none
Adding additional details to the user fields in Active Directory RRS feed

  • Question

  • Is there a way of adding additional user fields that will be visible for all Active Directory user accounts. E.g. adding of a field called Salary Code.
    Thursday, May 14, 2009 11:32 AM

Answers

  • Hello Naraka,

    check this article about modifying the schema:
    http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA

    There are also some hidden attributes you can enable, maybe that is enough for your needs:
    http://msdn.microsoft.com/en-us/library/ms676902.aspx

    But why not using one of the existing fields from the user properties? Or do you use all of them so none is free? If you will create your own i suggest to try it first on a test system, do NOT test it in the production environment.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum
    Thursday, May 14, 2009 11:52 AM
  • Howdie!

    Okay - I'm assuming the following here:
    a) You don't want to add a custom attribute to Active Directory - so you don't want to extend the schema.
    b) you current do not use the "employeeNumber" attribute which is by default an unused attribute in the base AD Schema.
    c) You use an en-Us localed system -- if you don't use a en-US system, make sure you use the right locale number below (instead of 409 for en-US, you may need something different, 407 for de-DE, German for example).

    These are the steps to get the "employeeNumber" attribute shown in Active Directory Users and Computers as a column. We will use it to store our salary information. To actually put values into the field, you'll need additional magic (this trick simply displays the attribute in ADUC -- check http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA whether the VBScript behind is sufficient for you. If not, you'll most likely need to code C++ to hook into ADUC i guess).

    1 - fire up ADSIEdit as an admin.
    2 - connect to the "Configuration" partition/Naming Context and navigate to the following object: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domain,DC=tld
    3 - Right-click it and choose "properties".
    4 - Double click the object's "extraColumn" attribute and paste the following string in there: employeeNumber,SalaryNumber,1,150,0
    5 - Save your changes.
    6 - Navigate to an OU with users. Change a user's employeeNumber attribute-value to "1234".
    7 - close ADSIEdit. Open ADUC.
    8 - browse to the OU with the users and check whether the "SalaryNumber" column is added to the view and whether your value 1234 has been assigned to the user.

    Cheers,
    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 28, 2009 4:55 PM
  • Howdie!

    I concur with Meinolf. If you can use an attribute that's already in the Schema and isn't used yet, you could use that rather than messing with the Schema and changing it.

    You should also keep in mind that, once you have your attribute and you populate it with data, you need to maintain the values in there/show the values there. You should check whether you can add the attribute to "Active Directory Users and Computers" as a column or whether you need to write custom scripts and code to edit/see the field.

    Cheers,
    Florian


    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 14, 2009 1:10 PM
  • Ok -- I see the hard part in extending the "Active Directory Users and Computers" UI. Extending the schema isn't necessary, as you could use any random field that isn't already used in the Schema and label it on the UI just like you want "Salary Number". Extending "Active Directory Users and Computers" is tough, though.

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 14, 2009 1:28 PM

All replies

  • Hello Naraka,

    check this article about modifying the schema:
    http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA

    There are also some hidden attributes you can enable, maybe that is enough for your needs:
    http://msdn.microsoft.com/en-us/library/ms676902.aspx

    But why not using one of the existing fields from the user properties? Or do you use all of them so none is free? If you will create your own i suggest to try it first on a test system, do NOT test it in the production environment.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum
    Thursday, May 14, 2009 11:52 AM
  • Thanks for the reply and I will look at those links shortly.

    Would it be easier to rename one of the existing fields?
    Thursday, May 14, 2009 12:38 PM
  • Hello Naraka,

    do NOT change the default's, if MS update's whatever schema object this will result in errors. If really needed create your own's. Keep in mind, most of the user properties fields are read-only for normal users. So personal i think there are enoiugh fields available, even if it has a different name.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum
    Thursday, May 14, 2009 12:47 PM
  • Howdie!

    I concur with Meinolf. If you can use an attribute that's already in the Schema and isn't used yet, you could use that rather than messing with the Schema and changing it.

