In my opinion, Active Directory is good place to store personal information, so it can be used by third party applications and SharePoint User Profile service as well. This post will let you know how to create customized user attribute to Active Directory, we can use LDAP to query or modify it later.

1. Firstly, open Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters. Right-click on Parameters
folder and select New->Key, select DWORD (32-bit) Value, set Name: Schema Update Allowed and Value: 1

Open Registry Editor

Open Registry Editor

2. Enable Schema Management Snapin by run regsvr32 schmmgmt.dll from windows command prompt

3. Open Active Directory Schema SnapIn to start create cutomize user properties. From Run, type mmc and select Add/Remove Snap-In from File menu

Add Schema SnapIn

Add Schema SnapIn

4. Expand Active Directory Shema, then right-click on Attributes, select Create Attribute, click Continue on warning message box. Create New Attribute window will display to let you input Attribute options, there are required for Unique X500 Object ID. Before continue, you need get vbscipt from Microsoft Gallery. Just save it on hard disk as file.vbs and run this file.

Run OID generator vbscript

Run OID generator vbscript

It will show you message box as below, copy OID and put in Unique X500 Object ID textbox. Click OK, continue for others attributes

Create New Attribute

Create New Attribute

 

Customize Attribute list

Customize Attribute list

5. Assign customize attribute to Person class. Back to Active Directory Shema console, expand Classes folder and navigate to Person. Right Click Person, and select Properties, switch to Attributes tab, then Click Add button, select for customize attribute just created above and click OK. 

Assign customize attribute to Person class

Assign customize attribute to Person class

6. Finally, Click OK to finish. To verify and change these value, open Active Directory User and Computers in Domain Controller server, open Property of any domain user, click on Attribute Editor tab to see new attributes and change its value.

Customize Active Directory user attributes

Customize Active Directory user attributes

 

Hoang Nhut Nguyen

Email: nhutcmos@gmail.com

Skype: hoangnhut.nguyen