| |
Lancelot
Posts: 3
Score: 0
Joined: 10/2/2005
Status: offline
|
Step-by-Step Guide to Using Active Directory Schema and Display Specifiers
My own experience shared:
First run this on a Test Domain. There would be nothing worse than making a total mess of you Corporate Active Directory Environment. Any work undertaken
on a live Active directory implementation should be undertaken with due caution.
Getting Started:
You will have to perform all the following on the Domain Controller within the Forest that has the Schema
Master role. You will also have to be logged in as a User that has 'Schema Admin' rights. The 'Administrator'
User is a member of the 'Schema Admins' group and therefore has sufficient rights straight out of the box.
My system was tested in a VMware environment with AD being setup on a Windows 2003 Server. My Domain name
set up for the purposes of this guide is 'Server01.Menkaura.local'.
This guide will use the following MMC Snap-Ins: You can use these two support tools to view the results of what follows:
1. ADSIEdit
2. Active Directory Schema
For some unknow reason my out of the box AD environment did'nt come with with either of these Snap-Ins Available
when viewed from the MMC. I had to search for the appropriate dll's on the the AD Server and the Windows Server
2003 CD. ADSIEdit requires a file called the file 'adsiedit.dll' and the 'Active Directory Schema' requires the
file 'schmmgmt.dll'.
Register these files as follows if the Snap_In is not available from within the MMC:
C:\>regsvr32 adsiedit.dll
and
C:\>regsvr32 schmmgmt.dll
In both cases if the registration is successful the following message will be presented:
'DllRegisterServer in <dll name> succeeded'.
Finally go into the MMC and add both Snap-Ins.
Senario:
For the purposes of this guide we are going to add the following User Attributes to our AD Schema:
1. attServiceGroup
2. attServiceUnit
We are aiming to provide a bit more information within AD in terms of the Users position within the Corporate
Organisational Structure.
Lets Step through the Process:
Creating the 'Attributes' -
1. Start the MMC and add the 'Active Directory Schema' Snap-In.
2. In my case I can see that the 'Active Directory Schema [Server01.Menkaura.local]' is available.
4. Now right click on the 'Attributes' folder and choose 'Create Attribute...'. You will get a gentle warning.
5. Fill in the fields as appropriate starting with the 'attServiceGroup' attribute. Note that you may need to give some
consideration to the OID number that you allocate. please see http://www.menkaura.com/Forum/index.php?topic=110.0 for
more information on this subject.
6. Set the remaining attributes up as above.
Creating the 'Class' -
1. Right click on the 'Class' folder and choose to 'Create Class...'. You will get a gentle warning.
2. Fill in the field as appropriate. For example I used the Class name of cOrganisationStructure.Choosing to set up an
'Auxillary class' in this case.
Setting our Auxillary Class to have a relationship with the mandatory 'User' Class -
1. Double click on the 'User' Class. Choose the 'Relationship' tab. Add our 'cOrganisationStructure' Class in as an
Auxillary Class.
Finally Reload the Schema -
1. Right click on the 'Active Directory Schema [Server01.Menkaura.local]' at the top of the right pane and choose to
'Reload Schema'.
You can now use a suitable VBScript to add values to our newly created User Attributes.
Modifying Display Specifiers
The Active Directory Administrative Tools (such as the Active Directory Users and Computers snap-in) and the Windows shell
extensions use display specifiers to dynamically create context menu items and property pages. Display specifiers permit
localization of class and attribute names, context menus, and property pages, and also support new classes and attributes such
as those you created in the previous procedures in this step-by-step guide.
Display specifiers are objects of class displaySpecifier and are stored in a container in Active Directory that corresponds to
the locale ID. This is, in turn, stored in the Display Specifiers container in the Configuration namespace. For example, UK English
display specifiers are stored in the container 'CN=809 0r 'CN=409' for the 'US'. Note: you can see these through the 'Active Directory Schema'
MMC Add-In.
To extend the User Class Display Specifier you may want to use the following code. NB: In this guide, you added an auxiliary class
to the existing User class. All you need to do is add additional context menus and attribute display names to the 'user' Display Specifier.
You can add attribute display names for the new attributes attServiceGroup and attServiceUnit, a context menu for the Active Directory
Users and Computers snap-in, and a context menu for the Windows shell by executing the following VBScript called addmenu.vbs
Alternatively you can use the 'Active Directory Schema' to make these changes manually.
Seeing the results of you hard work - You can view the results by right clicking on the Users in AD Users & Computers and selecting the userAdmin
menu item that will be created. Or you may want to find the User in the Windows Directory from a PC. When you right click on the User the shellMenuContexts
info will appear
However to do this in the form of a VBScript follow the steps below:
1. Firstly save the first VBScript given below into a file called 'addmenu.vbs'.
2. Execute the 'addmenu.vbs' VBScript.
3. Save the 'Menkaura Admin.vbs' and 'Menkaura Info.vbs VBScripts in the SystemFolder (ie C:\Windows\System32).
What it does - The script adds attribute display names for the newly created attributes attServiceGroup and attServiceUnit, adds Windows
shell and Administrative Tools context menus, and points to two simple VBScript programs 'MenkauraShell.vbs' and 'MenkauraAdmin.vbs' in the
Windows System directory. Note: These files therfore need to be there so that the respective menu item when clicked can execute them.
