Editing custom AD attributes

Tuesday 23 of December, 2008

I have the need to edit the employeeID and employeeNumber attributes in AD. These attributes are not exposed in ADUC. Here's some reference material and a short script for adding the capability.

  • There is a straight forward way of adding items to the right-click menu in AD using the Display Specificers in the AD Configuration container
  • You can use a simple VB script to edit simple attributes
  • You could edit more complex attributes by writing a more complex program (Say with VB), but we won't cover that here.

  • Create a script to edit the attribute
    Here is a simple script (eeID.vbs) to edit the employeeID.
    (Note: To test the script, call it from the command line with a full LDAP path to a user object (ex: 'cscript eeid.vbs LDAP://cn=gmartin,cn=users,dc=somedomain,dc=com'))

Create and save this script somewhere in your path.

' EEID.vbs - GjM - 12/22/08
' Displays and allows edits to employeeID atttribute in AD
Option Explicit
Dim Args, oUsr, sNewID
Set Args = Wscript.Arguments
Set oUsr = GetObject(Args(0))
sNewID = InputBox("LDAP path: " & Args(0) & vbCRLF & vbCRLF & "The Employee ID of the user is: " & oUsr.employeeID_
  & vbCRLF & "If you would like enter a new number or modify the existing number, enter the new number_
  in the textbox below")
if sNewID <> "" then 
	oUsr.Put "employeeID",sNewID
end if
Set oUsr = Nothing

  • Add the item to the user admin context menu
    • Open ADSIEdit and connect to the Configuration container
    • Browse to CN=DisplaySpecifiers, CN=409 (or your language specifier)
    • Right click on CN=user-Display and select Properties
    • Highlight adminContextMenu and click Edit
    • Enter '6,&Employee ID, eeid.vbs' into the "Value to add" field and click Add
      • (Note: the number 6 represents the canonical order of the item in the conext menu. Feel free to play with this value to move your new item into the position you'd like.)
      • (Note: to remove this item from the contect menu, open the edit box again, highlight the EmploteeID line you added and click 'Remove')
    • Click OK to exit all the way out

TechNet article that discusses this process, but beware if you do not know what the script there does (cache)
Article at softheap.com that discusses this, but missed a step (cache)