Adding Additional Fields to Active Directory Users and Computers






Adding Additional Fields to Active Directory Users and Computers

Problem

You want to add to the list of attributes that you can search and sort records by within the ADUC MMC snap-in (dsa.msc).

Solution

Using a graphical user interface

In this example, we will add the operating system service pack level attributes of computer objects to ADUC to allow you to search and sort by these fields.

  1. Open ADSI Edit from the Windows Support Tools.

  2. If an entry for the Configuration NC is not already displayed, do the following:

  3. Right-click on ADSI Edit in the right pane and click "Connect to…."

  4. Under "Select a well-known naming context," select Configuration. Click Advanced if you need to specify alternate credentials, then click OK to create the connection.

  5. In the left pane, click onCN=DisplaySpecifiers, then CN=409. Right-click on the container and select Properties.

    If you are using a locale other than US English, specify the appropriate local number in place of CN=409.


  6. Right-click on cn=computerDisplay and select Properties.

  7. Double-click on attributeDisplayNames. Type operatingSystemServicePack, Operating System Service Pack, and click Add.

  8. Click Apply, followed by OK.

Using a command-line interface

First create an LDIF file containing the following information. Save it as modify_display_specifiers.ldif:

	dn: cn=computer-display,cn=409,cn=DisplaySpecifiers,
	    cn=Configuration,<ForestRootDN> 
	changetype: modify 
	add: attributeDisplayNames 
	attributeDisplayNames: operatingSystemServicePack,Operating System Service Pack 
	-

Then run the following command:

	> ldifde -v -i -f  
modify_display_specifiers.ldf

You can also modify this information using a combination of AdFind and AdMod, as follows:

	> adfind config rb cn=computer-display,cn=409,cn=DisplaySpecifiers | admod
	"attributeDisplayNames:+:operatingSystemServicePack,Operating System Service Pack"

Using VBScript
	' The following script will append a new value to the
	' US English display specifiers
	'---------- SCRIPT CONFIGURATION ------------------
	  Const ADS_PROPERTY_APPEND = 3
	  strForestRoot = "<ForestRootDN>" ' i.e., "dc=rallencorp,dc=com"
	' --------- END CONFIGURATION ---------------------\

	strObjectDN = "cn=computer-display,cn=409,cn=displayspecifiers," &  _
	              "cn=configuration," &  strForestRoot
	set objObject = GetObject("LDAP://" &  strObjectDN)
	objObject.PutEx ADS_PROPERTY_APPEND, _
	  "attributeDisplayNames", Array("operatingSystemServicePackLevel, " &  _
	  "Operating System Service Pack Level")
	objObject.setInfo

	WScript.Echo "Script completed successfully!"

Discussion

When working within the Active Directory Users and Computers MMC snap-in, there are a number of default attributes for each type of object that you can use to either search or sort on. Computer objects, for example, allow you to search and sort by the computer name, description, manager, operating system, and pre-Windows 2000 computer name. Once you add a new attribute to the display specifiers, you can access it by opening ADUC, right-clicking on a container and clicking on Find. Select Computers in the drop-down box next to Find, and click on Advanced. When you click on Field, you'll see the new field that you just added;you can now use it to search for objects within the ADUC snap-in.

Using VBScript

Because the attributeDisplayNames attribute is multivalued, we need to use the PutEx method to add a value to an existing list of values. If you accidentally use Put to update a multivalued attribute, you will overwrite the list of values with the single value you specify in the script.

See Also

Recipe 4.14 for more on modifying an object, MSDN: Attribute-Display-Names [AD Schema], and MSDN: PutEx method [ADSI]



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows