This is a guide on how to create custom Active Directory attributes where an existing attribute is not available. For example, creating an attribute to hold the value of “Technical Department”. This guide is utilizing Microsoft Windows 2008 R2.
1. First ensure that the Schema Updates are enabled in the registry by configuring the following value:
Value Name: Schema Update Allowed
3. Now we need an Active Directory Schema console.
- Navigate to Start, Run, type MMC.
- From the File menu, select Add/Remove Snap-in…
- Select Active Directory Schema, click Add and OK.
This is based on your domain. Use the following script (click here) to generate this. Simply save the code in notepad with file extension .vbs and execute it. The script will output something like:
Do not use the value above as each domain will have a different value. In this example, the value to be utilized will be the value stated above + some other suffix such as .2.1. The number 2 stands for the class and 1 for the attribute. So if we needed to add a second attribute, our suffix would be .2.2. It would be a best practice to have this information properly documented and controlled. So for our specific example, we would use 1.2.840.113556.1.8000.2554.22299.3130.65293.18626.46045.14916527.3721449.2.1
6. Populate the desired values.
- Common Name: Technical Department
- LDAP Display Name: technicalDepartment (This auto-populates but you can change it if you wish)
- Unique X500 Object ID: 1.2.840.113556.1.8000.2554.22299.3130.65293.18626.46045.14916527.3721449.2.1
- Syntax: Unicode String (this could be of a different type and depends on the usage of each attribute)
And click OK.
10. Just to confirm that the attribute has been associated with person, right-click person, properties and navigate to the attributes tab. The technicalDepartment attribute should be present in the list of Optional attributes.
This completes the creation of a custom attribute. Note: When you close the console, the console may crash and usually this occurs when you do not save it. If you re-open the console the above change should be present.