    You should also keep in mind that, once you have your attribute and you populate it with data, you need to maintain the values in there/show the values there. You should check whether you can add the attribute to "Active Directory Users and Computers" as a column or whether you need to write custom scripts and code to edit/see the field.

    Cheers,
    Florian


    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 14, 2009 1:10 PM
  • So basically for me to have additional field in for instance the general user properties of a AD account I have to extend the Schema. I am still going through those documents and I have to admit that this is pretty insane to just add one little field. Customer requirment unfortuanly is pretty strict on it. They want a field called 'Salary Number' under the general tab in the user properties.

    Thursday, May 14, 2009 1:26 PM
  • Ok -- I see the hard part in extending the "Active Directory Users and Computers" UI. Extending the schema isn't necessary, as you could use any random field that isn't already used in the Schema and label it on the UI just like you want "Salary Number". Extending "Active Directory Users and Computers" is tough, though.

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 14, 2009 1:28 PM
  • That is what I was thinking as well. If I can modify the webpage field for instance would this mean with a Schema update like that required before a Exchange install, SCCM install etc or even upgrade the AD mode to 2008, will this field rename cause issue or dissapear?
    Thursday, May 14, 2009 1:37 PM
  • There is no need to modify a field in the schema. You check the schema for a field that is capable of holding the data you want (the salary number should be a... let's say 10 digit number? You could use almost any unused text field in AD for that) and populate it with the data (use a script, type it in manually, whatever). Then go configure the UI appropriately so that the "webpage" field is named "salary number" in the UI. The underlying "webpage" field in the schema stays unchanged (as well as the data and "data type" behind it). It is just an UI thing. Since you don't change the schema, there won't be inconsistencies with SCCM or Exchange schema mods. You just have to make sure your customer won't introduce some third party software that uses "your" salary field to store other information in there.

    If you want the "webpage" field in AD be re-named to "salaryNumber" (because that matters for you or your customer), you would need to change the schema. In this case, I'd suggest you leave the webpage field alone (or any other field) and extend the schema and use a new, custom created attribute field for your data.

    Cheers,
    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 14, 2009 1:43 PM
  • Thanks for the clarification. I will post back once I am through reading the docs concerning changing the schema to accomedate the new field (and test in a test enviroment).

    Thursday, May 14, 2009 1:47 PM
  • Okay, great -- feel free to ask if there's anything left.

    Cheers!
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 14, 2009 1:48 PM
  • Hello Florian,

    also thanks, so i learned again.:-)
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum
    Thursday, May 14, 2009 8:34 PM
  • I would suggest the employeeid Attribute or something similar which can be viewed in Users and Computers already when you do a search and add the column to the GUI Chris
    This posting is provided "AS IS" with no warranties, and confers no rights. Check out my blog at - http://chrisbeams.wordpress.com/
    Friday, May 15, 2009 9:54 AM
  • Hi,

    Do you need any other assistance? If there is anything we can do for you, please let us know.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, May 18, 2009 6:32 AM
    Moderator
  • Still have not gotten to the article. Will post once I get a better understanding on where and what to modify. Tx
    Tuesday, May 26, 2009 10:42 AM
  • Hi Naraka,

    Thank you for update. If you have more questions, you’re welcomed to this forum.

    Thanks. 

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, May 26, 2009 11:09 AM
    Moderator
  • I went through the two links. I cannot make any sense of the second link as this seems to target application development to address the task and as pointed out by a lot forum members extending the schema should be avoided.

    Is there any step-by-step instructions on how to modify and use the excisting fields one can see in the Active Directory user properties box? It dawned on me that ADSI Edit seems to not be able to do this or I am missing something here.

    Florian pointed out something about changing the User Interface field to match the field I need by just using a excisting field. How do I go about changing a field's name that is currently visible in Active Directory user properties box? 

    Thursday, May 28, 2009 2:21 PM
  • Howdie!

