• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Howto create "secure" attribute on domain users


Our HR department would like to add an some attributes to the domain users in our Active Directory. (for example SSN)

How do I create the attributes and only give our HR (security group) rights to read and edit the attributes?

Windows 2012 domain...

Thanks in advance

1 Solution
Peter HutchisonSenior Network Systems SpecialistCommented:
I find the best attributes to use are the Custom Attributes 1-15 which are available. WE use them to store user employee numbers and so on. No need to create any attributes. USually only Domain Admins or users with delegated rights can read or modify them. You can set deny rights for specific attributes using AD Security window to stop other people from seeing or modifying them if you wish.
mikeydkAuthor Commented:
"Custom Attributes 1-15" - from exchange?
ThinkPaperIT ConsultantCommented:
yes - although they are referenced as "extensionAttribute1-15" in AD
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now