Wednesday, May 8, 2013

How to add custom attributes to AD User Objects

We have an application that requires to store some custom user attributes on the Active Directory. Let's say we need to add a custom attribute "Gender". How should we go about it? We need to first extend the existing User Class in the AD Schema. Please refer to this detailed step-by-step guide.

Here, I would just summarize the overall steps.

Step 1: Register AD schema tool by running "regsvr32 schmmgmt.dll" on the Domain Controller with "Schema Master" role. Add the AD Schema tool on the mmc console.
Step 2: In the AD Schema Console, right-click the Attributes folder, then select Create Attribute.
Step 3: You may like to generate your own private enterprise OID (Unique X.500 Object ID) for this custom attribute on this link.
Step 4: From the Schema Console, click the Class folder. Scroll down to the User class, right-click it, and select Properties. On the user Properties dialog box, click the Attributes tab. Click Add, then choose the Gender attribute. Click OK twice, and you've successfully added the Gender attribute to the User class.

Now we have an extra gender attribute for every user object. How should we populate its values (i.e. Male or Female)? If you have an excel sheet, convert it to CSV and use Powershell script to populate it. Below is sample script.

$Users = import-csv users.csv
Foreach ($user in $Users)
{
  $sAMAccountName = $user.sAMAccountName
  $gender = $user.gender
  $Property = @{gender=$gender}
  Write-host "Setting the gender of $sAMAccountName"
  Get-ADObject -Filter 'sAMAccountName -eq $sAMAccountName' | Set-ADObject -add $Property
  Write-host "Done!"
}


No comments:

Post a Comment