Answered by:
Adding additional details to the user fields in Active Directory
Question
-
Answers
-
Hello Naraka,
check this article about modifying the schema:
http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA
There are also some hidden attributes you can enable, maybe that is enough for your needs:
http://msdn.microsoft.com/en-us/library/ms676902.aspx
But why not using one of the existing fields from the user properties? Or do you use all of them so none is free? If you will create your own i suggest to try it first on a test system, do NOT test it in the production environment.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum- Marked as answer by Mervyn ZhangModerator Wednesday, May 20, 2009 10:07 AM
-
Howdie!
Okay - I'm assuming the following here:
a) You don't want to add a custom attribute to Active Directory - so you don't want to extend the schema.
b) you current do not use the "employeeNumber" attribute which is by default an unused attribute in the base AD Schema.
c) You use an en-Us localed system -- if you don't use a en-US system, make sure you use the right locale number below (instead of 409 for en-US, you may need something different, 407 for de-DE, German for example).
These are the steps to get the "employeeNumber" attribute shown in Active Directory Users and Computers as a column. We will use it to store our salary information. To actually put values into the field, you'll need additional magic (this trick simply displays the attribute in ADUC -- check http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA whether the VBScript behind is sufficient for you. If not, you'll most likely need to code C++ to hook into ADUC i guess).
1 - fire up ADSIEdit as an admin.
2 - connect to the "Configuration" partition/Naming Context and navigate to the following object: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domain,DC=tld
3 - Right-click it and choose "properties".
4 - Double click the object's "extraColumn" attribute and paste the following string in there: employeeNumber,SalaryNumber,1,150,0
5 - Save your changes.
6 - Navigate to an OU with users. Change a user's employeeNumber attribute-value to "1234".
7 - close ADSIEdit. Open ADUC.
8 - browse to the OU with the users and check whether the "SalaryNumber" column is added to the view and whether your value 1234 has been assigned to the user.
Cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog- Marked as answer by Mervyn ZhangModerator Monday, June 1, 2009 3:34 AM
-
Howdie!
I concur with Meinolf. If you can use an attribute that's already in the Schema and isn't used yet, you could use that rather than messing with the Schema and changing it.
You should also keep in mind that, once you have your attribute and you populate it with data, you need to maintain the values in there/show the values there. You should check whether you can add the attribute to "Active Directory Users and Computers" as a column or whether you need to write custom scripts and code to edit/see the field.
Cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog- Marked as answer by Mervyn ZhangModerator Wednesday, May 20, 2009 10:07 AM
-
Ok -- I see the hard part in extending the "Active Directory Users and Computers" UI. Extending the schema isn't necessary, as you could use any random field that isn't already used in the Schema and label it on the UI just like you want "Salary Number". Extending "Active Directory Users and Computers" is tough, though.
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog- Marked as answer by Mervyn ZhangModerator Wednesday, May 20, 2009 10:07 AM
All replies
-
Hello Naraka,
check this article about modifying the schema:
http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA
There are also some hidden attributes you can enable, maybe that is enough for your needs:
http://msdn.microsoft.com/en-us/library/ms676902.aspx
But why not using one of the existing fields from the user properties? Or do you use all of them so none is free? If you will create your own i suggest to try it first on a test system, do NOT test it in the production environment.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum- Marked as answer by Mervyn ZhangModerator Wednesday, May 20, 2009 10:07 AM
-
-
Hello Naraka,
do NOT change the default's, if MS update's whatever schema object this will result in errors. If really needed create your own's. Keep in mind, most of the user properties fields are read-only for normal users. So personal i think there are enoiugh fields available, even if it has a different name.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to the Forum -
Howdie!
I concur with Meinolf. If you can use an attribute that's already in the Schema and isn't used yet, you could use that rather than messing with the Schema and changing it.
You should also keep in mind that, once you have your attribute and you populate it with data, you need to maintain the values in there/show the values there. You should check whether you can add the attribute to "Active Directory Users and Computers" as a column or whether you need to write custom scripts and code to edit/see the field.
Cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog- Marked as answer by Mervyn ZhangModerator Wednesday, May 20, 2009 10:07 AM
-
So basically for me to have additional field in for instance the general user properties of a AD account I have to extend the Schema. I am still going through those documents and I have to admit that this is pretty insane to just add one little field. Customer requirment unfortuanly is pretty strict on it. They want a field called 'Salary Number' under the general tab in the user properties.
-
Ok -- I see the hard part in extending the "Active Directory Users and Computers" UI. Extending the schema isn't necessary, as you could use any random field that isn't already used in the Schema and label it on the UI just like you want "Salary Number". Extending "Active Directory Users and Computers" is tough, though.
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog- Marked as answer by Mervyn ZhangModerator Wednesday, May 20, 2009 10:07 AM
-
That is what I was thinking as well. If I can modify the webpage field for instance would this mean with a Schema update like that required before a Exchange install, SCCM install etc or even upgrade the AD mode to 2008, will this field rename cause issue or dissapear?
