How to Add Employee ID to AD account

Hi Expert,

I would like to know if anyone here knows to add Employee ID to AD account in server 2012, I have tried googling and saw ppl post using PowerShell and using script method but I am not confident on this, it's like showing the attribute Employee ID when you right click on user account properties in AD, not too sure about if it's the correct method though. appreciate if anyone here has the experience or knowledge can kindly assist me on.

Thanks!
xchiazyxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
It's quite simple if you have the SamAccountName or a property of a user.

Run with administrative privileges in an elevated console and run this:

#For Simple Add/Change of an employeeID

Import-Module ActiveDirectory
Set-ADUser -identity $_.Sam  -EmployeeID  $_.EmployeeID

Open in new window


#For Everyone's Add/Change of  employeeID property
You will need a CSV file like this, (let's call it: employees.csv", and it's in the same location of the script (the one I'll add below)

Sam,EmployeeID
samuser1,employeeid1
samuser2,employeeid2
.
.
.
samuserN,employeeidN

Open in new window


Import-Module ActiveDirectory
Get-ImportCsv  .\employees.csv | %{  Set-ADUser -identity $_.Sam  -EmployeeID  $_.EmployeeID}

Open in new window


Note: 1st line of CSV (Sam, EmployeeID) are the properties being used in the %{} (foreach loop) properties ($_.Sam & $_.EmployeeID)
1
yo_beeDirector of Information TechnologyCommented:
This can only be done with CLI like the Powershell cmdlet recommended above, VBS script or a custom GUI.  You cannot do this via the ADUC unless you access the Attribute Editor Tab.
0
Pete LongTechnical ConsultantCommented:
Jose's method is much more elegant, but you can 'mostly' do this from the GUI;
See this article,


Pete
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Kevin StanushApplication DeveloperCommented:
Consider using Hyena's modern GUI to manage Active Directory.  We've had the employee ID on our User Properties (Organization tab) for about 10 years now.  You can also add any attribute to any directory view with a few mouse clicks (we also have a video on that as well).  And, you can batch import and bulk update Active Directory as well.

https://www.systemtools.com/hyena/ad_main.htm

If you have a question, we are also here for you.
0
oBdACommented:
This can be done without (after initial setup) CLI, with the default ADUC console, and with default tools.
I started by typing out a manual guide and a bit of script, but that turned out too lengthy, so I started scripting in earnest. Here's a PowerShell script; it's a bit more involved than I was initially expecting/planning, so I might just develop it a bit further and turn it into an article ...
Notes:
* This script does NOT extend the AD Schema. It uses a default mechanism Microsoft introduced to extend the ADUC MMC. Nevertheless, it changes attributes in the AD Configuration Naming Context, so the usual precautions apply. Try it in a test AD first.
* This script will NOT work with the new "Active Directory Administrative Center", only with the traditional ADUC MMC.
* The extension is stored in AD and can be seen in each ADUC MMC, whether this script is available or not. If this script is not available, and the context menu is called anyway, nothing at all will happen.
* Requirements: PowerShell 3.0 or later, and the ActiveDirectory PS module on each machine where the ADUC MMC is used.

The really short installation guide to be able to edit the EmployeeID directly from the ADUC MMC:
1. Save the script below as Set-ADUCEmployeeID.ps1 to a central network location that is accessible as Local Intranet (otherwise you'll get that "Open File - Security Warning" dialog); I'll assume a subfolder "ADUC" in the good old Netlogon share (which is the "scripts" folder in SysVol): "\\acme.com\netlogon\ADUC". Can be a file server or a mapped network drive as well; if it's a mapped network drive, the UNC will be resolved and used.
2. Open an elevated PowerShell Console as Domain Administrator, and start the script using the same path the ADUC MMC should use, for example:
& "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -Register -Verbose
The script's folder must be writable during registration, because it generates a .cmd file in the same folder.
3. Wait for AD replication (if applicable)
4. (Re-)Start the ADUC, right-click a user object, you should now see an entry "Employee ID ..." in the context menu. Edit away.

Should you want to get rid of it, run it again with -Unregister, for example as:
& "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -Unregister -Verbose
Delete the script and the batch stub.

