Add a new custom field in Active Directory??

I have a logon/logoff script that records when a user logged on or logged off a machine. The information is placed in the Description field in Active Directory. So when you open AD and click on an OU, you will see the list of machines, and whoever has logged on/off at those specific machines.  This was an easy way to see who logged on to what machine and it worked wonderfully.
I'm at a different location now, and I want to do the same thing. However, they are already using the Description field for something else. So I'd like to create a new field (named something like "Last Logged User") so I can still use the script and store the user info in that field.

I'm not really familiar with using ADSIedit or ADAM.. not exactly sure how to start? Would I be able to add another field on the same "General" tab, or would I need to create a new tab to include just that field?

Also - don't know if this matters, but currently, when you click on an OU in AD, on the right side you'd see a listing of machines/objects and it's attributes (name, type, description..) I would like to be able to include the new field there, so administrators can easily see who logged on to what machine, without having to right-click properties or double click it.

Is there a easy step-by-step tutorial or reference that will show me how to do this?
Below is an example of the logon script:
Set objSysInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
'----- update workstations only --------------
If Instr(objSysInfo.ComputerName, "Workstation")>0 Then
'--- Update Workstations ------------
  strMessage = objUser.CN & " - logged on: " & Now & "."
End If
objComputer.Description = strMessage

Open in new window

LVL 16
ThinkPaperIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Might I suggest you opt for adminDescription (not to be confused with description) or comment as both exist already avoiding any Schema modifications? Nothing really bad about adding a brand new attribute, it's just extra work :)

Extra columns can be made visible in AD Users and Computers so it'll appear in the way you want. Pber has a nice little article on this here:

Do note that actually adding the value to the computer properties (when you open them) is far from trivial and will require COM programming (either C++ or VB 6). That bit is no fun, but you shouldn't really need that.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ThinkPaperIT ConsultantAuthor Commented:
thanks.. to be sure.. the part where you select extraColumns, and they're adding in EmployeeID.. I would be doing something like this instead?

adminDescription,Logged User,0,100,0
ThinkPaperIT ConsultantAuthor Commented:
Ok.. confused.. added that to the default-Display and it's still not showing up when you do the Add/Remove Columns. Am I missing something?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

ThinkPaperIT ConsultantAuthor Commented:
Also added the line to extraColumns in computer-Display and container-Display....

ThinkPaperIT ConsultantAuthor Commented:
ok nvm i think i got it =) added to user, computer, container and default and that seemed to make it show up.
ThinkPaperIT ConsultantAuthor Commented:
A followup --

adminInfo field DOES NOT work for this.. it is a reserved field for administrative purposes. If you try to run it, it will work under admin but not for regular user, even if I set read/write permissions to the field. I had to end up using the "info" field itself, which although doesn't show up in the configuration, is available since the computer inherits all the properties from the user class.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.