Hello again. Mahdi here with an article of “Art of manipulation” series. Today’s lesson is on inserting your custom attributes in search function of Active Directory


As you know search function in Active Directory plays a key role in finding your appropriate objects within your environment. You can use different methods in order to find a specific object. There are tools to perform this option, PowerShell is my cool friend in searching, search function in Active Directory is another method. Sometimes you may need to search for an object based on your criteria which is a custom attribute. Suppose you have manipulated the schema and added your custom attributes and now you want to move one step forward and import this newly created attribute to the default attributes of search function in active directory. In this tutorial, firstly I create an attribute and after that, adding it to the search attributes will be explained.

Creating an attribute

In order to create your custom attributes you have to manipulate the schema. For this purpose open up a command prompt as Administrator and type the following command and hit Enter (if you have not already registered schmmgmt.dll on the computer).
Regsvr32 schmmgmt.dll

A message box will pop up and inform you that registration of schema dll has been succeeded.

Now navigate to Start > Run and type mmc. Since you have successfully registered Schema dll you can add this console via mmc. Add the Schema console and click Ok.

For now navigate to Attributes and right click for New Attributes. Here we want to create an attribute in order to store Skype Id of the employees. Since Skype Ids are in string format, make sure to choose String as the syntax. For testing purpose we use as object id, but in real production environment I strongly recommend to assign a unique OID for your attribute. You can refer to this awesome script written by The Scripting Guys to obtain a unique OID.

After creating the attribute you must link it to a class. Since Skype is a user based attribute, you should add it to user class. So navigate to class container and right click User and go to properties. Add Skype attribute to to the class and click Ok.

Manipulating search function

For testing purpose, we just insert a value to skype attribute of a user. Follow these steps to perform the action.

Insert the appropriate value for this attribute.

We have added the value to the Skype attribute now. Let’s manipulate the ADUC search function now. Open ADSIedit and right click on the top node in order to choose Connect to:

Expand the DisplaySpecifiers and click CN=409. It is the default display specifier for US locale. If you are using a different locale you must choose the right container.

Choose cn=user-Display object. We want to edit attributeDisplayNames. So choose attributeDisplayNames and click Edit.

In the Value to add text box type skype,Skype and click Add. Finally click Ok.

Examine the function

It is time to test the results. Reopen the ADUC and go for a find.

After specifying that you are searching based on skype and typing the criteria click Find Now and review the result.

Happy manipulating. :)