Read the script help for the full details.
Get-Help -ShowWindow "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1"

<#
.SYNOPSIS
Extends the context menu of the "Active Directory Users and Computers" MMC and handles its calls.
The user running the ADUC MMC will be able to edit the EmployeeID attribute using a dialog box.
Notes:
* This script does NOT extend the AD Schema.
* This script will NOT work with "Active Directory Administrative Center".

.DESCRIPTION
The script Set-ADUCEmployeeID.ps1 extends the context menu of the "Active Directory Users and Computers" MMC and handles its calls.
The user running the ADUC MMC will be able to edit the EmployeeID attribute using a dialog box.
Note that the extension is stored in AD and can be seen in each ADUC MMC, whether this script is available or not. If this script is not available, and the context menu is called anyway, nothing at all will happen.
It can be used to register (and unregister) itself as an an extension of the ADUC context menu.
When registering, it will create a batch "stub" that will then call this PowerShell script from the ADUC console. (This is required because the extension architecture doesn't allow to pass additional parameters to the program/script defined.)
In its current configuration, it makes the AD attribute 'employeeID' editable from the ADUC MMC. It can be edited to change other attributes as well.

Usage:
~~~~~~
Register the script in AD (see below), then (re)start the ADUC MMC and right-click an AD object for which the script has been registered.
An entry with the content of the ContextMenu parameter should be in the list of available commands.
Note that there will be command prompt windows visible for a short moment during the script start; this is normal.

Steps to extend the ADUC context menu:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Deploy the script
Save this script as Set-ADUCEmployeeID.ps1; if you change the attribute it edits, change the script name accordingly.
Edit the $Prompt variable in this script if it doesn't suit your needs.
It is strongly recommended to place this script into a centrally available network location (for example the NETLOGON share in the SysVol folder).
Alternatively, you can deploy it to the same local path on ALL machines that will be using the ADUC MMC.
Note: during registration, a batch stub file will be auto-generated. This file must be deployed in the same folder as the script as well.
It really is easiest to keep it in SysVol.

2. Register the script in AD
Note: the script's folder must be writable during registration.
Open an elevated PowerShell Console as Domain Administrator, and start the script using the same path the ADUC MMC should use, for example:
& "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -Register -Verbose
You can optionally add one or more of the following parameters (see the "Parameters" section for details):
ObjectType, LCID, ContextMenu, PSWindowStyle, SuccessNotification
By default, the script will register itself for user objects.
If you want to register the script to handle an attribute that applies to both user and computer objects, repeat the registration with the parameter "-ObjectType Computer".
If you want the script to register itself for a specific Language Code ID (LCID), repeat the registration using the LCID parameter with the respective decimal value (for example 1033 for en-US); a hexadecimal value can be used when prefixed with 0x (for example 0x409).
The script will create a batch stub with its own file name, and the extension ".cmd"; this batch file will be added as program to run from the context menu.

3. Wait for AD Replication (if applicable)
Registration changes an AD attribute in the Configuration Naming Context (CN=<ObjectType>-Display,CN=<hexadecimal LCID>,CN=DisplaySpecifiers,CN=Configuration); before it can be used domain wide, all DCs need to have the change replicated.

4. Restart ADUC MMC
Restart any ADUC MMCs that might have been open during registration.