    Okay - I'm assuming the following here:
    a) You don't want to add a custom attribute to Active Directory - so you don't want to extend the schema.
    b) you current do not use the "employeeNumber" attribute which is by default an unused attribute in the base AD Schema.
    c) You use an en-Us localed system -- if you don't use a en-US system, make sure you use the right locale number below (instead of 409 for en-US, you may need something different, 407 for de-DE, German for example).

    These are the steps to get the "employeeNumber" attribute shown in Active Directory Users and Computers as a column. We will use it to store our salary information. To actually put values into the field, you'll need additional magic (this trick simply displays the attribute in ADUC -- check http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA whether the VBScript behind is sufficient for you. If not, you'll most likely need to code C++ to hook into ADUC i guess).

    1 - fire up ADSIEdit as an admin.
    2 - connect to the "Configuration" partition/Naming Context and navigate to the following object: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domain,DC=tld
    3 - Right-click it and choose "properties".
    4 - Double click the object's "extraColumn" attribute and paste the following string in there: employeeNumber,SalaryNumber,1,150,0
    5 - Save your changes.
    6 - Navigate to an OU with users. Change a user's employeeNumber attribute-value to "1234".
    7 - close ADSIEdit. Open ADUC.
    8 - browse to the OU with the users and check whether the "SalaryNumber" column is added to the view and whether your value 1234 has been assigned to the user.

    Cheers,
    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Thursday, May 28, 2009 4:55 PM
  • Hello, for whatever reason, those instructions do not work on Server 2003 R2/SBS 2k3 R2.

    I see no column available for SalaryNumber.
    Wednesday, June 17, 2009 5:21 PM
  • Hi Florian,

    Just to add to your explanation on adding columns to ADUC, it should be noted that if you make the changes to the "extraColumn" attribute of CN=organizationUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration... then it will overwrite the available columns that can be selected from Add/Remove Columns (found out the hard way, my fingers run quicker than my brain can read).

    To work around this either import all the strings located within the extraColumn attribute of CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration... or alternatively add the new string to the above location with a hidden attribute of 0 in order to display a custom column for all container types that do not have any custom columns registered.

    Cheers,
    MW
    Wednesday, July 29, 2009 10:21 AM
  • Howdie!

    Okay - I'm assuming the following here:
    a) You don't want to add a custom attribute to Active Directory - so you don't want to extend the schema.
    b) you current do not use the "employeeNumber" attribute which is by default an unused attribute in the base AD Schema.
    c) You use an en-Us localed system -- if you don't use a en-US system, make sure you use the right locale number below (instead of 409 for en-US, you may need something different, 407 for de-DE, German for example).

    These are the steps to get the "employeeNumber" attribute shown in Active Directory Users and Computers as a column. We will use it to store our salary information. To actually put values into the field, you'll need additional magic (this trick simply displays the attribute in ADUC -- check http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA whether the VBScript behind is sufficient for you. If not, you'll most likely need to code C++ to hook into ADUC i guess).

    1 - fire up ADSIEdit as an admin.
    2 - connect to the "Configuration" partition/Naming Context and navigate to the following object: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domain,DC=tld
    3 - Right-click it and choose "properties".
    4 - Double click the object's "extraColumn" attribute and paste the following string in there: employeeNumber,SalaryNumber,1,150,0
    5 - Save your changes.
    6 - Navigate to an OU with users. Change a user's employeeNumber attribute-value to "1234".
    7 - close ADSIEdit. Open ADUC.
    8 - browse to the OU with the users and check whether the "SalaryNumber" column is added to the view and whether your value 1234 has been assigned to the user.

    Cheers,
    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    I've developed a custom property pages that let System Administrator have a quick access to thumbnail Photo, employee ID and employee Number for a user object.
    It's an extension of Active Directory Users and Computers MMC snap-in.

    http://goo.gl/MXWwcG
    Wednesday, April 23, 2014 12:44 PM
  • do you know how to get the object name from the custom property page code?
    So if i extended the group pages, how do i access the group name being viewed from the extension code?
    Friday, November 2, 2018 12:37 PM