Discussion:
Active Directory Extended Attributes
(too old to reply)
Mark Mynsted
2004-08-31 18:15:34 UTC
Permalink
I need to add data to our LDAP (Active Directory) without altering the
default schema. Our Active Directory is a data store for
our Exchange Server. (Maybe this means it is different than other Active
Directories.) I understand that some Extended Attributes exist for
this purpose, though I have seen no evidence to support this claim.

- Is there a place in Active Directory where data may be stored, that
does not fit in the existing fields, defined for specific purposes?
Do Extended Attributes exist or must I expand the schema?

- I can not view any Extended Attributes when I use enumprop or view
the AD GUI from a Windows 2000 server host (MMC). How may I view
these attributes? I know that one is set (as per the Exchange
Admin) but is there some tool that will let me view it? Perhaps
the only tool available to see these is Exchange? I think I
should be able to read it via ASDI from a .Net application, if I
know it exists and is set for a particular account. How do I know
which Extended attributes are in use?

- If I read the documentation about the extended attributes for
"Microsoft Office Project 2003 Software Development Kit", it makes
the attributes look like a collection of <ExtendedAttribute> nodes
inside an <ExtendedAttributes> node. But if I read the docs for
Windows 2000,
http://support.microsoft.com/default.aspx?scid=kb;EN-US;257218
then the extended attributes do not seem to exist.

All I am trying to do is:

- Prove the existence of these Extended Attributes.

- Load them with data from .Net using System.DirectoryServices namespace.

- Be able to read the data from the, then loaded, Extended Attributes.

Has anybody used these? Any help would be great.
--
-MM
I rarely read email from this address /"\
because of spam. \ / ASCII Ribbon Campaign
I MAY see it if you put #NOTSPAM# X Against HTML Mail
in the subject line. / \
Chriss3 [MVP]
2004-08-31 18:44:40 UTC
Permalink
Hello Mark,

extensionAttribute1-15 can be used to store data at accounts I'm not sure
what kind of classes more you can use extensionAttributes on

To view a customized attribute or extended in AD Users and Computers or
other MMCs, you need to add a display specify for this in Active Directory
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
Post by Mark Mynsted
I need to add data to our LDAP (Active Directory) without altering the
default schema. Our Active Directory is a data store for
our Exchange Server. (Maybe this means it is different than other Active
Directories.) I understand that some Extended Attributes exist for
this purpose, though I have seen no evidence to support this claim.
- Is there a place in Active Directory where data may be stored, that
does not fit in the existing fields, defined for specific purposes?
Do Extended Attributes exist or must I expand the schema?
- I can not view any Extended Attributes when I use enumprop or view
the AD GUI from a Windows 2000 server host (MMC). How may I view
these attributes? I know that one is set (as per the Exchange
Admin) but is there some tool that will let me view it? Perhaps
the only tool available to see these is Exchange? I think I
should be able to read it via ASDI from a .Net application, if I
know it exists and is set for a particular account. How do I know
which Extended attributes are in use?
- If I read the documentation about the extended attributes for
"Microsoft Office Project 2003 Software Development Kit", it makes
the attributes look like a collection of <ExtendedAttribute> nodes
inside an <ExtendedAttributes> node. But if I read the docs for
Windows 2000,
http://support.microsoft.com/default.aspx?scid=kb;EN-US;257218
then the extended attributes do not seem to exist.
- Prove the existence of these Extended Attributes.
- Load them with data from .Net using System.DirectoryServices namespace.
- Be able to read the data from the, then loaded, Extended Attributes.
Has anybody used these? Any help would be great.
--
-MM
I rarely read email from this address /"\
because of spam. \ / ASCII Ribbon Campaign
I MAY see it if you put #NOTSPAM# X Against HTML Mail
in the subject line. / \
Mark Mynsted
2004-09-08 18:58:26 UTC
Permalink
Chriss3> Hello Mark,
Chriss3> extensionAttribute1-15 can be used to store data at accounts I'm not sure
Chriss3> what kind of classes more you can use extensionAttributes on

Chriss3> To view a customized attribute or extended in AD Users and Computers or
Chriss3> other MMCs, you need to add a display specify for this in Active Directory
Chriss3> --
Chriss3> Regards
Chriss3> Christoffer Andersson
Chriss3> Microsoft MVP - Directory Services

Thank you.

Also, "The Big Kahuna" here mentioned the following that I found really
helpful.


Here is how to get the snap-in

Installing the Active Directory Schema Console

The first challenge in this process is installing the tool. The Schema
Console isn't installed by default with Win2K Server-not even on the
domain controller that hosts your AD. In addition, Microsoft didn't
write an installation program for the tool. You must manually register
the Schema Console, which is a COM object that is hosted as a
Microsoft Management Console (MMC) snap-in. You can find the Schema
Console in the \winnt\system32 folder.

To register the tool, choose Start, Run. Type regsvr32
C:\winnt\system32\schmmgmt.dll (assuming C is where you installed
Win2K), and click OK. When you've successfully registered the tool,
perform these steps:

Choose Start, Run; type mmc /a, then click OK.
On the Console menu, click Add/
Remove Snap-in, then click Add.
Under Snap-in, double-click Active Directory Schema, then click Close.
Click OK.
On the Console menu, click Save to save the console.
By default, you save the console to the Administrative Tools
folder. Save your snap-in in that location, and it will appear under
Start, Programs, Administrative Tools.
--
-MM
I rarely read email from this address /"\
because of spam. \ / ASCII Ribbon Campaign
I MAY see it if you put #NOTSPAM# X Against HTML Mail
in the subject line. / \
Loading...