Wednesday, 21 August 2013

How to create custom attribute in Active Directory

Active Directory structure contains different type schema attributes which are used to store unique information about the AD object. By default, Active Directory schema contains all the essential attributes to manage entire organization. But need of every organization will change day by day depends upon various business activity. So that modifying Active Directory schema is inevitable.

In this article I am going to explain about how to create Custom Attribute and how to add custom attribute to User Class.

Required Permission

Adding custom attribute involves modification in Active Directory schema which requires the modifying user to be a member of Schema Administrators and Enterprise Administrators groups. By default, the Administrator account is a member of the Schema Administrator group.

Adding custom attribute to user object includes the following procedures
  • Register Schema snap-in
  • Creating Custom Attribute
  • Adding Custom Attribute to User Class
  • Restarting Active Directory Domain Services

Register Schema snap-in

  1. Press the keys 'Windows' + 'R'.
  2. Type the command RegSvr32 SchmMgmt.dll in text field and click OK button.

     3. On successful Schema snap-in registration you can see the following confirmation message box.

Creating Custom Attribute

  1. Press the keys 'Windows' + 'R' to open Run Window.
  2. Type the command mmc.exe and click OK button.
  3. Go to File -> Add/Remove snap-in...or simply press the keys 'Ctrl' + 'M' to open Add/Remove snap-in.
  4. Select the snap-in Active Directory Schema,  click Add >,  and click the button OK.
     5. Expand the Active Directory Schema root node, right-click the node Attributes, click Create Attribute....(Go to Active Directory Schema ->Attributes ->Create Attribute...)

  6. If you receive Schema Object Creation warning message,click continue to proceed.

   7. Generating OID: To create custom attribute we need to give new OID. To create new OID, check this article to know about how to create new OID using VBScript. Copy the script code from above article and paste it in Notepad file and save the file with the extension .vbs like GenerateOID.vbs 

Run this VBScript file and you will see the output window like below screen.
     Note this OID: 1.2.840.113556.1.8000.2554.53105.25931.2174.18205.37173.12892922.10177807 and in your case you may get different OID depends upon your Domain.

8. Now I am going to create custom attribute panID .Fill the following parameters.
  • Common Name: Pan ID
  • LDAP Display Name: panID - (This value automatically populates while you typing Common Name but you can change it if you want give other value)
  • Unique X500 Object ID: 1.2.840.113556.1.8000.2554.53105.25931.2174.18205.37173.12892922.10177807

 9. Click the button OK. Now the new custom attribute panID created successfully and displayed in child node of Attributes. see the below image.

Adding Custom Attribute to User Class

 To add newly created attribute to User Class follow the below steps.

   1. Navigate to the node Active Directory Schema->Classes, select the class user

2. Right-click the user class, select properties, navigate to Attributes tab, and click Add button.

   3. Select the schema object panID and click OK button.

  4. Now, you have added panID as optional attributes for user class. click Apply to complete process.

 5. Now you have successfully added the panID attribute to user class. once again right-click the user class, select properties, navigate to Attributes tab and check your change has been updated or not.

Restarting Active Directory Domain Services

Now you have created custom attribute and added it into user class to apply these schema changes in complete Active Directory structure we need to restart the AD Domain Services.

1. Press the keys 'Windows'+ 'R' to open Run Window.
2. Type the command services.msc and click OK button.
3. Select the service Active Directory Domain Services,  right-click the service, click Restart, and click Yes to Restart all the related services.

Checking new attribute in Active Directory Users and Computers Console

1. Press the keys 'Windows'+ 'R' to open Run Window.
2. Type the command dsa.msc and click OK button.
3. Select the user object Administrator, Right-click->Properties ->Attributes and check the attribute panID.

Now, you have successfully created custom attribute panID and linked that attribute into user class.

Software Developer



  1. Nice Article. Thank you. if we have multiple DCs in the environment, how long would you recommend waiting before we restart AD DS on the other controllers.

  2. Very Very Nice Article Morgan . thanks

  3. Thank you for the concise solution.