How to create custom attribute in Active Directory

Active Directory structure contains different type schema attributes which are used to store unique information about the AD object. By default, Active Directory schema contains all the essential attributes to manage entire organization. But need of every organization will change day by day depends upon various business activity. So that modifying Active Directory schema is inevitable.
 
In this article I am going to explain about how to create Custom Attribute and how to add custom attribute to User Class.
 

Required Permission

Adding custom attribute involves modification in Active Directory schema which requires the modifying user to be a member of Schema Administrators and Enterprise Administrators groups. By default, the Administrator account is a member of the Schema Administrator group.

Adding custom attribute to user object includes the following procedures

  • Register Schema snap-in
  • Creating Custom Attribute
  • Adding Custom Attribute to User Class
  • Restarting Active Directory Domain Services

Register Schema snap-in

  1. Press the keys ‘Windows‘ + ‘R‘.
  2. Type the command RegSvr32SchmMgmt.dll in text field and click OK button.
How to create custom attribute in Active Directory
 
     3. On successful Schema snap-in registration you can see the following confirmation message box.
 

How to create custom attribute in Active Directory
 

Creating Custom Attribute

  1. Press the keys ‘Windows‘ + ‘R‘ to open Run Window.
  2. Type the command mmc.exe and click OK button.
  3. Go to File -> Add/Remove snap-in…or simply press the keys ‘Ctrl’ + ‘M’ to open Add/Remove snap-in.
  4. Select the snap-in Active Directory Schema,  click Add >, and click the button OK.
How to create custom attribute in Active Directory
        
     5. Expand the Active Directory Schema root node, right-click the node Attributes, click Create Attribute….(Go to Active Directory Schema ->Attributes ->Create Attribute…)

How to create custom attribute in Active Directory

  6. If you receive Schema Object Creation warning message,click continue to proceed.


How to create custom attribute in Active Directory

   7. Generating OID: To create custom attribute we need to give new OID. To create new OID, check this article https://www.morgantechspace.com/2013/08/generate-oid-to-create-custom attribute.html to know about how to create new OID using VBScript. Copy the script code from above article and paste it in Notepad file and save the file with the extension .vbs like GenerateOID.vbs 

Run this VBScript file and you will see the output window like below screen.

Steps to create custom attribute in Active Directory
 
Note this OID: 1.2.840.113556.1.8000.2554.53105.25931.2174.18205.37173.12892922.10177807
and in your case you may get different OID depends upon your Domain.
 
8. Now I am going to create custom attribute panID .Fill the following parameters.
  • Common Name: Pan ID
  • LDAP Display Name: panID – (This value automatically populates while you typing Common Name but you can change it if you want give other value)
  • Unique X500 Object ID: 1.2.840.113556.1.8000.2554.53105.25931.2174.18205.37173.12892922.10177807   
Steps to create custom attribute in Active Directory
 
 9. Click the button OK. Now the new custom attribute panID created successfully
and displayed in child node of Attributes. see the below image.

Steps to create custom attribute in Active Directory
 

Adding Custom Attribute to User Class

 To add newly created attribute to User Class follow the below steps.

   1. Navigate to the node Active Directory Schema->Classes, select the class user

Adding Custom Attribute to User Class

2. Right-click the user class, select properties, navigate to Attributes tab, and click Add button.


                                                      Adding Custom Attribute to User Class

 
   3. Select the schema object panID and click OK button.
  
Add Custom Attribute to User Class
 
  4. Now, you have added panID as optional attributes for user class. click Apply to complete process.

Add Custom Attribute to User Class
 
 5. Now you have successfully added the panID attribute to user class. once again right-click the user class, select properties, navigate to Attributes tab and check your change has been updated or not.
 

Restarting Active Directory Domain Services

Now you have created custom attribute and added it into user class to apply these schema changes in complete Active Directory structure we need to restart the AD Domain Services.

1. Press the keys ‘Windows‘+ ‘R‘ to open Run Window.
2. Type the command services.msc and click OK button.
3. Select the service Active Directory Domain Services,  right-click the service, click Restart, and click Yes to Restart all the related services.


Create Custom Attribute to User Class
 

Checking new attribute in Active Directory Users and Computers Console

1. Press the keys ‘Windows‘+ ‘R‘ to open Run Window.
2. Type the command dsa.msc and click OK button.
3. Select the user object Administrator, Right-click->Properties ->Attributes and check the attribute panID.


Create Custom Attribute to User Class
 
Now, you have successfully created custom attribute panID and linked that attribute into user class.
 

Thanks,
Morgan
Software Developer

Advertisement

4 thoughts on “How to create custom attribute in Active Directory”

Leave a Comment