[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

need a spare active directory user attribute

Posted on 2013-11-15
8
Medium Priority
?
1,075 Views
Last Modified: 2013-11-18
I need to add a unique id to each active directory user account
should I try to find an existing attribute to use or extend the schema and create a new one
is it safe to extend schema and how can I do this?
or how can I find an attribute that is never used?
0
Comment
Question by:dougdog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:172pilotSteve
ID: 39651220
Why not use the "ObjectGUID" or "SID" for the user?  Those are both definitely unique..
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 39651222
Extending the schema is as safe as working in the registry. Perfectly fine if you know what you are doing and plan ahead of time.

I would just use a spare attribute though. Info is a good one.
0
 

Author Comment

by:dougdog
ID: 39651258
Why not use the "ObjectGUID" or "SID" for the user
these are both in use
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 38

Expert Comment

by:Mahesh
ID: 39651285
You can fill values with employeeID OR employeeNumber attribute which are already present in AD and also unique with each account and some applications may use this for account query.  
You can think addition of schema attribute only if required by any application to query active directory.
It will require lot of perfect scripting work.It may affect AD schema if programmed wrongly.
0
 

Author Comment

by:dougdog
ID: 39651435
how can I search the whole AD to make sure the attribute I choose is def not used
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39651617
You can query AD for perticular attribute
you can user Bulk AD users from wisesoft and can search any custom attribute for single user or all users in entire domain.
There is option called "Properties to load" there.
You can enter any custom attribute there
For Ex.employeeNumber OR employeeID
also u can export search results to excel or csv
the tool can downloaded as freeware from below site
http://wisesoft.co.uk/software/bulkadusers/default.aspx

OR

alternatively you can check through adsiedit.msc if u have 2003 DC or you can use attribute editor if you have 2008 DC
hope that helps
0
 

Author Comment

by:dougdog
ID: 39652101
so employee id or info are def not used and would be safer to use that creating a new one?
also do I need to add this to the GC list to be replicated
or is it already in there
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39652197
EmployeeID and EmployeeNumber are the attribute which are not written automatically during user creation.
Also these attributes are not replicated with global catalog.
If you want you can add to replicated attributes through GC.
Please check below article
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675160(v=vs.85).aspx
Below article is written for windows 2000, but still applies to later versions also.
http://support.microsoft.com/kb/248717
Below is the list of attributes replicated with GC
http://support.microsoft.com/kb/257203
Hope that helps
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question