Custom Active Directory attributes
Custom Active Directory attributes
(OP)
I've been implementing Single Sign On with a variety of systems. This is working well and AD supplies the required information.....until now.
There's one application that needs an attribute about staff but that is not stored in AD (I don't want to put these values in a field eg phoneNumber because it isn't a phone number). I'd like to add a custom attribute but want to check some things about before doing it because it's a permanent change to the AD schema and don't want to stuff it up!
I've seen https://www.youtube.com/watch?v=__92mHwyZ3Q which makes it sounds all very easy. And that part of it is but it doesn't explain about the OID for the new attribute. I then went to https://msdn.microsoft.com/en-us/library/ms677620.... which explains it a bit. That led to https://gallery.technet.microsoft.com/scriptcenter... which is a VBScript and when I run that on my test DC it says:
First question is that if the root OID has 15 parts why does this example only have 8?
The VBScript says:
I think I'm right in thinking that I make this new attribute have an OID of 1.2.840.113556.1.5.9.1 but just want to confirm that. If it is, how do I make sure that there isn't another OID of 1.2.840.113556.1.5.9.1?
There's one application that needs an attribute about staff but that is not stored in AD (I don't want to put these values in a field eg phoneNumber because it isn't a phone number). I'd like to add a custom attribute but want to check some things about before doing it because it's a permanent change to the AD schema and don't want to stuff it up!
I've seen https://www.youtube.com/watch?v=__92mHwyZ3Q which makes it sounds all very easy. And that part of it is but it doesn't explain about the OID for the new attribute. I then went to https://msdn.microsoft.com/en-us/library/ms677620.... which explains it a bit. That led to https://gallery.technet.microsoft.com/scriptcenter... which is a VBScript and when I run that on my test DC it says:
Look at some existing attributes eg applicationSettings I see that it's X.500 OID is 1.2.840.113556.1.5.7000.49Quote:
Your root OID is:
1.2.840.113556.1.8000.2554.42286.18033.25403.19318.33978.9569320.1.2187529
First question is that if the root OID has 15 parts why does this example only have 8?
The VBScript says:
As I want to add a custom attribute to the 'user' class, which has an X.500 OID of 1.2.840.113556.1.5.9 does that mean that my attribute should have an OID of 1.2.840.113556.1.5.9.X? I looked at an existing attribute of the 'user' class (accountExpires) and found it's OID is 1.2.840.113556.1.4.159 - that doesn't end with ....113556.1.5.9Quote:
You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may be any number that you choose. A common schema extension scheme generally uses the following structure:
If your assigned OID was: 1.2.840.113556.1.8000.2554.999999
then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1 the second class OID : 1.2.840.113556.1.8000.2554.999999.1.2 etc
Using this example attributes could be under:
1.2.840.113556.1.8000.2554.999999.2
which makes the first attribute OID:
1.2.840.113556.1.8000.2554.99999.2.1
the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2 etc
I think I'm right in thinking that I make this new attribute have an OID of 1.2.840.113556.1.5.9.1 but just want to confirm that. If it is, how do I make sure that there isn't another OID of 1.2.840.113556.1.5.9.1?
Talk To Other Members