How can I add an attribute to the user class and expose it in Directory and Resource Administrator? (NETIQKB49128)

  • 7749128
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
How can I add an attribute to the user class and expose it in Directory and Resource Administrator?

goal
How can I extend the schema in Active Directory and see the new attribute in Directory and Resource Administrator?

goal
How do I add a new attribute to the schema so that it will show up in DRA?

fact
Directory and Resource Administrator 7.x

fix

You can add attributes and then expose those attributes in Directory and Resource Administrator. The following is an example scenario where the attribute names to be added are:

  • SocialSecurityNumber
  • SalaryLevel

The procedure below assumes that the user is a member of the Schema Admins group and is logged in to the Domain Controller that is the schema master for the forest.  This procedure also assumes that the server is running Windows Server 2003, and that the environment is a single forest environment. Perform the following tasks in order to add and then expose new attributes in DRA.

To register the schema snap-in:

  1. Click Start > Run and type regsvr32 schmmgmt.dll in the Open text box.
  2. Click OK.

To start the Active Directory Schema snap-in:

  1. Click Start > Run and type MMC in the Open text box.
  2. Click OK.
  3. On the File menu, click Add/Remove Snap-in.
  4. Click Add, and then click Active Directory Schema.
  5. Click Add, click Close, and then click OK.
  6. If you want to save the MMC console containing the Active Directory Schema snap-in, click File > Save As and type a name for the saved console (for example, Schema.msc).
  7. Click Save.

To create new attributes:

  1. In the left pane, expand Active Directory Schema.
  2. Right-click Attributes and select New > Attribute.
  3. When you receive a warning that creating schema objects is a permanent operation and cannot be undone, click Continue.

To create the new SocialSecurityNumber attribute:

  1. Type SocialSecurityNumber in the Common Name text box.
  2. Type SocialSecurityNumber in the LDAP Display Name text box.
  3. Type 1.2.840.113556.1.4.7000.142 in the Unique X500 Object ID text box.
  4. Type Social-Security-Number in the Description text box.
  5. Select Case Insensitive String in the Syntax list.
  6. Click OK.

To create the new SalaryLevel attribute:

  1. Right-click Attributes and select New > Attribute.
  2. When you receive a warning that creating schema objects is a permanent operation and cannot be undone, click Continue.
  3. Type SalaryLevel in the Common Name text box.
  4. Type SalaryLevel in the LDAP Display Name text box.
  5. Type 1.2.840.113556.1.4.7000.141 in the Unique X500 Object ID text box.
  6. Type Salary-Level in the Description text box.
  7. Select Integer in the Syntax list.
  8. Click OK.

To add the new attributes to the User Class:

  1. In the left pane, select Classes > user.
  2. Right-click user and select Properties.
  3. Click the Attributes tab.
  4. Click Add, select SocialSecurityNumber from the list, and click OK.
  5. Click Add, select SalaryLe.
    vel
    from the list, and click OK.
  6. Click OK.

To add the new attributes to User Pages in Directory and Resource Administrator:

  1. Start the DRA Delegation and Configuration console.
  2. Expand Configuration Management > User Interface Extensions.
  3. Right-click User Interface Extensions and select New > User Page to start the New Custom Page wizard.
  4. In the Welcome window, click Next.
  5. In the General window, type the new attribute name in the Name text box and click Next.
  6. In the Properties window, click Add.
  7. In the Property for Custom Page window, click Browse.
  8. Select the name of the correct attribute and click OK.
  9. Review the choices on the Property for Custom Page window and click OK.
  10. Repeat Steps 7 through 9 for each attribute that should appear on the same custom page in DRA.
  11. In the New Custom Page window, click Finish.
.


note

IMPORTANT: International standards authorities such as the International Telecommunications Union (ITU) issue object identifiers (OIDs) in order to prevent issuance of duplicates. If your organization expects to create new classes and attributes, you may want to first request OIDs from the relevant standards body in your country. The OIDs listed here have been issued by Microsoft and are guaranteed to be unique. Do not create your own OIDs. In the steps above, OIDs are called Unique X500 Object IDs.



note

You can also obtain an ID from the Microsoft Certified for Windows Web site. You may need to use the OIDGEN utility from the Resource Kit.



note

IMPORTANT:  You must wait for Active Directory schema replication to occur on all domain controllers so that the domain controller DRA uses can see these schema changes.



Additional Information

Formerly known as NETIQKB49128

Feedback service temporarily unavailable. For content questions or problems, please contact Support.