Windows Server 2008 Thread, How many people have extended the AD with custom attributes? in Technical; We've got a printing system that we use whereby we put users into a group in AD to give them ...
24th May 2010, 02:55 PM #1
- Rep Power
How many people have extended the AD with custom attributes?
We've got a printing system that we use whereby we put users into a group in AD to give them permissions to print against a particular account.
Our copiers only allow logging in by code. We've set a 3 digit code for each member of staff and a 2 digit code for each of the AD groups. Concatenating these codes gives us a list from which we can easily identify who is copying what for each department.
So if my code is 123 and my department code is 69 then my copier code is 69123 and if I'm authorised to copy for IT Curriculum too (code 71) then I have another code 71123 to charge the copying to them. This way the department part of the codes can easily be got from colleagues and the user only has one code to remember for their personal part.
I've got a wonderful spreadsheet that works it all out, creates script to populate the AD groups and exports text files to import into the copiers and mail the group managers a list of people that can print against their department.
However when we add new staff or staff move or the AD groups and the spreadsheet get out of sync its a royal pita to sort out.
My proposed solution is:
To add a custom attribute to the user and group objects in AD to store the code
To create my copier codes directly from the information in the AD rather than an duplicate set of records in the spreadsheet.
What's the consensus on adding custom fields to AD?
IDG Tech News
24th May 2010, 04:15 PM #2
if your ruuning exchange you could use the extentionatributeX fields in AD since there for customer use.
24th May 2010, 05:40 PM #3
There's no problem with adding custom fields but it's very hard to change your mind later and take them out. A really important thing is to not use a field name that someone else might use (so add a prefix which would be unique to your school, for example)
As @fawkers says, there are 15 (I think!) extension attributes available and these are available to you with no problem
Last edited by srochford; 24th May 2010 at 05:43 PM.
24th May 2010, 05:43 PM #4
AD is based on LDAP, which is meant to be extensible and customisable.
Originally Posted by cjohnsonuk
However once you have added an attribute to AD (or any LDAP database) it is there for good. There is ADAM, which is linked in to AD, but has a separate repository which might be an option for you.
Microsoft do have a best practice document for extending the AD schema - Extending the Active Directory Schema which might be useful for you.
24th May 2010, 06:12 PM #5
There was a recent article on how to test extensions before you slot them into production:
Testing for Active Directory Schema Extension Conflicts
25th May 2010, 12:05 AM #6
- Rep Power
Thanks for getting back. Extended attributes look like a good option. Anyone know the best way of reading/modifying these attributes from a script? dsquery/DSmod appear to be useless. Is it vb or perl?
By rh91uk in forum Office Software
Last Post: 3rd December 2009, 11:13 AM
By Azhibberd in forum Windows Server 2000/2003
Last Post: 6th March 2009, 04:46 PM
By contink in forum Scripts
Last Post: 13th June 2007, 10:33 PM
By tscnmuk in forum Windows
Last Post: 14th May 2007, 08:20 AM
Last Post: 9th May 2007, 06:45 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread