|
How
can I add additional attributes to
the users objects in Active
Directory?
Windows 2000 and Windows Server 2003
Active Directory allows you to edit
the Schema and add additional
attributes to it. These attributes
can be easily connected to existing
Object Classes such as users,
groups, computers and so on.
Adding items to the
Schema, also called "extending the
Schema", or even modifying existing
objects can be a tricky business,
and if done without proper
knowledge, can be very destructive
to your existing Active Directory
infrastructure. This is because the
Schema is a forest-wide setting, and
any additions or changes to the
Schema will be immediately
replicated to each and every Domain
Controller in each and every domain
in your AD Forest. You cannot make
any changes to the Schema and yet
keep it within your domain's
boundaries. Furthermore, changing
existing attributes (such as
configuring an attribute to
replicate itself to the Global
Catalog) will cause a forest-wide
replication of all the attributes
and objects, even if your change was
just made on one attribute. Note
that this behavior was changed in
Windows Server 2003, but even so,
you might unintentionally cause a
major network load and a lot of
overhead by simply clicking one one
small checkbox on one small
attribute.
Many articles talk
about adding items and extending the
Schema. However on this article I
wish to show you a simple method of
adding attributes to the Schema, and
by using these examples you can
modify them and use them for your
own purposes.
Requirements
|
