Create Custom Attribute - Active Directory

In this post i will show you how to create custom attribute in Active Directory and assign in to User class

  •  Before create custom attribute you need to log in to Server using Administrative login.Not regular admin it has to be Schema Admin. Otherwise all the option will be disabled.(If you need to add Schema Admin privileges, follow below steps.)
    • Log in to user as an Administrator.
    • Open Server Manger. Then Tools > Active Directory Users and Computers.
    • Then Select Your Domain > Users and select user. 
    • Then right click on user > Properties 
    • Select Member of tab in properties window  > Add > Advanced 
    • And type Schema Admin on start with common query. then hit find now button (below screenshot)
                       

    • Then Select Schema Admin on search result. Hit OK > then OK again.
    • Now you can create or edit attribute properties.
  • Then you have to installation of Active Directory Schema Snap-In. for that,
    • Open run.exe as administrator and run regsvr32 schmmgmt.dll command

  • Other requirement for creating custom attribute is Unique X500 Object ID. For assign that ID you need to find Root OID in your Server. In that case you need to complete following steps.
    • Open new text file and paste following script to text file. And save it as origin.vbs (Remember, in .vbs Extension). It is visual basic script.
    • Open command prompt as Administrator and run the following origin.vbs file
 ' oidgen.vbs   
 '   
 ' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED   
 ' OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR   
 ' FITNESS FOR A PARTICULAR PURPOSE.   
 '   
 ' Copyright (c) Microsoft Corporation. All rights reserved   
 '   
 ' This script is not supported under any Microsoft standard support program or service.   
 ' The script is provided AS IS without warranty of any kind. Microsoft further disclaims all   
 ' implied warranties including, without limitation, any implied warranties of merchantability   
 ' or of fitness for a particular purpose. The entire risk arising out of the use or performance   
 ' of the scripts and documentation remains with you. In no event shall Microsoft, its authors,   
 ' or anyone else involved in the creation, production, or delivery of the script be liable for   
 ' any damages whatsoever (including, without limitation, damages for loss of business profits,   
 ' business interruption, loss of business information, or other pecuniary loss) arising out of   
 ' the use of or inability to use the script or documentation, even if Microsoft has been advised   
 ' of the possibility of such damages.   
 ' ----------------------------------------------------------------------   
 Function GenerateOID()   
   'Initializing Variables   
   Dim guidString, oidPrefix   
   Dim guidPart0, guidPart1, guidPart2, guidPart3, guidPart4, guidPart5, guidPart6   
   Dim oidPart0, oidPart1, oidPart2, oidPart3, oidPart4, oidPart5, oidPart6   
   On Error Resume Next   
   'Generate GUID   
   Set TypeLib = CreateObject("Scriptlet.TypeLib")   
   guidString = TypeLib.Guid   
   'If no network card is available on the machine then generating GUID can result with an error.   
   If Err.Number <> 0 Then   
     Wscript.Echo "ERROR: Guid could not be generated, please ensure machine has a network card."   
     Err.Clear   
     WScript.Quit   
   End If   
   'Stop Error Resume Next   
   On Error GoTo 0   
   'The Microsoft OID Prefix used for the automated OID Generator   
   oidPrefix = "1.2.840.113556.1.8000.2554"   
   'Split GUID into 6 hexadecimal numbers   
   guidPart0 = Trim(Mid(guidString, 2, 4))   
   guidPart1 = Trim(Mid(guidString, 6, 4))   
   guidPart2 = Trim(Mid(guidString, 11, 4))   
   guidPart3 = Trim(Mid(guidString, 16, 4))   
   guidPart4 = Trim(Mid(guidString, 21, 4))   
   guidPart5 = Trim(Mid(guidString, 26, 6))   
   guidPart6 = Trim(Mid(guidString, 32, 6))   
   'Convert the hexadecimal to decimal   
   oidPart0 = CLng("&H" & guidPart0)   
   oidPart1 = CLng("&H" & guidPart1)   
   oidPart2 = CLng("&H" & guidPart2)   
   oidPart3 = CLng("&H" & guidPart3)   
   oidPart4 = CLng("&H" & guidPart4)   
   oidPart5 = CLng("&H" & guidPart5)   
   oidPart6 = CLng("&H" & guidPart6)   
   'Concatenate all the generated OIDs together with the assigned Microsoft prefix and return   
   GenerateOID = oidPrefix & "." & oidPart0 & "." & oidPart1 & "." & oidPart2 & "." & oidPart3 & _   
     "." & oidPart4 & "." & oidPart5 & "." & oidPart6   
 End Function   
 'Output the resulted OID with best practice info   
 Wscript.Echo "Your root OID is: " & VBCRLF & GenerateOID & VBCRLF & VBCRLF & VBCRLF & _   
   "This prefix should be used to name your schema attributes and classes. For example: " & _   
   "if your prefix is ""Microsoft"", you should name schema elements like ""microsoft-Employee-ShoeSize"". " & _   
   "For more information on the prefix, view the Schema Naming Rules in the server " & _   
   "Application Specification (http://www.microsoft.com/windowsserver2003/partners/isvs/appspec.mspx)." & _   
   VBCRLF & VBCRLF & _   
   "You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may " & _   
   "be any number that you choose. A common schema extension scheme generally uses the following structure:" & VBCRLF & _   
   "If your assigned OID was: 1.2.840.113556.1.8000.2554.999999" & VBCRLF & VBCRLF & _   
   "then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 " & VBCRLF & _   
   "which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1" & VBCRLF & _   
   "the second class OID: 1.2.840.113556.1.8000.2554.999999.1.2   etc..." & VBCRLF & VBCRLF & _   
   "Using this example attributes could be under: 1.2.840.113556.1.8000.2554.999999.2 " & VBCRLF & _   
   "which makes the first attribute OID: 1.2.840.113556.1.8000.2554.999999.2.1 " & VBCRLF & _   
   "the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2   etc..." & VBCRLF & VBCRLF & _   
    "Here are some other useful links regarding AD schema:" & VBCRLF & _   
   "Understanding AD Schema" & VBCRLF & _   
   "http://technet2.microsoft.com/WindowsServer/en/Library/b7b5b74f-e6df-42f6-a928-e52979a512011033.mspx " & _   
   VBCRLF & VBCRLF & _   
   "Developer documentation on AD Schema:" & VBCRLF & _   
   "http://msdn2.microsoft.com/en-us/library/ms675085.aspx " & VBCRLF & VBCRLF & _   
   "Extending the Schema" & VBCRLF & _   
   "http://msdn2.microsoft.com/en-us/library/ms676900.aspx " & VBCRLF & VBCRLF & _   
   "Step-by-Step Guide to Using Active Directory Schema and Display Specifiers " & VBCRLF & _   
   "http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx " & _   
   VBCRLF & VBCRLF & _   
   "Troubleshooting AD Schema " & VBCR & _   
   "http://technet2.microsoft.com/WindowsServer/en/Library/6008f7bf-80de-4fc0-ae3e-51eda0d7ab651033.mspx " & _   
   VBCRLF & VBCRLF   