-
There is no need to modify a field in the schema. You check the schema for a field that is capable of holding the data you want (the salary number should be a... let's say 10 digit number? You could use almost any unused text field in AD for that) and populate it with the data (use a script, type it in manually, whatever). Then go configure the UI appropriately so that the "webpage" field is named "salary number" in the UI. The underlying "webpage" field in the schema stays unchanged (as well as the data and "data type" behind it). It is just an UI thing. Since you don't change the schema, there won't be inconsistencies with SCCM or Exchange schema mods. You just have to make sure your customer won't introduce some third party software that uses "your" salary field to store other information in there.
If you want the "webpage" field in AD be re-named to "salaryNumber" (because that matters for you or your customer), you would need to change the schema. In this case, I'd suggest you leave the webpage field alone (or any other field) and extend the schema and use a new, custom created attribute field for your data.
Cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog -
-
-
-
I would suggest the employeeid Attribute or something similar which can be viewed in Users and Computers already when you do a search and add the column to the GUI Chris
This posting is provided "AS IS" with no warranties, and confers no rights. Check out my blog at - http://chrisbeams.wordpress.com/ -
-
-
-
I went through the two links. I cannot make any sense of the second link as this seems to target application development to address the task and as pointed out by a lot forum members extending the schema should be avoided.
Is there any step-by-step instructions on how to modify and use the excisting fields one can see in the Active Directory user properties box? It dawned on me that ADSI Edit seems to not be able to do this or I am missing something here.Florian pointed out something about changing the User Interface field to match the field I need by just using a excisting field. How do I go about changing a field's name that is currently visible in Active Directory user properties box?
-
Howdie!
Okay - I'm assuming the following here:
a) You don't want to add a custom attribute to Active Directory - so you don't want to extend the schema.
b) you current do not use the "employeeNumber" attribute which is by default an unused attribute in the base AD Schema.
c) You use an en-Us localed system -- if you don't use a en-US system, make sure you use the right locale number below (instead of 409 for en-US, you may need something different, 407 for de-DE, German for example).
These are the steps to get the "employeeNumber" attribute shown in Active Directory Users and Computers as a column. We will use it to store our salary information. To actually put values into the field, you'll need additional magic (this trick simply displays the attribute in ADUC -- check http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA whether the VBScript behind is sufficient for you. If not, you'll most likely need to code C++ to hook into ADUC i guess).
1 - fire up ADSIEdit as an admin.
2 - connect to the "Configuration" partition/Naming Context and navigate to the following object: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domain,DC=tld
3 - Right-click it and choose "properties".
4 - Double click the object's "extraColumn" attribute and paste the following string in there: employeeNumber,SalaryNumber,1,150,0
5 - Save your changes.
6 - Navigate to an OU with users. Change a user's employeeNumber attribute-value to "1234".
7 - close ADSIEdit. Open ADUC.
8 - browse to the OU with the users and check whether the "SalaryNumber" column is added to the view and whether your value 1234 has been assigned to the user.
Cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog- Marked as answer by Mervyn ZhangModerator Monday, June 1, 2009 3:34 AM
-
-
Hi Florian,
Just to add to your explanation on adding columns to ADUC, it should be noted that if you make the changes to the "extraColumn" attribute of CN=organizationUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration... then it will overwrite the available columns that can be selected from Add/Remove Columns (found out the hard way, my fingers run quicker than my brain can read).
To work around this either import all the strings located within the extraColumn attribute of CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration... or alternatively add the new string to the above location with a hidden attribute of 0 in order to display a custom column for all container types that do not have any custom columns registered.
Cheers,
MW -
Howdie!
I've developed a custom property pages that let System Administrator have a quick access to thumbnail Photo, employee ID and employee Number for a user object.
Okay - I'm assuming the following here:
a) You don't want to add a custom attribute to Active Directory - so you don't want to extend the schema.
b) you current do not use the "employeeNumber" attribute which is by default an unused attribute in the base AD Schema.
c) You use an en-Us localed system -- if you don't use a en-US system, make sure you use the right locale number below (instead of 409 for en-US, you may need something different, 407 for de-DE, German for example).
These are the steps to get the "employeeNumber" attribute shown in Active Directory Users and Computers as a column. We will use it to store our salary information. To actually put values into the field, you'll need additional magic (this trick simply displays the attribute in ADUC -- check http://technet.microsoft.com/en-us/library/bb727064.aspx#EAAA whether the VBScript behind is sufficient for you. If not, you'll most likely need to code C++ to hook into ADUC i guess).
1 - fire up ADSIEdit as an admin.
2 - connect to the "Configuration" partition/Naming Context and navigate to the following object: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domain,DC=tld
3 - Right-click it and choose "properties".
4 - Double click the object's "extraColumn" attribute and paste the following string in there: employeeNumber,SalaryNumber,1,150,0
5 - Save your changes.
6 - Navigate to an OU with users. Change a user's employeeNumber attribute-value to "1234".
7 - close ADSIEdit. Open ADUC.
8 - browse to the OU with the users and check whether the "SalaryNumber" column is added to the view and whether your value 1234 has been assigned to the user.
Cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
It's an extension of Active Directory Users and Computers MMC snap-in.
http://goo.gl/MXWwcG -