Steps to verify the registration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Open a PowerShell Console, and start the script with the argument -ShowRegistration, for example:
& "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -ShowRegistration
You should see at least one entry with the script name you're using.
This will list all registrations, including the default COM objects. To only list the script relevant entries, filter the output:
& "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -ShowRegistration | ? {!$_.COM}
Repeat the verification for each combination of ObjectType and LCID you want to test.

Steps to remove the ADUC context menu:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Unregister the script in AD
Open an elevated PowerShell Console as Domain Administrator, and start the script with the argument -Unregister, for example:
& "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -Unregister -Verbose
Repeat the unregistration for each combination of ObjectType and LCID you've used for registering.

2. Wait for AD Replication (if applicable) / Restart ADUC MMC
As with registration, AD replication needs to take place and any ADUC MMCs that might have been open during unregistration need to be restarted.

3. Remove the script and its batch stub from its installation location(s).

.PARAMETER Identity
Only meant for use by the batch stub!
The LDAP path of the object to edit.

.PARAMETER ParseIdentity
Only meant for use by the batch stub!
Indicates whether the ObjectType is part of the LDAP path. Required because the ADUC does not necessarily put quotes around the LDAP path.

.PARAMETER Register
Registers the script for use in the ADUC context menu.
Note: the registration process must be repeated once for each ObjectType/LCID combination required.

.PARAMETER ShowRegistration
Shows the current ADUC context menu registrations (including the default COM objects) for the ObjectType/LCID combination passed.

.PARAMETER Unregister
Unregisters the script from use in the ADUC context menu.
Note: the unregistration process must be repeated once for each ObjectType/LCID combination that has been registered.

.PARAMETER ObjectType
The ObjectType to register.
Currently supported: 'User' and 'Computer'.
Default is 'User'.

.PARAMETER LCID
The Language Code ID for which to register the script.
Use the decimal value (for example 1033 for en-US), or a hexadecimal value prefixed with 0x (for example 0x409).
Default is the LCID property from [cultureinfo]::CurrentUICulture

.PARAMETER ContextMenu
The menu entry in the ADUC MMC's context menu for the ObjectType.
By convention, since the entry opens a new dialog, the entry should end with ' ...'.
Default is 'Employee ID ...'.
If you want to change this entry after initial registration, run the registration process again once for each ObjectType/LCID combination required.

.PARAMETER PSWindowStyle
The window style of the PowerShell console window started by the ADUC console.
Editing the attribute itself will take place in a GUI popup, so the console does not need to be visible (but showing it can be useful for debugging)
Note that there will be command prompt windows visible for a short moment during the script start, even if WindowStyle is Hidden; this is normal.
Supported: 'Normal', 'Hidden'.
Default is 'Hidden'.
If you want to change this behavior after initial registration, run the registration command again once to create a new batch stub. If the script is not stored in a central network share, deploy the new stub to all machines where the PS script is installed.

.PARAMETER SuccessNotification
By default, the popup dialog will just close and the changes applied silently once the user clicks OK. Only errors during execution will create an additional dialog.
If the user should be prompted with another popup even after successful execution, use this argument during registration.
If no changes are required (Cancel is clicked, or OK without changing the attribute), no additional dialog will be shown even with this argument.