    • It will popup you root id ad follows

    • You need to write down root OID for in above message.
    • Now you have all the things that you need to create custom attribute 
  • Now open run.exe and enter mmc.exe then it will open server console manager.
  • Now File > Add/Remove Snap-in.
  • Then click Active Directory Schema on left side menu and click “Add”.
  • Then hit OK.
  • Expand Active Directory Schema
  • Right click on Attributes > Create Attribute. (It Will disable if you are not a Schema Admin.(Top Section Of the Post)).

  • It will show you WARNING message. Read it carefully and hit Continue.
  • Then you can fill out all the details as you want, except Unique X500 Object ID
    • For this ID you need to copy root ID that we generate in previous step and append sequence to that. you can find more details on the root ID message popup.
    • EX : 34.23423.234234.234234.234234.23523.1.1, .............1.2 .............1.3 .............1.4
  • Syntax is basically for select the type of  attribute.
  • Also you can select Multi-Value Attribute option. this will hold multiple values and you can query those values as and array when your are working with code. (I will explain in later post, how to read multi value attributes with c#)
  • Hit OK.
  • Now it will appear on Attributes and you can assign the attribute for any class. 
  • For that Click on Classes and select class that you want to add newly created custom attribute.
  • Then right click on class > properties
  • Select Attribute > Add > select new attribute > click OK.
  • Apply > OK







  • Now it is available. (In this case User Properties).
  • To enter values go to Server Manager > Tools > Active Directory Users and Computers.
  • Go to View in menu bar > click Advanced Features.
  • Now select user that you want to add values to new attribute > properties.
  • Select Attribute Editor tab. New attribute will be on the list 



  • Select your new attribute for enter values.
  • In late post i will explain. how to read value / multi value attributes with c#
  • Enjoy

Comments

Popular posts from this blog

ASP.NET Identity With Oracle Database

Catch Database Exceptions - DbEntityValidationException - Entity Framework