Recipe 10.12 Modifying the Attributes That Are Copied When Duplicating a User

10.12.1 Problem

You want to add an attribute to the list of attributes that are copied when duplicating a user with the Active Directory Users and Computers snap-in.

10.12.2 Solution

For Windows 2000 Active Directory you need to enable schema modifications before proceeding. See Recipe 10.2 for more information.

10.12.2.1 Using a graphical user interface
  1. Open the Active Directory Schema snap-in.

  2. In the left pane, click on the Attributes folder.

  3. In the right pane, double-click the attribute you want to edit.

  4. Check the box beside Attribute is copied when duplicating a user.

  5. Click OK.

10.12.2.2 Using a command-line interface

You can cause an attribute to get copied when duplicating a user by using the ldifde utility and an LDIF file that contains the following:

dn: cn=rallencorp-LanguagesSpoken,cn=schema,cn=configuration,<ForestRootDN>
changetype: modify
replace: searchFlags
searchFlags: 16
-

If the LDIF file were named add_dup_user_attr.ldf, you would run the following command:

> ldifde -v -i -f add_dup_user_attr.ldf
10.12.2.3 Using VBScript
' This code adds an attribute to the list of attributes that get
' copied when duplicating a user.
' ------ SCRIPT CONFIGURATION ------
' Set to the common name (not LDAP display dame) of the attribute
strAttrName = "<AttrCommonName>"   ' e.g. rallencorp-LanguagesSpoken
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://RootDSE")
set objAttr = GetObject("LDAP://cn=" & strAttrName & "," & objRootDSE.
Get("schemaNamingContext"))
objAttr.Put "searchFlags", 16
objAttr.SetInfo
WScript.Echo "New copied attribute: " & strAttrName

The CLI and VBScript solutions assume that searchFlags wasn't previously set and just blindly overwrites whatever value is present if one was. Check our Recipe 4.12 for a better solution that will enable the bit you want without overwriting any previous settings.

10.12.3 Discussion

The Active Directory Users and Computers snap-in queries the schema for the list of attributes that should be copied whenever you right-click on a user and select Copy. This flag is purely informational and does not impose any restrictions or result in any impact on the DIT, like indexing an attribute does.

To find which attributes are copied when duplicating a user, use the following search criteria:

Base
cn=Schema,cn=Configuration,<ForestRootDN>
Filter
(&(objectcategory=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=16))
Scope
onelevel

Alternatively, to find attributes that aren't copied, change the search filter above to the following:

(&(objectcategory=attributeSchema)(!(searchFlags:1.2.840.113556.1.4.803:=16)))

10.12.4 See Also

Recipe 4.12 for modifying a bit flag attribute and Recipe 10.7 for adding a new attribute



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List