If you want to change this behavior after initial registration, run the registration command again once to create a new batch stub. If the script is not stored in a central network share, deploy the new stub to all machines where the PS script is installed.

.PARAMETER Server
The domain conroller to use for Register/ShowRegistration/Unregister.
Can be used, for example, to run ShowRegistration against a specific DC if a replication problem is suspected.

.INPUTS
This script does not accept pipeline input.

.OUTPUTS
This script does not generate pipeline output.

.LINK
Step-by-Step Guide to Using Active Directory Schema and Display Specifiers
https://msdn.microsoft.com/en-us/library/bb727064.aspx

Admin-Context-Menu attribute
https://msdn.microsoft.com/en-us/library/ms675211(v=vs.85).aspx
#>

[CmdletBinding(DefaultParameterSetName='ADUC', SupportsShouldProcess=$true)]
Param(
	[Parameter(Position=0, Mandatory=$true, ParameterSetName='ADUC')]
		[String]$Identity,
	[Parameter(ParameterSetName='ADUC')]
		[Switch]$ParseIdentity,
	[Parameter(Mandatory=$true, ParameterSetName='Register')]
		[Switch]$Register,
	[Parameter(Mandatory=$true, ParameterSetName='ShowRegistration')]
		[Switch]$ShowRegistration,
	[Parameter(Mandatory=$true, ParameterSetName='Unregister')]
		[Switch]$Unregister,
	[Parameter(Position=1)]
	[ValidateSet('Computer', 'User')]
		[String]$ObjectType = 'User',
	[Parameter(ParameterSetName='Register')]
	[Parameter(ParameterSetName='ShowRegistration')]
	[Parameter(ParameterSetName='Unregister')]
		[Int32]$LCID = $(([cultureinfo]::CurrentUICulture).LCID),
	[Parameter(ParameterSetName='Register')]
		[String]$ContextMenu = 'Employee ID ...',
	[Parameter(ParameterSetName='Register')]
	[ValidateSet('Normal', 'Hidden')]		## 'Minimized' is currently not supported; the edit dialog will appear behind the ADUC console!
		[String]$PSWindowStyle = 'Hidden',
	[Parameter(ParameterSetName='ADUC')]
	[Parameter(ParameterSetName='Register')]
		[Switch]$SuccessNotification,
	[Parameter(ParameterSetName='Register')]
	[Parameter(ParameterSetName='ShowRegistration')]
	[Parameter(ParameterSetName='Unregister')]
		[String]$Server
)
#requires -Version 3

If ($ParseIdentity) {
	## Script was called from the batch stub, and the ADUC console didn't add quotes; see comment in New-BatchStub.
	## $ObjectType will be $null; the actual ObjectType will instead the element after the last space in $Identity.
	## Fixed here so that $ObjectType can be used in the $Prompt variable.
	$Identity, $ObjectType = $Identity -split '\s+(?=\S+\Z)'
}

## region Customization ################################################################################
$Attribute = 'employeeID'

## {0}: SamAccountName; {1}: DisplayName; {2}: Current attribute value
$Prompt = @"
You are editing $($ObjectType) "{0}" ({1})
Current Employee ID: "{2}"

Please enter the new Employee ID.
Enter <none> (including the brackets) to clear the attribute.
"@
## endregion Customization ################################################################################

## region Functions ################################################################################
Function New-BatchStub {
Param(
	[String]$Path,
	[String]$WindowStyle,
	[Switch]$SuccessNotification
)
	@"
		@echo off
		REM ***** Auto-generated, DO NOT EDIT! *****
		setlocal
		REM When called from ADUC, parameters passed may be ...
		REM   ... ideal: DN contains a space, and double quotes around the LDAP path will be added by ADUC:
		REM     %*: "LDAP://server.acme.com/CN=John Doe,OU=dep,DC=acme,DC=com" user
		REM     %1: "LDAP://server.acme.com/CN=John Doe,OU=dep,DC=acme,DC=com"
		REM     %2: user
		REM
		REM   ... less ideal: DN contains no space, no quotes will be added by ADUC, and cmd.exe will start to break down the arguments:
		REM     %*: LDAP://server.acme.com/CN=JohnDoe,OU=dep,DC=acme,DC=com user
		REM     %1: LDAP://server.acme.com/CN
		REM     %2: JohnDoe
		set PSFile=%~dpn0.ps1
		set CommonPsScriptArgs=-Verbose $(If ($SuccessNotification) {'-SuccessNotification'})
		if "%~3"=="" (
			set ADPsScriptArgs=-Identity %1 -ObjectType %2
		) else (
			set ADPsScriptArgs=-Identity "%*" -ParseIdentity
