Create Custom Attribute - Active Directory

-
In this post i will show you how to create custom attribute in Active Directory and assign in to User class

  •  Before create custom attribute you need to log in to Server using Administrative login.Not regular admin it has to be Schema Admin. Otherwise all the option will be disabled.(If you need to add Schema Admin privileges, follow below steps.)
    • Log in to user as an Administrator.
    • Open Server Manger. Then Tools > Active Directory Users and Computers.
    • Then Select Your Domain > Users and select user. 
    • Then right click on user > Properties 
    • Select Member of tab in properties window  > Add > Advanced 
    • And type Schema Admin on start with common query. then hit find now button (below screenshot)
                       

    • Then Select Schema Admin on search result. Hit OK > then OK again.
    • Now you can create or edit attribute properties.
  • Then you have to installation of Active Directory Schema Snap-In. for that,
    • Open run.exe as administrator and run regsvr32 schmmgmt.dll command

  • Other requirement for creating custom attribute is Unique X500 Object ID. For assign that ID you need to find Root OID in your Server. In that case you need to complete following steps.
    • Open new text file and paste following script to text file. And save it as origin.vbs (Remember, in .vbs Extension). It is visual basic script.
    • Open command prompt as Administrator and run the following origin.vbs file
 ' oidgen.vbs   
 '   
 ' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED   
 ' OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR   
 ' FITNESS FOR A PARTICULAR PURPOSE.   
 '   
 ' Copyright (c) Microsoft Corporation. All rights reserved   
 '   
 ' This script is not supported under any Microsoft standard support program or service.   
 ' The script is provided AS IS without warranty of any kind. Microsoft further disclaims all   
 ' implied warranties including, without limitation, any implied warranties of merchantability   
 ' or of fitness for a particular purpose. The entire risk arising out of the use or performance   
 ' of the scripts and documentation remains with you. In no event shall Microsoft, its authors,   
 ' or anyone else involved in the creation, production, or delivery of the script be liable for   
 ' any damages whatsoever (including, without limitation, damages for loss of business profits,   
 ' business interruption, loss of business information, or other pecuniary loss) arising out of   
 ' the use of or inability to use the script or documentation, even if Microsoft has been advised   
 ' of the possibility of such damages.   
 ' ----------------------------------------------------------------------   
 Function GenerateOID()   
   'Initializing Variables   
   Dim guidString, oidPrefix   
   Dim guidPart0, guidPart1, guidPart2, guidPart3, guidPart4, guidPart5, guidPart6   
   Dim oidPart0, oidPart1, oidPart2, oidPart3, oidPart4, oidPart5, oidPart6   
   On Error Resume Next   
   'Generate GUID   
   Set TypeLib = CreateObject("Scriptlet.TypeLib")   
   guidString = TypeLib.Guid   
   'If no network card is available on the machine then generating GUID can result with an error.   
   If Err.Number <> 0 Then   
     Wscript.Echo "ERROR: Guid could not be generated, please ensure machine has a network card."   
     Err.Clear   
     WScript.Quit   
   End If   
   'Stop Error Resume Next   
   On Error GoTo 0   
   'The Microsoft OID Prefix used for the automated OID Generator   
   oidPrefix = "1.2.840.113556.1.8000.2554"   
   'Split GUID into 6 hexadecimal numbers   
   guidPart0 = Trim(Mid(guidString, 2, 4))   
   guidPart1 = Trim(Mid(guidString, 6, 4))   
   guidPart2 = Trim(Mid(guidString, 11, 4))   
   guidPart3 = Trim(Mid(guidString, 16, 4))   
   guidPart4 = Trim(Mid(guidString, 21, 4))   
   guidPart5 = Trim(Mid(guidString, 26, 6))   
   guidPart6 = Trim(Mid(guidString, 32, 6))   
   'Convert the hexadecimal to decimal   
   oidPart0 = CLng("&H" & guidPart0)   
   oidPart1 = CLng("&H" & guidPart1)   
   oidPart2 = CLng("&H" & guidPart2)   
   oidPart3 = CLng("&H" & guidPart3)   
   oidPart4 = CLng("&H" & guidPart4)   
   oidPart5 = CLng("&H" & guidPart5)   
   oidPart6 = CLng("&H" & guidPart6)   
   'Concatenate all the generated OIDs together with the assigned Microsoft prefix and return   
   GenerateOID = oidPrefix & "." & oidPart0 & "." & oidPart1 & "." & oidPart2 & "." & oidPart3 & _   
     "." & oidPart4 & "." & oidPart5 & "." & oidPart6   
 End Function   
 'Output the resulted OID with best practice info   
 Wscript.Echo "Your root OID is: " & VBCRLF & GenerateOID & VBCRLF & VBCRLF & VBCRLF & _   
   "This prefix should be used to name your schema attributes and classes. For example: " & _   
   "if your prefix is ""Microsoft"", you should name schema elements like ""microsoft-Employee-ShoeSize"". " & _   
   "For more information on the prefix, view the Schema Naming Rules in the server " & _   
   "Application Specification (http://www.microsoft.com/windowsserver2003/partners/isvs/appspec.mspx)." & _   
   VBCRLF & VBCRLF & _   
   "You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may " & _   
   "be any number that you choose. A common schema extension scheme generally uses the following structure:" & VBCRLF & _   
   "If your assigned OID was: 1.2.840.113556.1.8000.2554.999999" & VBCRLF & VBCRLF & _   
   "then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 " & VBCRLF & _   
   "which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1" & VBCRLF & _   
   "the second class OID: 1.2.840.113556.1.8000.2554.999999.1.2   etc..." & VBCRLF & VBCRLF & _   
   "Using this example attributes could be under: 1.2.840.113556.1.8000.2554.999999.2 " & VBCRLF & _   
   "which makes the first attribute OID: 1.2.840.113556.1.8000.2554.999999.2.1 " & VBCRLF & _   
   "the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2   etc..." & VBCRLF & VBCRLF & _   
    "Here are some other useful links regarding AD schema:" & VBCRLF & _   
   "Understanding AD Schema" & VBCRLF & _   
   "http://technet2.microsoft.com/WindowsServer/en/Library/b7b5b74f-e6df-42f6-a928-e52979a512011033.mspx " & _   
   VBCRLF & VBCRLF & _   
   "Developer documentation on AD Schema:" & VBCRLF & _   
   "http://msdn2.microsoft.com/en-us/library/ms675085.aspx " & VBCRLF & VBCRLF & _   
   "Extending the Schema" & VBCRLF & _   
   "http://msdn2.microsoft.com/en-us/library/ms676900.aspx " & VBCRLF & VBCRLF & _   
   "Step-by-Step Guide to Using Active Directory Schema and Display Specifiers " & VBCRLF & _   
   "http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx " & _   
   VBCRLF & VBCRLF & _   
   "Troubleshooting AD Schema " & VBCR & _   
   "http://technet2.microsoft.com/WindowsServer/en/Library/6008f7bf-80de-4fc0-ae3e-51eda0d7ab651033.mspx " & _   
   VBCRLF & VBCRLF



