Solved

Add Employee ID field to Active Directory

Posted on 2009-05-13
8
4,133 Views
Last Modified: 2012-05-07
I know this question has been asked a few times but I'm not real comfortable with what the solutions were.  Is there any supported way or specific directions from MS to show/add the Employee ID field in Active Directory?  Something that I don't have to just trust a script written by someone on the Internet to use?  
0
Comment
Question by:jpletcher1
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
I'm assuming you are talking about a thread like this on the net
http://forums.techarena.in/active-directory/692788.htm
Joe Richards had a link to the msdn page and Tony had a link to a script.  
Not sure if there are step by step instructions from Microsoft, but I'll check and let you know.
Do you have a VM environment of lab where you can test first? May make you more comfortable.
Thanks
Mike
0
 

Author Comment

by:jpletcher1
Comment Utility
Yes that was one I saw.  It just seems like there should be something from MS with a little more backing on this, but maybe not.  It's a very common thing to do and there are many different articles on how to to it with people who have varying results so it makes me a little nervous.  I should setup a test lab but it would still be nice to have something a little more solid to go off.  
0
 
LVL 27

Expert Comment

by:bluntTony
Comment Utility
Hi,

Please see this q I answered a while back. While you can't actually modify the AD Users and Computers mmc with writing a DLL, you can add context menus to enable you to view/edit the info. You're gonna have to edit AD with ADSIEdit.msc from the support tools though.

(And I've tested this on my own domain so you can trust it!)

1. Save the below code as a VBS and store it in your netlogon share.
2. Open adsiedit.msc, browse to : CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=DOMAIN,DC=LOCAL
3. View it's properties, then edit the attribute 'adminContextMenu'
4. Create a new entry in the list (usually number 4) like so:

4, &Show Employee ID,\\domain.local\netlogon\yourvbsscript.vbs

OK your changes and close ADSIEdit.msc. Re-open ADUC and when you right click a user object, you'll have 'Show Employee ID' as an option. When you select it this runs the below script which allows you to view and edit the attribute.

(I'm sure I don't have to say this, but substitute the domain name and UNC of netlogon, and the name of the vbs script to suit your needs)
On Error Resume Next
 

Set wshArguments = WScript.Arguments

Set objUser = GetObject(wshArguments(0))
 

str1 = objUser.employeeID
 

str1New = InputBox("Employee ID","Employee ID",str1)
 

objUser.employeeID = str1New

objUser.SetInfo

Open in new window

0
 
LVL 27

Accepted Solution

by:
bluntTony earned 125 total points
Comment Utility
There's a step by step for adding custom attributes, then creating context menus to view them from MS (http://technet.microsoft.com/en-gb/library/bb727064.aspx#EAAA), but the above is a condensed version for your needs, as you don't actually need to create the attribute.

There's a slight modification to the above script - this one below allows you to clear the attribute (an oversight on my part)
On Error Resume Next

Const ADS_PROPERTY_CLEAR = 1
 

Set wshArguments = WScript.Arguments

Set objUser = GetObject(wshArguments(0))
 

str1 = objUser.employeeID
 

str1New = InputBox("Employee ID","Employee ID",str1)
 

If str1New <> "" Then

	objUser.employeeID = str1New

Else

	objUser.PutEx ADS_PROPERTY_CLEAR, "employeeID", vbNull

End If

objUser.SetInfo

Open in new window

0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
Comment Utility
I also just tested it out for you (since you lab is not setup)
Take a look at
http://adisfun.blogspot.com/2009/05/add-employee-id-field-aduc.html
Let me know if you have any questions on that.
Thanks
Mike
0
 

Author Comment

by:jpletcher1
Comment Utility
Thanks guys, I appreciate it.  I'll give it a try soon.  The reason I'm doing this is so that we can have a common ID between our HR systems and AD.  I'm guessing if this works the next question I'll get is how to populate the Employee ID field and how to run things against it...
0
 
LVL 27

Expert Comment

by:bluntTony
Comment Utility
I would definitely use the script in the article that Mike has posted. It's more watertight than the one I wrote.

The one thing I can't figure out, and the script in the article doesn't either, is if you want to clear the employee ID. The InputBox function in VBS doesn't know what button you pressed - it either returns the value if you click OK, or null ("") if you click cancel, but it also returns null if you clear the attribute then click OK.

So the script doesn't know if you cleared the attribute or clicked cancel. The second script I wrote I thought had fixed this, but it'll clear the attribute whether you actually do clear it, or click cancel. My first script, and the one in the article, will not allow you to clear the attribute at all.

I was trying to figure it out but I do think this is a limitation of VBS. And I'm glad someone else had trouble doing both as well :).

The only thing I can think of is that you specify a special string (e.g. *CLEAR*, or a single space) that you can type into the inputbox which then clears the attribute, but that's a bit clunky.

If you need the script modifying let us know.
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
You can populate it by right clicking and entering data
...if you want to sync up between the HR system and AD that will take some research between you and the HR system vendor.
Thanks
Mike
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now