Solved

need a spare active directory user attribute

Posted on 2013-11-15
8
971 Views
Last Modified: 2013-11-18
I need to add a unique id to each active directory user account
should I try to find an existing attribute to use or extend the schema and create a new one
is it safe to extend schema and how can I do this?
or how can I find an attribute that is never used?
0
Comment
Question by:dougdog
8 Comments
 
LVL 10

Expert Comment

by:172pilotSteve
ID: 39651220
Why not use the "ObjectGUID" or "SID" for the user?  Those are both definitely unique..
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 39651222
Extending the schema is as safe as working in the registry. Perfectly fine if you know what you are doing and plan ahead of time.

I would just use a spare attribute though. Info is a good one.
0
 

Author Comment

by:dougdog
ID: 39651258
Why not use the "ObjectGUID" or "SID" for the user
these are both in use
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 36

Expert Comment

by:Mahesh
ID: 39651285
You can fill values with employeeID OR employeeNumber attribute which are already present in AD and also unique with each account and some applications may use this for account query.  
You can think addition of schema attribute only if required by any application to query active directory.
It will require lot of perfect scripting work.It may affect AD schema if programmed wrongly.
0
 

Author Comment

by:dougdog
ID: 39651435
how can I search the whole AD to make sure the attribute I choose is def not used
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39651617
You can query AD for perticular attribute
you can user Bulk AD users from wisesoft and can search any custom attribute for single user or all users in entire domain.
There is option called "Properties to load" there.
You can enter any custom attribute there
For Ex.employeeNumber OR employeeID
also u can export search results to excel or csv
the tool can downloaded as freeware from below site
http://wisesoft.co.uk/software/bulkadusers/default.aspx

OR

alternatively you can check through adsiedit.msc if u have 2003 DC or you can use attribute editor if you have 2008 DC
hope that helps
0
 

Author Comment

by:dougdog
ID: 39652101
so employee id or info are def not used and would be safer to use that creating a new one?
also do I need to add this to the GC list to be replicated
or is it already in there
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39652197
EmployeeID and EmployeeNumber are the attribute which are not written automatically during user creation.
Also these attributes are not replicated with global catalog.
If you want you can add to replicated attributes through GC.
Please check below article
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675160(v=vs.85).aspx
Below article is written for windows 2000, but still applies to later versions also.
http://support.microsoft.com/kb/248717
Below is the list of attributes replicated with GC
http://support.microsoft.com/kb/257203
Hope that helps
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conneā€¦
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question