Need some generic attributes?

By | July 9, 2013

Quite often I see customers that need to use generic attributes to populate user, group or contact objects with certain values that do not appear in the default AD schema.  Most of these customers have Microsoft Exchange and tend to use the extension attributes that are delivered as part of the Exchange AD schema extensions.  This is all well and good, but there are some downsides with using the Exchange extensions.  In particular, the attribute values associated with the Exchange extension attributes are cleared when an object is either mail(or mailbox)-enabled or mail(or mailbox)-disabled.  Exchange effectively “owns” the values for these attributes and does not expect them to be used for anything other than Exchange use.

Armed with this knowledge, what are you supposed to do if you want to use some “spare” schema attributes for general use?  Well, within the AD default schema you don’t have a great deal of choice available.   Your best option is to extend the schema with some custom attributes of your own.  Custom schema extensions are no longer considered the scary beast they once were.  Schema conflicts are rare nowadays and can be handled by defuncting the offending schema class objects as required.

If you plan to add some classes and attributes to the schema you can choose appropriate, non-conflicting names and simply get on  with it.  This is fine if you know the attributes will be used indefinitely, but want if you simply want some generic attributes whose values you will populate for a short period (e.g. a project or a migration) and then re-use for some other purpose?  In that case you could extend your schema with some generic custom attributes – similar to those introduced by Exchange.

The attached LDF file is a schema extension that includes 10 generic string attributes (genericExtensionAttribute1-10).  These are included in custom auxiliary classes (Generic-User, Generic-Group and Generic-Contact) that are then linked to their corresponding classes from the default AD schema (User, Group and Contact).  The attributes have a maximum length of 128 characters (rangeUpper). 

To add the schema extensions, use LDIFDE running from a Administrator command prompt.  The account you use must be a member of the Schema Admins group.

Shortly after the schema update has completed, you will see the new attributes available for population on User, Group and Contact objects.

Feel free to use these extensions as-is (but don’t blame me if anything breaks!).  The OIDs used for the attributes and classes are derived from a parent that has been assigned to me by IANA.  You can obviously modify the LDF to change the names (e.g. if they conflict with anything in your schema) or the OID (e.g. if you have your own).  In any case you will need to replace the forest distinguished name in the LDF file (DC=contoso,DC=com) with your own.  Be sure to test this in your lab environment before you go ahead in production.

The LDF file is available here: Schema_Extensions


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.