You want to add a new attribute to the schema.
|
Open the Active Directory Schema snap-in.
In the left pane, right-click on the Attributes folder and select Create Attribute.
Click the Continue button to confirm that you want to extend the schema.
Enter the information for the new attribute.
Click OK.
You can create new attributes by using ldifde and an LDIF file that contains the properties to be set on the attribute. The following text shows an example LDIF file called create_attr.ldf that creates an attribute called rallencorp-LanguagesSpoken:
dn: cn=rallencorp-LanguagesSpoken,cn=schema,cn=configuration,<ForestRootDN> changetype: add objectclass: attributeSchema lDAPDisplayName: rallencorp-LanguagesSpoken attributeId: 1.3.6.1.4.1.999.1.1.28.3 oMSyntax: 20 attributeSyntax: 2.5.5.4 isSingleValued: FALSE searchFlags: 1 description: "Languages a user speaks"
Then run the following command:
> ldifde -v -i -f create_attr.ldf
' This code illustrates how to create an attribute ' called rallencorp-LanguagesSpoken set objRootDSE = GetObject("LDAP://RootDSE") set objSchemaCont = GetObject("LDAP://" & _ objRootDSE.Get("schemaNamingContext") ) set objAttr = objSchemaCont.Create("attributeSchema", _ "cn=rallencorp-LanguagesSpoken") objAttr.Put "lDAPDisplayName", "rallencorp-LanguagesSpoken" objAttr.Put "attributeId", "1.3.6.1.4.1.999.1.1.28.3" objAttr.Put "oMSyntax", 20 objAttr.Put "attributeSyntax", "2.5.5.4" objAttr.Put "isSingleValued", FALSE objAttr.Put "description", "Languages a user speaks" objAttr.Put "searchFlags", 1 ' index the attribute objAttr.SetInfo WScript.Echo "Attribute created"
To create an attribute, you need to add an attributeSchema object to the Schema container. Typically, when you extend the schema, you perform several additions or modifications at once. The order of your extensions is very important. You can't create a class, assign an attribute, and then create the attribute; you obviously need to create the attribute before it can be assigned to the class. Even if you create the attribute before you assign it to a class, you must reload the schema before doing the class assignment. Reloading the schema is described in more detail in Recipe 10.22.
Most of the attributes that can be set on attributeSchema objects are pretty straightforward, but a couple of them take a little explanation. The attributeSyntax and oMSyntax attributes together define the syntax, or the type of data that can be contained in the attribute. Table 10-3 shows the possible combinations of these two attributes and the resulting syntax.
Name |
attributeSyntax |
oMSyntax |
Description |
---|---|---|---|
AccessPointDN |
2.5.5.14 |
127 |
Type of distinguished name taken from X.500. |
Boolean |
2.5.5.8 |
1 |
TRUE or FALSE value. |
CaseExactString |
2.5.5.3 |
27 |
Case-sensitive string. |
CaseIgnoreString |
2.5.5.4 |
20 |
Case-insensitive string. |
DirectoryString |
2.5.5.12 |
64 |
Case-insensitive Unicode string. |
DN |
2.5.5.1 |
127 |
String representing a distinguished name. |
DNWithBinary |
2.5.5.7 |
127 |
Octet string that has the following format: B:CharCount:BinaryValue:ObjectDN where CharCount is the number of hexadecimal digits in BinaryValue, BinaryValue is the hexadecimal representation of the binary value, and ObjectDN is a distinguished name. |
DNWithString |
2.5.5.14 |
127 |
Octet string that contains a string value and a DN. A value with this syntax has the following format: S:CharCount:StringValue:ObjectDN where CharCount is the number of characters in the StringValue string, and ObjectDN is a distinguished name of an object in Active Directory. |
Enumeration |
2.5.5.9 |
10 |
Defined in X.500 and treated as an integer. |
GeneralizedTime |
2.5.5.11 |
24 |
Time string format defined by ASN.1 standards. See ISO 8601 and X.680. |
IA5String |
2.5.5.5 |
22 |
Case-sensitive string containing characters from the IA5 character set. |
Integer |
2.5.5.9 |
2 |
32-bit integer. |
Integer8 |
2.5.5.16 |
65 |
64-bit integer, also known as a large integer. |
NTSecurityDescriptor |
2.5.5.15 |
66 |
Octet string that contains a security descriptor. |
NumericString |
2.5.5.6 |
18 |
String that contains digits. |
OctetString |
2.5.5.10 |
4 |
Array of bytes used to store binary data. |
OID |
2.5.5.2 |
6 |
String that contains digits (0-9) and decimal points (.). |
ORName |
2.5.5.7 |
127 |
Taken from X.400; used for X.400 to RFC 822 mapping. |
PresentationAddress |
2.5.5.13 |
127 |
String that contains OSI presentation addresses. |
PrintableString |
2.5.5.5 |
19 |
Case-sensitive string that contains characters from the printable character set. |
ReplicaLink |
2.5.5.10 |
127 |
Used by Active Directory internally. |
Sid |
2.5.5.17 |
4 |
Octet string that contains a security identifier (SID). |
UTCTime |
2.5.5.11 |
23 |
Time string format defined by ASN.1 standards. |
The searchFlags attribute is a bit flag that defines special properties related to searching with the attribute. Table 10-4 contains the values that can be set for this attribute. The values are cumulative; so in order to index an attribute and include it in ANR searches, you would set a value of 5 (1 + 4).
Value |
Description |
---|---|
1 |
Index over attribute. See Recipe 10.11 for more information. |
2 |
Index over container and attribute. |
4 |
Include as part of Ambiguous Name Resolution (ANR). Should be used in addition to 1. See Recipe 10.13 for more information. |
8 |
Preserve attribute in tombstone objects. |
16 |
Copy attribute when duplicating an object. See Recipe 10.12 for more information. |
32 |
Create a tuple index for this attribute. This improves the response time for searches that put a wildcard in front of the search string for the attribute, (e.g., givenname=*on). |
Recipe 4.12 for setting a bit flag, Recipe 10.9 for adding a new class, and Recipe 10.22 for reloading the schema