Adding Additional Fields to Active Directory Users and Computers
You want to add to the list of attributes that you can search and sort records by within the ADUC MMC snap-in (dsa.msc).
Using a graphical user interface
In this example, we will add the operating system service pack level attributes of computer objects to ADUC to allow you to search and sort by these fields.
Using a command-line interface
First create an LDIF file containing the following information. Save it as modify_display_specifiers.ldif:
dn: cn=computer-display,cn=409,cn=DisplaySpecifiers, cn=Configuration,<ForestRootDN> changetype: modify add: attributeDisplayNames attributeDisplayNames: operatingSystemServicePack,Operating System Service Pack -
Then run the following command:
You can also modify this information using a combination of AdFind and AdMod, as follows:
> adfind config rb cn=computer-display,cn=409,cn=DisplaySpecifiers | admod "attributeDisplayNames:+:operatingSystemServicePack,Operating System Service Pack"
' The following script will append a new value to the ' US English display specifiers '---------- SCRIPT CONFIGURATION ------------------ Const ADS_PROPERTY_APPEND = 3 strForestRoot = "<ForestRootDN>" ' i.e., "dc=rallencorp,dc=com" ' --------- END CONFIGURATION ---------------------\ strObjectDN = "cn=computer-display,cn=409,cn=displayspecifiers," & _ "cn=configuration," & strForestRoot set objObject = GetObject("LDAP://" & strObjectDN) objObject.PutEx ADS_PROPERTY_APPEND, _ "attributeDisplayNames", Array("operatingSystemServicePackLevel, " & _ "Operating System Service Pack Level") objObject.setInfo WScript.Echo "Script completed successfully!"
When working within the Active Directory Users and Computers MMC snap-in, there are a number of default attributes for each type of object that you can use to either search or sort on. Computer objects, for example, allow you to search and sort by the computer name, description, manager, operating system, and pre-Windows 2000 computer name. Once you add a new attribute to the display specifiers, you can access it by opening ADUC, right-clicking on a container and clicking on Find. Select Computers in the drop-down box next to Find, and click on Advanced. When you click on Field, you'll see the new field that you just added;you can now use it to search for objects within the ADUC snap-in.
Because the attributeDisplayNames attribute is multivalued, we need to use the PutEx method to add a value to an existing list of values. If you accidentally use Put to update a multivalued attribute, you will overwrite the list of values with the single value you specify in the script.
Recipe 4.14 for more on modifying an object, MSDN: Attribute-Display-Names [AD Schema], and MSDN: PutEx method [ADSI]