeeID = str1New
Else
	objUser.PutEx ADS_PROPERTY_CLEAR, "employeeID", vbNull
End If
objUser.SetInfo

Open in new window

0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 24377503
I also just tested it out for you (since you lab is not setup)
Take a look at
http://adisfun.blogspot.com/2009/05/add-employee-id-field-aduc.html
Let me know if you have any questions on that.
Thanks
Mike
0
 

Author Comment

by:jpletcher1
ID: 24377581
Thanks guys, I appreciate it.  I'll give it a try soon.  The reason I'm doing this is so that we can have a common ID between our HR systems and AD.  I'm guessing if this works the next question I'll get is how to populate the Employee ID field and how to run things against it...
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24377724
I would definitely use the script in the article that Mike has posted. It's more watertight than the one I wrote.

The one thing I can't figure out, and the script in the article doesn't either, is if you want to clear the employee ID. The InputBox function in VBS doesn't know what button you pressed - it either returns the value if you click OK, or null ("") if you click cancel, but it also returns null if you clear the attribute then click OK.

So the script doesn't know if you cleared the attribute or clicked cancel. The second script I wrote I thought had fixed this, but it'll clear the attribute whether you actually do clear it, or click cancel. My first script, and the one in the article, will not allow you to clear the attribute at all.

I was trying to figure it out but I do think this is a limitation of VBS. And I'm glad someone else had trouble doing both as well :).

The only thing I can think of is that you specify a special string (e.g. *CLEAR*, or a single space) that you can type into the inputbox which then clears the attribute, but that's a bit clunky.

If you need the script modifying let us know.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24377732
You can populate it by right clicking and entering data
...if you want to sync up between the HR system and AD that will take some research between you and the HR system vendor.
Thanks
Mike
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question