		)
		start "%~n0" "%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe"  -ExecutionPolicy Bypass -WindowStyle $($WindowStyle) -File "%PSFile%" %ADPsScriptArgs% %CommonPsScriptArgs%
"@ -split "`r`n" | ForEach-Object {$_.Trim()} | Set-Content -Path $Path -ErrorAction Stop
}

Function Get-Registration {
Param(
	[Microsoft.ActiveDirectory.Management.ADObject]$DisplaySpecifier
)
	$DisplaySpecifier.adminContextMenu |
		Where-Object {$_ -match '\A(?<Order>\d*),((?<Guid>\{[0-9A-F-]{36}\})|(?<Menu>[^,]+),(?<Command>.+))\Z'} |
		Select-Object -Property `
			@{n='Order'; e={[Int32]$Matches['Order']}},
			@{n='COM'; e={$Matches['Guid']}},
			@{n='Menu'; e={$Matches['Menu']}},
			@{n='CommandPath'; e={[System.IO.Path]::GetDirectoryName($Matches['Command'])}},
			@{n='CommandFile'; e={[System.IO.Path]::GetFileName($Matches['Command'])}},
			@{n='Raw'; e={$_}}
}
## endregion Functions ################################################################################

## region Main ################################################################################
$ErrorActionPreference = 'Stop'
$ScriptPath = $MyInvocation.MyCommand.Path
$ScriptBaseName = [System.IO.Path]::GetFileNameWithoutExtension($ScriptPath)

If ($PSCmdlet.ParameterSetName -eq 'ADUC') {
	[Console]::Title = $ScriptBaseName
	[console]::WindowWidth = 120
	[console]::BufferWidth = 120
	Write-Verbose "Processing $($Identity)"
	Try {
		Import-Module -Name ActiveDirectory -Function Get-ADObject, Set-ADObject -Verbose:$false
		$Identity -match 'LDAP://(?<Server>.*?)/(?<DistinguishedName>.*)' | Out-Null
		$ADObjectArgs = @{}
		$ADObjectArgs['Identity'] = $Matches['DistinguishedName']
		$ADObjectArgs['Server'] = $Matches['Server']
		$ADObject = Get-ADObject @ADObjectArgs -Property DisplayName, SamAccountName, $Attribute
		$ADObject | Format-List | Out-String | Write-Verbose
		Add-Type -AssemblyName 'Microsoft.VisualBasic'
		Write-Verbose "Waiting for user input in the GUI popup ..."
		$NewValue = ([Microsoft.VisualBasic.Interaction]::InputBox(($Prompt -f $ADObject.SamAccountName, $ADObject.DisplayName, $ADObject.$Attribute), "Edit $($ObjectType)'s $($Attribute)", $ADObject.$Attribute)).Trim()
		If ([string]::IsNullOrEmpty($NewValue)) {	## Might be 'Cancel' or indeed an empty string an OK; the value returned by InputBox will be an empty string either way!
			Write-Verbose "Action canceled."
		} ElseIf ($NewValue -eq $ADObject.$Attribute) {
			Write-Verbose "Attribute '$($Attribute)' was not changed from its original value '$($ADObject.$Attribute)'."
		} Else {
			Write-Verbose "Attribute '$($Attribute)' was changed from '$($ADObject.$Attribute)' to '$($NewValue)'."
			If ($NewValue -eq '<none>') {
				Write-Verbose "Clearing attribute '$($Attribute)' on AD $($ObjectType) '$($ADObject.DistinguishedName)'"
				$SuccessMessage = "Successfully cleared attribute '$($Attribute)' on AD $($ObjectType) '$($ADObject.DistinguishedName)'"
				$ADObjectArgs['Clear'] = $Attribute
			} Else {
				Write-Verbose "Setting attribute '$($Attribute)' to new value '$($NewValue)' on AD $($ObjectType) '$($ADObject.DistinguishedName)'"
				$SuccessMessage = "Successfully changed attribute '$($Attribute)' to new value '$($NewValue)' on AD $($ObjectType) '$($ADObject.DistinguishedName)'"
				$ADObjectArgs['Replace'] = @{$Attribute = $NewValue}
			}
			Set-ADObject @ADObjectArgs
			If ($SuccessNotification) {
				Write-Verbose "Waiting for user confirmation of the GUI popup ..."
				[void][Microsoft.VisualBasic.Interaction]::MsgBox($SuccessMessage, [Microsoft.VisualBasic.MsgBoxStyle]::Information, "$($ScriptBaseName): Success")
			}
		}
	} Catch {
		Add-Type -AssemblyName 'Microsoft.VisualBasic'
		Write-Verbose "Waiting for user confirmation of the GUI popup ..."
		[void][Microsoft.VisualBasic.Interaction]::MsgBox($_.Exception.Message, [Microsoft.VisualBasic.MsgBoxStyle]::Critical, "$($ScriptBaseName): ERROR")
		Exit 1
	}
} Else {
	Try {
		Import-Module -Name ActiveDirectory -Function Get-ADDomain, Get-ADObject, Set-ADObject -Verbose:$false
