none
List all new 'attributeID' from schema extension

    Question

  • Hi, I need to extend schema & add some new attributes and classes.  In order to do this, I need to append to 2.x & 1.x respectively on my new objects.  I dont want to overwrite (if thats possible) or conflict with another new attribute/class that were previously added.  How can I see for Attribute, what the next number would be (2.12 for example) and likewise for Class?

    #Attribute definition for contosoEmpShoe
    
    dn: CN=contosoEmpShoe,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: top
    objectClass: attributeSchema
    cn: contosoEmpShoe
    attributeID: 1.2.840.113556.1.8000.9999.2.x  --- I cant assume '1' in this environment, where am I at?
    attributeSyntax: 2.5.5.12
    isSingleValued: TRUE
    adminDisplayName: contosoEmpShoe
    adminDescription: contosoEmpShoe
    oMSyntax: 64
    searchFlags: 1
    lDAPDisplayName: contosoEmpShoe
    systemOnly: FALSE

    Thank you in Advance

    Chad

    Monday, December 5, 2016 5:36 PM

Answers

  • Pretty happy with the evolution of the script, thought Id share...

    # GET ALL SCHEMA ATTRIBUTES & CLASSES DIRECTLY FROM SCHEMA
    # PREFERRED METHOD, FASTER, NO TXT FILES

    $ErrorActionPreference = "silentlyContinue"

    $schemaPath = (Get-ADRootDSE).schemaNamingContext
    $rootOID = "1.2.840.113556.1.8000.2554.9999.99999.9999.99999.99999.99999999.99999999"

    Get-ADObject -filter * -SearchBase $schemaPath -properties attributeID,governsID | where {$_.attributeID -like "$rootOID.2*"  -or $_.governsID -like "$rootOID.1*"} | sort name | fl name, governsID, attributeID

    Tuesday, December 6, 2016 6:25 PM

All replies

  • I would use dsquery *, perhaps similar to:

    dsquery * "cn=Schema,cn=Configuration,dc=MyDomain,dc=com" -Filter "(&(objectCategory=attributeSchema)(attributeID=1.2.840.113556.1.8000.9999.2*))" -Attr lDAPDisplayName attributeID

    Run this at the command prompt of a DC or any client with RSAT. The "*" character is the wildcard in LDAP syntax.

    Edit: For classes, you would substitute classSchema for attributeSchema in the filter, and maybe governsID for attributeID (I don't know). This link documents the properties of attribute and class objects in the Schema:

    https://technet.microsoft.com/en-us/library/cc773309(v=ws.10).aspx

    Edit: I tested and the LDAP syntax filter I suggest above does not work with attributeID. The "*" wildcard character can only be used with string attributes. It is not supported with DN syntax attributes like manager, or with OID syntax attributes like attributeID.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Monday, December 5, 2016 9:11 PM
  • Using powershell, still needs tweaked as I get all the errors, I do get the Attributes with matching attributeIDs.

    $atrs = get-content "c:\scripts\allAtributes.txt"

    foreach ($atr in $atrs)

    {

    get-adobject "CN=$atr,CN=Schema,CN=Configuration,DC=schema,DC=lab" -properties attributeID |where {$_.AttributeID -like "1.2.840.113556.1.8000.2554.2964.42144.4538.18342.38990.13657278.16082514.2*"} | ft name, attributeID -a

    }

    Monday, December 5, 2016 9:40 PM
  • The "*" wildcard character cannot be used with DN attributes, like distinguishedName or manager. I just tested and find it also does work with OID attributes like attributeID. So the script I posted retrieves nothing. Therefore, your script to pipe all attributes to the Where clause (where the wildcard is allowed), is necessary, even if it is not as efficient.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, December 5, 2016 11:51 PM
  • Pretty happy with the evolution of the script, thought Id share...

    # GET ALL SCHEMA ATTRIBUTES & CLASSES DIRECTLY FROM SCHEMA
    # PREFERRED METHOD, FASTER, NO TXT FILES

    $ErrorActionPreference = "silentlyContinue"

    $schemaPath = (Get-ADRootDSE).schemaNamingContext
    $rootOID = "1.2.840.113556.1.8000.2554.9999.99999.9999.99999.99999.99999999.99999999"

    Get-ADObject -filter * -SearchBase $schemaPath -properties attributeID,governsID | where {$_.attributeID -like "$rootOID.2*"  -or $_.governsID -like "$rootOID.1*"} | sort name | fl name, governsID, attributeID

    Tuesday, December 6, 2016 6:25 PM
  • Hi,
    Thank you for the update and share, and we would appreciate you to mark the helpful replies as answers, it will be greatly helpful to others who have the same question.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 8, 2016 1:31 AM
    Moderator