Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Custom Active Directory attributes

Status
Not open for further replies.
disturbedone

disturbedone

Vendor
Sep 28, 2006
781
0
0
AU
I've been implementing Single Sign On with a variety of systems. This is working well and AD supplies the required information.....until now.

There's one application that needs an attribute about staff but that is not stored in AD (I don't want to put these values in a field eg phoneNumber because it isn't a phone number). I'd like to add a custom attribute but want to check some things about before doing it because it's a permanent change to the AD schema and don't want to stuff it up!

I've seen which makes it sounds all very easy. And that part of it is but it doesn't explain about the OID for the new attribute. I then went to which explains it a bit. That led to which is a VBScript and when I run that on my test DC it says:
Your root OID is:
1.2.840.113556.1.8000.2554.42286.18033.25403.19318.33978.9569320.1.2187529
Click to expand...
Look at some existing attributes eg applicationSettings I see that it's X.500 OID is 1.2.840.113556.1.5.7000.49

First question is that if the root OID has 15 parts why does this example only have 8?

The VBScript says:
You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may be any number that you choose. A common schema extension scheme generally uses the following structure:
If your assigned OID was: 1.2.840.113556.1.8000.2554.999999
then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1 the second class OID : 1.2.840.113556.1.8000.2554.999999.1.2 etc

Using this example attributes could be under:
1.2.840.113556.1.8000.2554.999999.2
which makes the first attribute OID:
1.2.840.113556.1.8000.2554.99999.2.1
the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2 etc
Click to expand...
As I want to add a custom attribute to the 'user' class, which has an X.500 OID of 1.2.840.113556.1.5.9 does that mean that my attribute should have an OID of 1.2.840.113556.1.5.9.X? I looked at an existing attribute of the 'user' class (accountExpires) and found it's OID is 1.2.840.113556.1.4.159 - that doesn't end with ....113556.1.5.9

I think I'm right in thinking that I make this new attribute have an OID of 1.2.840.113556.1.5.9.1 but just want to confirm that. If it is, how do I make sure that there isn't another OID of 1.2.840.113556.1.5.9.1?
 
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
53
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
127
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
39
geneg28
geneg28
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
78
technome
technome
mkrausnick
  • Locked
  • Question
Can't write to folder even though Active Directory effective permissions shows full control
Replies
1
Views
62
mkrausnick
mkrausnick

Part and Inventory Search

Sponsor

Back
Top