		$LCIDHex = [Convert]::ToString($LCID, 16)
		$DomainDN = (Get-ADDomain).DistinguishedName
		$BatchStub = $ScriptBaseName + '.cmd'
		$ADObjectArgs = @{}
		If ($Server) {
			$ADObjectArgs['Server'] = $Server
		}
		$DisplaySpecifier = Get-ADObject @ADObjectArgs -Identity "CN=$($ObjectType)-Display,CN=$($LCIDHex),CN=DisplaySpecifiers,CN=Configuration,$($DomainDN)" -Properties adminContextMenu
		
		Switch ($PSCmdlet.ParameterSetName) {
			'Register' {
				If (-not $ScriptPath.StartsWith('\\')) {
					$LogicalDisk = Get-WmiObject -ClassName Win32_LogicalDisk -Filter "DeviceID='$([System.IO.Path]::GetPathRoot($ScriptPath).TrimEnd('\'))'"
					If ($LogicalDisk.DriveType -eq '4') {	## Network drive
						$ScriptPath = Join-Path -Path $LogicalDisk.ProviderName -ChildPath (Split-Path -Path $ScriptPath -NoQualifier)
						Write-Verbose "Resolved script path on network drive '$($LogicalDisk.DeviceID)' to UNC path '$($ScriptPath)'"
					} Else {
						Write-Warning "'$($ScriptPath)' is a local path; this script AND the cmd file created by this function must be installed in this exact location on every machine where ADUC will be used!"
					}
				}
				$NewRegistration = Get-Registration -DisplaySpecifier $DisplaySpecifier | Where-Object {$_.CommandFile -ne $BatchStub}
				$NewIndex = 1 + ($NewRegistration | Measure-Object -Property Order -Maximum).Maximum
				$NewCommand = Join-Path -Path ([System.IO.Path]::GetDirectoryName($ScriptPath)) -ChildPath $BatchStub
				$NewEntry = $NewIndex, $ContextMenu, $NewCommand -join ','
				$NewList = @($NewRegistration | Select-Object -ExpandProperty Raw) + $NewEntry
				If ($PSCmdlet.ShouldProcess("ADUC Context Menu for '$($DisplaySpecifier.Name)' in LCID $($LCID) (0x$($LCIDHex))", "Add entry '$($NewEntry)'")) {
					Write-Verbose "Writing new batch stub '$($NewCommand)'"
					New-BatchStub -Path $NewCommand -WindowStyle $PSWindowStyle -SuccessNotification:$SuccessNotification
					Write-Verbose "Setting AD Object '$($DisplaySpecifier.DistinguishedName)'"
					Set-ADObject @ADObjectArgs -Identity $DisplaySpecifier.DistinguishedName -Replace @{'adminContextMenu' = [string[]]$NewList} -WhatIf:$false -Confirm:$false
				}
			}
			'ShowRegistration' {
				Get-Registration -DisplaySpecifier $DisplaySpecifier | Sort-Object -Property Order
			}
			'Unregister' {
				$NewList = @()
				$RemoveList = @()
				Get-Registration -DisplaySpecifier $DisplaySpecifier | ForEach-Object {
					If ($_.CommandFile -eq $BatchStub) {
						Write-Verbose "Removing '$($_.Raw)'"
						$RemoveList += $_.Raw
					} Else {
						Write-Verbose "Keeping '$($_.Raw)'"
						$NewList += $_.Raw
					}
				}
				If ($RemoveList) {
					If ($PSCmdlet.ShouldProcess("ADUC Context Menu for '$($DisplaySpecifier.Name)' in LCID $LCID (0x$($LCIDHex))", "Remove entries '$($RemoveList -join "'; '")'")) {
						Write-Verbose "Setting AD Object '$($DisplaySpecifier.DistinguishedName)'"
						If ($NewList.Count -eq 0) {
							$ADObjectArgs['Clear'] = 'adminContextMenu'
						} Else {
							$ADObjectArgs['Replace'] = @{'adminContextMenu' = [string[]]$NewList}
						}
						Set-ADObject @ADObjectArgs -Identity $DisplaySpecifier.DistinguishedName -WhatIf:$false -Confirm:$false
					}
				} Else {
					Write-Verbose "No registration for this script found."
				}
			}
		}
	} Catch {
		Throw
	}
}
## endregion Main ################################################################################

Open in new window

0
Kevin StanushApplication DeveloperCommented:
Here is how its done using Hyena:

https://www.youtube.com/watch?v=1ONAhKyB61g

If you skip ahead to 2:20 into the video, you can see the employee ID added to the query, and shortly later the view is refreshed to show it.  The point isn't how easy it is to add the employee ID, but rather ANY directory attribute, to ANY AD results. Adding any attribute to an existing view takes about 2-3 seconds and does not modify anything on any server or in the directory.
0
oBdACommented:
Sorry, but I do not concur with the suggested close request.
