MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Active Directory: Creating Custom Attribute

When you have to allow 3rd party for use LDAPS and run some queries then we might need to create new attributes.

So here we go with the steps of creating Custom Attribute in Active Directory.

 

  • Register Schema DLL

Open Command prompt using an elevated prompt then run the following command:

regsvr32 schmmgmt.dll


 

  • Assign Schema Admin to your account, then log off and login in else you can’t create new schema attribute.

 

  • Open MMC and add Active Directory Schema MMC



 

============================================================================================================

‘ oidgen.vbs


‘ THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED

‘ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR

‘ FITNESS FOR A PARTICULAR PURPOSE.


‘ Copyright (c) Microsoft Corporation. All rights reserved


‘ This script is not supported under any Microsoft standard support program or service.

‘ The script is provided AS IS without warranty of any kind. Microsoft further disclaims all

‘ implied warranties including, without limitation, any implied warranties of merchantability

‘ or of fitness for a particular purpose. The entire risk arising out of the use or performance

‘ of the scripts and documentation remains with you. In no event shall Microsoft, its authors,

‘ or anyone else involved in the creation, production, or delivery of the script be liable for

‘ any damages whatsoever (including, without limitation, damages for loss of business profits,

‘ business interruption, loss of business information, or other pecuniary loss) arising out of

‘ the use of or inability to use the script or documentation, even if Microsoft has been advised

‘ of the possibility of such damages.

‘ ———————————————————————-

Function GenerateOID()

‘Initializing Variables

Dim guidString, oidPrefix

Dim guidPart0, guidPart1, guidPart2, guidPart3, guidPart4, guidPart5, guidPart6

Dim oidPart0, oidPart1, oidPart2, oidPart3, oidPart4, oidPart5, oidPart6

On Error Resume Next

‘Generate GUID

Set TypeLib = CreateObject(“Scriptlet.TypeLib”)

guidString = TypeLib.Guid

‘If no network card is available on the machine then generating GUID can result with an error.

If Err.Number <> 0 Then

Wscript.Echo “ERROR: Guid could not be generated, please ensure machine has a network card.”

Err.Clear

WScript.Quit

End If

‘Stop Error Resume Next

On Error GoTo 0

‘The Microsoft OID Prefix used for the automated OID Generator

oidPrefix = “1.2.840.113556.1.8000.2554”

‘Split GUID into 6 hexadecimal numbers

guidPart0 = Trim(Mid(guidString, 2, 4))

guidPart1 = Trim(Mid(guidString, 6, 4))

guidPart2 = Trim(Mid(guidString, 11, 4))

guidPart3 = Trim(Mid(guidString, 16, 4))

guidPart4 = Trim(Mid(guidString, 21, 4))

guidPart5 = Trim(Mid(guidString, 26, 6))

guidPart6 = Trim(Mid(guidString, 32, 6))

‘Convert the hexadecimal to decimal

oidPart0 = CLng(“&H” & guidPart0)

oidPart1 = CLng(“&H” & guidPart1)

oidPart2 = CLng(“&H” & guidPart2)

oidPart3 = CLng(“&H” & guidPart3)

oidPart4 = CLng(“&H” & guidPart4)

oidPart5 = CLng(“&H” & guidPart5)

oidPart6 = CLng(“&H” & guidPart6)

‘Concatenate all the generated OIDs together with the assigned Microsoft prefix and return

GenerateOID = oidPrefix & “.” & oidPart0 & “.” & oidPart1 & “.” & oidPart2 & “.” & oidPart3 & _

“.” & oidPart4 & “.” & oidPart5 & “.” & oidPart6

End Function

Function WriteOIDToFile(oid)

Set fsoObj = CreateObject(“Scripting.FileSystemObject”)

outFile = “C:\temp\oid.txt”

Set objFile = fsoObj.CreateTextFile(outFile, True)

objFile.Write oid

objFile.Close

End Function

newOID = GenerateOID

WriteOIDToFile(newOID)

‘Output the resulted OID with best practice info

Wscript.Echo “Your root OID is: ” & VBCRLF & newOID & VBCRLF & VBCRLF & VBCRLF & _

“And has been saved to oid.txt in the current directory. This prefix should be used to name your schema attributes and classes. For example: ” & _

“if your prefix is “”Microsoft””, you should name schema elements like “”microsoft-Employee-ShoeSize””. ” & _

“For more information on the prefix, view the Schema Naming Rules in the server ” & _

“Application Specification (http://www.microsoft.com/windowsserver2003/partners/isvs/appspec.mspx).” & _

VBCRLF & VBCRLF & _

“You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may ” & _

“be any number that you choose. A common schema extension scheme generally uses the following structure:” & VBCRLF & _

“If your assigned OID was: 1.2.840.113556.1.8000.2554.999999” & VBCRLF & VBCRLF & _

“then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 ” & VBCRLF & _

“which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1” & VBCRLF & _

“the second class OID: 1.2.840.113556.1.8000.2554.999999.1.2 etc…” & VBCRLF & VBCRLF & _

“Using this example attributes could be under: 1.2.840.113556.1.8000.2554.999999.2 ” & VBCRLF & _

“which makes the first attribute OID: 1.2.840.113556.1.8000.2554.999999.2.1 ” & VBCRLF & _

“the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2 etc…” & VBCRLF & VBCRLF & _

“Here are some other useful links regarding AD schema:” & VBCRLF & _

“Understanding AD Schema” & VBCRLF & _

“http://technet2.microsoft.com/WindowsServer/en/Library/b7b5b74f-e6df-42f6-a928-e52979a512011033.mspx ” & _

VBCRLF & VBCRLF & _

“Developer documentation on AD Schema:” & VBCRLF & _

“http://msdn2.microsoft.com/en-us/library/ms675085.aspx ” & VBCRLF & VBCRLF & _

“Extending the Schema” & VBCRLF & _

“http://msdn2.microsoft.com/en-us/library/ms676900.aspx ” & VBCRLF & VBCRLF & _

“Step-by-Step Guide to Using Active Directory Schema and Display Specifiers ” & VBCRLF & _

“http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx ” & _

VBCRLF & VBCRLF & _

“Troubleshooting AD Schema ” & VBCR & _

“http://technet2.microsoft.com/WindowsServer/en/Library/6008f7bf-80de-4fc0-ae3e-51eda0d7ab651033.mspx ” & _

VBCRLF & VBCRLF

====================================================================

 

  • Run the vbs file and it will give you the following output file.

 

  • In the Active Directory Schema, right click on attributes and select Create Attribute.


    You will get the following warning, click continue here. Read the warning clearly: you can’t delete the attribute. The only way to revert back is restoring system state backup.

    

 

  • Now fill the following fields as per your requirement. Main value is X.500 OID which was generated in the previous step.


  • Once you will click ok, you will see the object created under the attributes.

 

  • Now assign the Attribute to the Class like I am adding to user class by going to the properties of User Class.

 


 

  • Click on Add à select attribute which you wanted to add and click ok then apply then ok.

 

  • Now we have to the update the schema so open Adsiedit then connect to schema partition. Right click on Schema and select “Update Schema Now”.


This end the attribute creation and assignment.

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru

2 Responses to “Active Directory: Creating Custom Attribute”

  1. najib trek Says:

    We had to restart the domain controller so the attribute would be visible.
    After restarting ad service / update schema the attribute didnt show up.

  2. Prabhat Nigam Says:

    Probably an old restart was due.

Leave a Reply

Categories

Archives

MSExchangeGuru.com