RE: [ActiveDir] Group ID Code Attribute
Todd, We simply use the extensionAttrribute1 - 15 (1-10 are visible in the ADUC GUI). If you have Exchange installed, simply exchange enable the group object and then you have the additional attributes to play with. Hide the group from the GAL so ppl don't get confused, and apply an Exchange recipient policy so that the group doesn't get an externally-addressable email address (or restrict who can send emails to the group). We use this method extensively for groups, and locate the group type, available drive mappings and share locations in the custom attributes. At logon, the logon script parses these attributes for the groups the user is a member of, and maps drives accordingly. As for exposing schema-added attributes to the native tools, you would probably need to write a Property Page Extension to hook into the existing admin tools, or write an addin that extended the right-click menus etc. In either case it's a fair bit of work. Glenn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Thursday, 30 September 2004 2:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group ID Code Attribute Greetings, We have a requirement for encoding an entry on our AD groups with an ID code in an attribute. I have been asked to look into ways to best accomplish the requirement. I have reviewed the AD schema, and there doesn't appear to be an attribute dedicated to this function already. (We are looking for something like Employee ID.) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/attributes_all.asp So it looks like our alternatives are to either use an existing attribute on a group, or to extend the schema to support the attribute. My question for the list is has anyone ran into this before and if so, what approach have you done. If I choose the option to extend the schema, how would we expose that attribute to be modified in native tools? Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group ID Code Attribute
Thanks Glenn, That is a really interesting idea. We are also users of Quest Active Roles Server, this product has a option to create attributes within its system. Thanks for the feedback. Todd -Original Message- From: Glenn Corbett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 10:16 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Group ID Code Attribute Todd, We simply use the extensionAttrribute1 - 15 (1-10 are visible in the ADUC GUI). If you have Exchange installed, simply exchange enable the group object and then you have the additional attributes to play with. Hide the group from the GAL so ppl don't get confused, and apply an Exchange recipient policy so that the group doesn't get an externally-addressable email address (or restrict who can send emails to the group). We use this method extensively for groups, and locate the group type, available drive mappings and share locations in the custom attributes. At logon, the logon script parses these attributes for the groups the user is a member of, and maps drives accordingly. As for exposing schema-added attributes to the native tools, you would probably need to write a Property Page Extension to hook into the existing admin tools, or write an addin that extended the right-click menus etc. In either case it's a fair bit of work. Glenn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Thursday, 30 September 2004 2:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group ID Code Attribute Greetings, We have a requirement for encoding an entry on our AD groups with an ID code in an attribute. I have been asked to look into ways to best accomplish the requirement. I have reviewed the AD schema, and there doesn't appear to be an attribute dedicated to this function already. (We are looking for something like Employee ID.) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/attributes_all.asp So it looks like our alternatives are to either use an existing attribute on a group, or to extend the schema to support the attribute. My question for the list is has anyone ran into this before and if so, what approach have you done. If I choose the option to extend the schema, how would we expose that attribute to be modified in native tools? Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group ID Code Attribute
The Employee ID attribute you speak of is there... it is listed under Organization in the User Properties. Now, if you want, you could use one of the attributes that are in teh Managed By in the Group Properties. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Myrick, Todd (NIH/CIT) Sent: Wednesday, September 29, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group ID Code Attribute Greetings, We have a requirement for encoding an entry on our AD groups with an ID code in an attribute. I have been asked to look into ways to best accomplish the requirement. I have reviewed the AD schema, and there doesn't appear to be an attribute dedicated to this function already. (We are looking for something like Employee ID.) http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/attributes_all.asp So it looks like our alternatives are to either use an existing attribute on a group, or to extend the schema to support the attribute. My question for the list is has anyone ran into this before and if so, what approach have you done. If I choose the option to extend the schema, how would we expose that attribute to be modified in native tools? Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Group ID Code Attribute
Thanks, But I dont see it. Thanks for your suggestion. Todd -Original Message- From: Rodriguez, Daniel [EPM/SRM] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 12:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Group ID Code Attribute The Employee ID attribute you speak of is there... it is listed under Organization in the User Properties. Now, if you want, you could use one of the attributes that are in teh Managed By in the Group Properties. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Myrick, Todd (NIH/CIT) Sent: Wednesday, September 29, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group ID Code Attribute Greetings, We have a requirement for encoding an entry on our AD groups with an ID code in an attribute. I have been asked to look into ways to best accomplish the requirement. I have reviewed the AD schema, and there doesn't appear to be an attribute dedicated to this function already. (We are looking for something like Employee ID.) http://msdn.microsoft.com/library/default.asp?url=""> schema/attributes_all.asp So it looks like our alternatives are to either use an existing attribute on a group, or to extend the schema to support the attribute. My question for the list is has anyone ran into this before and if so, what approach have you done. If I choose the option to extend the schema, how would we expose that attribute to be modified in native tools? Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ attachment: image002.jpg