yo_bee's comment #a42441970 ("You cannot do this via the ADUC unless you access the Attribute Editor Tab.") does not apply - you can do this, see my comment at #a42443890
Pete Long's comment #a42442406 (link to an article "Creating Custom Active Directory Attributes") is about extending the AD schema.

xchiazyx explicitly asked about

it's like showing the attribute Employee ID when you right click on user account properties in AD

My script at #a42443890 provides exactly that, using a mechanism documented since the first AD version in Windows 2000.
Step-by-Step Guide to Using Active Directory Schema and Display Specifiers
https://msdn.microsoft.com/en-us/library/bb727064.aspx

Registering the script:
PS C:\PS> & "\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.ps1" -Register -Verbose
VERBOSE: Performing the operation "Add entry '2,Employee ID ...,\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.cmd'" on target "ADUC Context Menu for
'user-Display' in LCID 1033 (0x409)".
VERBOSE: Writing new batch stub '\\acme.com\netlogon\ADUC\Set-ADUCEmployeeID.cmd'
VERBOSE: Setting AD Object 'CN=User-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=acme,DC=com'
PS C:\PS>

Open in new window

Result in the ADUC console:
Context MenuEdit Dialog
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
Mine solves the issue much better bud your script this time is too large and the attribute is already on ad. But we'll see haha
0
yo_beeDirector of Information TechnologyCommented:
I would like to comment on a couple of things here.
@Jose: that is a bias decision.  I do not think that you should be able to close a question and give you the most points.  Not saying it is not a solution, but it just a bias action.

@OBda
Not sure how my comment is not viable.  The question being asked for the ability to edit Employee ID attribute is not do it in ADUC and not Powershell, but I do agree that your solution is the best of the bunch and not Jose.  If anything Jose gave a solution that the Asker seem to try and avoid.
0
Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
I just can't think for the asker I just answer what I'd do, I'm not trying to be "bias" or whatever that means.
0
yo_beeDirector of Information TechnologyCommented:
Quoted from the question.

it's like showing the attribute Employee ID when you right click on user account properties in AD, not too sure about if it's the correct method though. appreciate if anyone here has the experience or knowledge can kindly assist me on.

As OBDa highlight his option is the one that seems to give the user the closest desired results
0
oBdACommented:
yo_bee,
because your main claim was that it could only be done by scripting or a custom GUI, and "You cannot do this via the ADUC unless you access the Attribute Editor Tab.".
Admittedly, I'm actually doing this with a script, but the setup aside, it's pretty well hidden and works transparently from the ADUC.

Jose,
Mine solves the issue much better bud your script this time is too large and the attribute is already on ad
xchiazyx's issue is "saw ppl post using PowerShell and using script method but I am not confident on this", and he was looking for an ADUC solution, so two scripting examples - one of which not even working, btw. - are IMHO not really a "better" solution, sorry.
0
Jose Gabriel Ortega CastroEE Solution Guide - CEO Faru Bonon ITCommented:
I tested both, and were working :)
what is IMHO?
Whatever guys this is just a question lol why so much discussion?
I think we all try to answer the best way possible if it's correct or not if he takes or not is his business, not ours to think for him.
 haha, he abandoned it and is not even a high priority if you are harvesting points and lately if he wants or not to do the scripting he can decide by himself, at least that what I think and I close it because I consider that my answer is the better, if you disagree that's fine this is a free forum :)
0
xchiazyxAuthor Commented:
Hi All,

Many thanks for the kind support much appreciate for the time to reply to this question.

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.