Manipulating Active Directory search and add custom attribute

As you know search function in Active Directory plays a key role in finding your appropriate objects within your environment. You can use different methods in order to find a specific object. There are tools to perform this option, Powershell is my cool friend in searching and search function in Active Directory is another method. Sometimes you may need to search for an object based on your criteria which is a custom attribute. Suppose you have manipulated the schema and added your custom attributes and now you want to move one step forward and import this newly created attribute to the default attributes of search function in active directory. In this tutorial, firstly I create an attribute and after that, adding it to the search attributes will be explained.

In order to create your custom attributes you have to manipulate schema. For this purpose open up a command prompt as Administrator and type the following command and hit Enter.

Regsvr32 schmmgmt.dll

A message box will pop up and inform you that registering of schema dll has been succeeded.

Now navigate to Start > Run and type mmc. Since you have successfully registered Schema dll you can add this consol via mmc. Add the Schema console and click Ok.

For now navigate to Attributes and right click for New Attributes. Here we want to create an attribute in order to store Skype Id of the employees. Since Skype Ids are in string format, make sure to choose String as the syntax. For testing purpose we use 1.2.3.4.5 as object id, but in real production environment I strongly recommend to assign a unique OID for your attribute. You can refer to this awesome script written by The Scripting Guys to obtain a unique OID.

After creating the attribute you must linkit to a class. Since Skype is a user based attribute, you should add it to user class. So navigate to class container and right click User and go to properties. Add Skype attribute to to the class and click Ok.

 

For testing purpose, we just insert a value to skype attribute of a user. Follow these steps to perform the action.

Insert the appropriate value for this attribute.

We have added the value to the Skype attribute now. Let’s manipulate the ADUC search function now. Open ADSIedit and right click on the top node in order to choose Connect to:

Expand the DisplaySpecifiers and click CN=409. It is the default display specifier for US locale. If you are using a different locale you must choose the right container.

Choose cn=user-Display object. We want to edit attributeDisplayNames. So choose attributeDisplayNames and click Edit.

In the Value to add text box type skype,Skype and click Add. Finally click Ok.

It is time to test the results. Reopen the ADUC and go for a find.

After specifying that you are searching based on skype and typing the criteria click Find Now and review the result.

About Mahdi

Post Archive

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47

Fix Group Policy error 1058

Written By Mahdi Tehrani on Saturday, 30 April 2016 09:32

Statistics

Map