+ Post New Thread
Results 1 to 6 of 6
Windows Server 2008 Thread, How many people have extended the AD with custom attributes? in Technical; We've got a printing system that we use whereby we put users into a group in AD to give them ...
  1. #1

    Join Date
    Dec 2007
    Posts
    149
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    16

    How many people have extended the AD with custom attributes?

    We've got a printing system that we use whereby we put users into a group in AD to give them permissions to print against a particular account.

    Our copiers only allow logging in by code. We've set a 3 digit code for each member of staff and a 2 digit code for each of the AD groups. Concatenating these codes gives us a list from which we can easily identify who is copying what for each department.

    So if my code is 123 and my department code is 69 then my copier code is 69123 and if I'm authorised to copy for IT Curriculum too (code 71) then I have another code 71123 to charge the copying to them. This way the department part of the codes can easily be got from colleagues and the user only has one code to remember for their personal part.

    I've got a wonderful spreadsheet that works it all out, creates script to populate the AD groups and exports text files to import into the copiers and mail the group managers a list of people that can print against their department.

    However when we add new staff or staff move or the AD groups and the spreadsheet get out of sync its a royal pita to sort out.

    My proposed solution is:
    To add a custom attribute to the user and group objects in AD to store the code
    To create my copier codes directly from the information in the AD rather than an duplicate set of records in the spreadsheet.

    What's the consensus on adding custom fields to AD?

  2. #2
    fawkers's Avatar
    Join Date
    Jun 2007
    Location
    Southend
    Posts
    193
    Thank Post
    32
    Thanked 22 Times in 21 Posts
    Blog Entries
    2
    Rep Power
    31
    if your ruuning exchange you could use the extentionatributeX fields in AD since there for customer use.

  3. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    There's no problem with adding custom fields but it's very hard to change your mind later and take them out. A really important thing is to not use a field name that someone else might use (so add a prefix which would be unique to your school, for example)

    As @fawkers says, there are 15 (I think!) extension attributes available and these are available to you with no problem
    Last edited by srochford; 24th May 2010 at 04:43 PM.

  4. #4

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    113
    Quote Originally Posted by cjohnsonuk View Post
    We've got a printing system that we use whereby we put users into a group in AD to give them permissions to print against a particular account.

    Our copiers only allow logging in by code. We've set a 3 digit code for each member of staff and a 2 digit code for each of the AD groups. Concatenating these codes gives us a list from which we can easily identify who is copying what for each department.

    So if my code is 123 and my department code is 69 then my copier code is 69123 and if I'm authorised to copy for IT Curriculum too (code 71) then I have another code 71123 to charge the copying to them. This way the department part of the codes can easily be got from colleagues and the user only has one code to remember for their personal part.

    I've got a wonderful spreadsheet that works it all out, creates script to populate the AD groups and exports text files to import into the copiers and mail the group managers a list of people that can print against their department.

    However when we add new staff or staff move or the AD groups and the spreadsheet get out of sync its a royal pita to sort out.

    My proposed solution is:
    To add a custom attribute to the user and group objects in AD to store the code
    To create my copier codes directly from the information in the AD rather than an duplicate set of records in the spreadsheet.

    What's the consensus on adding custom fields to AD?
    AD is based on LDAP, which is meant to be extensible and customisable.

    However once you have added an attribute to AD (or any LDAP database) it is there for good. There is ADAM, which is linked in to AD, but has a separate repository which might be an option for you.

    Microsoft do have a best practice document for extending the AD schema - Extending the Active Directory Schema which might be useful for you.

  5. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,637
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    There was a recent article on how to test extensions before you slot them into production:

    Testing for Active Directory Schema Extension Conflicts

  6. #6

    Join Date
    Dec 2007
    Posts
    149
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    16

    Thanks

    Thanks for getting back. Extended attributes look like a good option. Anyone know the best way of reading/modifying these attributes from a script? dsquery/DSmod appear to be useless. Is it vb or perl?

SHARE:
+ Post New Thread

Similar Threads

  1. [MS Office - 2007] Macro Author Attributes
    By rh91uk in forum Office Software
    Replies: 0
    Last Post: 3rd December 2009, 10:13 AM
  2. Restrict changing Attributes(Home directory)
    By Azhibberd in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 6th March 2009, 03:46 PM
  3. User container attributes - Some help pls
    By contink in forum Scripts
    Replies: 5
    Last Post: 13th June 2007, 09:33 PM
  4. Exchange Attributes
    By tscnmuk in forum Windows
    Replies: 1
    Last Post: 14th May 2007, 07:20 AM
  5. Replies: 5
    Last Post: 9th May 2007, 05:45 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •