Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Custom Active Directory attributes

Custom Active Directory attributes

Custom Active Directory attributes

I've been implementing Single Sign On with a variety of systems. This is working well and AD supplies the required information.....until now.

There's one application that needs an attribute about staff but that is not stored in AD (I don't want to put these values in a field eg phoneNumber because it isn't a phone number). I'd like to add a custom attribute but want to check some things about before doing it because it's a permanent change to the AD schema and don't want to stuff it up!

I've seen https://www.youtube.com/watch?v=__92mHwyZ3Q which makes it sounds all very easy. And that part of it is but it doesn't explain about the OID for the new attribute. I then went to https://msdn.microsoft.com/en-us/library/ms677620.... which explains it a bit. That led to https://gallery.technet.microsoft.com/scriptcenter... which is a VBScript and when I run that on my test DC it says:


Your root OID is:
Look at some existing attributes eg applicationSettings I see that it's X.500 OID is 1.2.840.113556.1.5.7000.49

First question is that if the root OID has 15 parts why does this example only have 8?

The VBScript says:


You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may be any number that you choose. A common schema extension scheme generally uses the following structure:
If your assigned OID was: 1.2.840.113556.1.8000.2554.999999
then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1 the second class OID : 1.2.840.113556.1.8000.2554.999999.1.2 etc

Using this example attributes could be under:
which makes the first attribute OID:
the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2 etc
As I want to add a custom attribute to the 'user' class, which has an X.500 OID of 1.2.840.113556.1.5.9 does that mean that my attribute should have an OID of 1.2.840.113556.1.5.9.X? I looked at an existing attribute of the 'user' class (accountExpires) and found it's OID is 1.2.840.113556.1.4.159 - that doesn't end with ....113556.1.5.9

I think I'm right in thinking that I make this new attribute have an OID of 1.2.840.113556. but just want to confirm that. If it is, how do I make sure that there isn't another OID of 1.2.840.113556.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close