    • It will popup you root id ad follows

    • You need to write down root OID for in above message.
    • Now you have all the things that you need to create custom attribute 
  • Now open run.exe and enter mmc.exe then it will open server console manager.
  • Now File > Add/Remove Snap-in.
  • Then click Active Directory Schema on left side menu and click “Add”.
  • Then hit OK.
  • Expand Active Directory Schema
  • Right click on Attributes > Create Attribute. (It Will disable if you are not a Schema Admin.(Top Section Of the Post)).

  • It will show you WARNING message. Read it carefully and hit Continue.
  • Then you can fill out all the details as you want, except Unique X500 Object ID
    • For this ID you need to copy root ID that we generate in previous step and append sequence to that. you can find more details on the root ID message popup.
    • EX : 34.23423.234234.234234.234234.23523.1.1, .............1.2 .............1.3 .............1.4
  • Syntax is basically for select the type of  attribute.
  • Also you can select Multi-Value Attribute option. this will hold multiple values and you can query those values as and array when your are working with code. (I will explain in later post, how to read multi value attributes with c#)
  • Hit OK.
  • Now it will appear on Attributes and you can assign the attribute for any class. 
  • For that Click on Classes and select class that you want to add newly created custom attribute.
  • Then right click on class > properties
  • Select Attribute > Add > select new attribute > click OK.
  • Apply > OK







  • Now it is available. (In this case User Properties).
  • To enter values go to Server Manager > Tools > Active Directory Users and Computers.
  • Go to View in menu bar > click Advanced Features.
  • Now select user that you want to add values to new attribute > properties.
  • Select Attribute Editor tab. New attribute will be on the list 



  • Select your new attribute for enter values.
  • In late post i will explain. how to read value / multi value attributes with c#
  • Enjoy

Comments

Post a Comment

Popular posts from this blog

Create Simple Web API 2 Project in few minutes - .NET Framework - Tutorial NO. 01

-
Image
In the first tutorial in this series, I will show you how to create simple Web API project You can download the sample project file in here . Download "SimpleWebAPI"sample project Open visual studio in your PC.  For this tutorial i will use Visual Studio 2017. Go to File >  New > Project  And Select Installed > Visual C# > Web > ASP.NET Web Application (.NET Framework) Name your project as "SimpleWebAPI". Then choose file location to save your solution and click OK. Next step is select template for your project. For this tutorial i will create project without using any built in content like MVC or Web Forms project. Select Empty project template and select Web API for core reference. (See image below) Then Click OK. Than Visual Studio will create solution with your project. It include files in following image For first tutorial, I will create simple Web API 2 controller For than Right Click on "Controll
Read more

ASP.NET Identity With Oracle Database

-
Image
In this topic i will try to give you some idea about using ASP.NET identity with Oracle Database for our MVC applications. At the beginning, I have done some research about suing identity with Oracle DB. There few useful articles i found, but not with complete details. Today i will try to cover most of the steps in this article. Below script include identity tables for Oracle DB. You can find some scripts on the internet, but here my good friend (DB guy) at one of my work place, taught me to recreate those scripts in a better way for Oracle DB. You can run those scripts in your DB. (If you have any problems running this scripts, let me know in the comment section). CREATE TABLE incapp.AspNetRoles ( Id VARCHAR2(128) NOT NULL, Name VARCHAR2(256) NOT NULL ) pctfree 20 pctused 70 tablespace INCTBL; create unique index incapp.pk_aspnetroles on incapp.AspNetRoles ( id ) pctfree 10 tablespace incidx; alter table incapp.AspNetRoles add ( constraint pk_asp
Read more

Catch Database Exceptions - DbEntityValidationException - Entity Framework

-
Catch Database Exceptions - DbEntityValidationException - Entity Framework  (C#,.NET) When you developing .net application with C#, EntityFramework you may get " Validation failed for one or more entities " error sometimes. With this error you can't find exact error or entity field directly. you may have to do some extra work for that. I am using following simple code for simply find error field. This is straightforward and very very small code. We can catch our database exseptions Using  DbEntityValidationException (Under namespace System.Data.Entity.Validation)   in EntityFramework. Im using EntityFramework.6.x. It is also available in EntityFramework 5.x. In here i am writing my exceptions in to text file in my C: drive ( C:\Shared\Error.txt ) Remember you have to give proper permissions for C: drive if you want to write data into text file. I am here i am using this for simplicity and tutorial purpose. try { //Your database operations. } c
Read more