You want to add a new class to the schema.
Open the Active Directory Schema snap-in.
In the left pane, right-click on the Classes folder and select Create Class . . .
Click the Continue button to confirm that you want to extend the schema.
Enter the information for the new class and click Next.
Enter any mandatory and optional attributes and click Finish.
You can create new classes by using ldifde and an LDIF file that contains the properties to be set on the class. The following text shows an example LDIF file called create_class.ldf that creates a class called rallencorp-SalesUser:
dn: cn=rallencorp-SalesUser,cn=schema,cn=configuration,<ForestRootDN> changetype: add objectclass: classSchema lDAPDisplayName: rallencorp-SalesUser governsId: 188.8.131.52.4.1.9184.108.40.206.4 objectClassCategory: 3 subClassOf: top description: Auxiliary class for Sales user attributes adminDescription: Auxiliary class for Sales user attributes mayContain: rallencorp-Building mayContain: rallencorp-Theatre
Then run the following command:
> ldifde -v -i -f create_class.ldf
' This code creates a class in the schema called rallencorp-SalesUser. ' It is assumed that the script is being run by a member of Schema Admins set objRootDSE = GetObject("LDAP://RootDSE") set objSchemaCont = GetObject("LDAP://" & _ objRootDSE.Get("schemaNamingContext") ) set objClass = objSchemaCont.Create("classSchema", _ "cn=rallencorp-SalesUser") objClass.Put "lDAPDisplayName", "rallencorp-SalesUser" objClass.Put "governsId", "220.127.116.11.4.1.918.104.22.168.4" objClass.Put "objectClassCategory", 3 objClass.Put "subClassOf", "top" objClass.Put "adminDescription", "Languages a user speaks" objClass.Put "mayContain", Array("rallencorp-Building","rallencorp-Theatre") objClass.SetInfo WScript.Echo "Class created"
To create a new class, you need to create a classSchema object in the Schema container. The important attributes to set include:
Defines the OID for the class
Defines the class type
Defines the parent class
Defines any optional and mandatory attributes for instantiated objects of the class
The lDAPDisplayName also needs to be set and should be equal to the common name (cn) as a general rule. Even though many of the default classes do not use the same name for the common name and LDAP display name, using the same name is highly recommended to avoid confusion when referencing the class. Another best practice is to set the schemaIDGUID of the class, which is especially important if you are doing anything with extended rights. The See Also section contains references to recipes that cover some of these topics in more depth.
Introduction in Chapter 10 for attributes of classSchema objects, Recipe 10.3 for generating an OID, Recipe 10.4 for generating a GUID, Recipe 10.17 for more on object class type, Recipe 10.19 for setting the default security for a class, and Recipe 10.22 for reloading the schema cache