Monday, October 1, 2007

Creating Custom AD Attributes

This post will detail the procedure for the creation of custom Active Directory attributes and extending the schema.

Note: Whenever possible it is recommended to use default attributes within Active Directory.

Before create the attributes for the organization will have to obtain a Root OID from an ISO Name Registration Authority.

To request and OID namespace:
http://www.iana.org/cgi-bin/enterprise.pl
Entire list of Enterprise Numbers can be located on this site. Check to see if your company is listed within the list :
http://www.iana.org/assignments/enterprise-numbers . The root that IANA uses is listed at the top of the page (1.3.6.1.4.1). At the beginning of each company entry within the list is a "Branch" ID. (ex. Microsoft is 311) This branch ID is to be appended to the end of the IANA root id, (Ex. 1.3.5.1.4.1.311) which makes up the company's OID namespace.

Format To use: (IANA root ID)(BranchID)(ApplicationID)
Example: 1.3.6.1.4.1.311.2.1
Note: The application ID above "2" and last octet digit "1" is determined by you. Make sure to document all the OIDs you generate for easy reference.

After you have your OID, then you can begin creating your custom attributes. Below is the procedure to do this.

  1. Log on to the Domain Controller serving the Schema Master FSMO role (Finding Schema Master: Command: netdom query fsmo /domain:)
  2. Resolve any outstanding replication issues: repadmin /replsummary /bydst /bysrc /sort:delta
  3. Back up the system state on the Schema Master.
  4. Disable outbound replication on the Schema Master:repadmin /options +DISABLE_OUTBOUND_REPL
  5. Perform the extension; Open Schema Admins (Windows support