Note: You may want to change the Display Specifier 'CN=809' which is 'UK' to 'CN=409' which is 'US'.
Code starts here for 'addmenu.vbs'-
' Set Variables
Dim oRoot
Dim oDisp
Dim oCont
Dim aMenu
Dim iCount
Dim sNewMenu
Dim oFileSystem
Dim sOutFile
Dim sSystemFolder
Set oFileSystem = WScript.CreateObject("Scripting.FileSystemObject")
sSystemFolder = oFileSystem.GetSpecialFolder(1)
'Connect to Display Specifiers Container
set oRoot = Getobject("LDAP://RootDSE")
set oCont = GetObject("LDAP://" & "CN=809, CN=DisplaySpecifiers," & oRoot.get("configurationNamingContext"))
Set oDisp = oCont.GetObject("displaySpecifier","cn=user-Display")
MsgBox "Display Specifier: " & oDisp.Name
'Add Attribute Display Names for the new attributes attServiceGroup and attServiceUnit
MsgBox "Adding Attribute Display Names for the new attributes attServiceGroup and attServiceUnit"
oDisp.PutEx 3,"attributeDisplayNames" , Array("attServiceGroup,attServiceUnit","attServiceGroup,attServiceUnit")
oDisp.SetInfo
'Add Shell Context Menu. Associated with the User's attributes in the Windows interface
MsgBox "Adding Shell Context Menu Item"
iCount = 0
If Not IsEmpty(oDisp.shellContextMenu) Then
aMenu = oDisp.GetEx("shellContextMenu")
For iCount = LBound(aMenu) to UBound(aMenu)
MsgBox "Existing Menu item: " & aMenu(iCount)
Next
iCount = iCount + 1
End If
MsgBox "Adding Shell Context Menu Program"
sNewMenu = CStr(iCount) & ",&Menkaura Info...,MenkauraShell.vbs"
oDisp.PutEx 3,"shellContextMenu" , Array(sNewMenu)
oDisp.SetInfo
'Add Admin Context Menu
'This is the Menu Item that appears when you right click the User object in AD Users & Computers.
MsgBox "Adding Admin Context Menu item"
iCount = 0
If Not IsEmpty(oDisp.adminContextMenu) Then
aMenu = oDisp.GetEx("adminContextMenu")
For iCount = LBound(aMenu) to UBound(aMenu)
MsgBox "Existing Menu item: " & aMenu(iCount)
Next
iCount = iCount + 1
End If
MsgBox "Adding Admin Context Menu Program"
sNewMenu = CStr(iCount) & ",&Menkaura Admin...,MenkauraAdmin.vbs"
oDisp.PutEx 3,"adminContextMenu" , Array(sNewMenu)
oDisp.SetInfo
MsgBox "Finished..."
'Nullify Variables
Set oDisp = Nothing
Set oCont = Nothing
Set oRoot = Nothing
Set oFileSystem = Nothing
WScript.Quit
- and Code ends here.
Sample 'MenkauraShell.vbs' file. Place this in the SystemFolder. This VBScript will run when you View New Attributes of a User in
the Windows Interface.
To view a user's attributes in the Windows interface
1. Double-click the My Network Places icon on the desktop, double-click Entire Network, click Entire Contents, and then double-click
the Directory icon. Double-click 'Menkaura.local'.
2. Right-click the user Fred and select 'Menkaura Info' from the context menu. A small VBScript message box displays the user's
Menkaura information.
- Code starts here
Dim Args
Dim oUser
Set Args = Wscript.Arguments
MsgBox "LDAP Path: " & Args(0)
MsgBox "Object Class: " & Args(1)
Set oUser = GetObject(Args(0))
MsgBox "User Info" & vbCRLF & "Service Group: " & oUser.attServiceGroup & vbCRLF & "Service Unit: " & oUser.attServiceGroup
Set oUser = Nothing
WScript.Quit
- and Code ends here.
Sample 'MenkauraAdmin.vbs' file. Place this in the SystemFolder. This code will run when you right click the 'Menkaura Admin...'
menu item for a User when you are in AD Users & Computers.
- Code starts here
Dim Args
Dim oUser
Dim temp
Set Args = Wscript.Arguments
MsgBox "LDAP Path: " & Args(0)
MsgBox "Object Class: " & Args(1)
Set oUser = GetObject(Args(0))
temp = InputBox("Old Service Group: " & oUser.attServiceGroup & vbCRLF & "New Service Group")
if temp <> "" then oUser.Put "attServiceGroup",temp
temp = InputBox("Service Unit: " & oUser.attServiceUnit & vbCRLF & "Service Unit")
if temp <> "" then oUser.Put "attServiceUnit",temp
oUser.SetInfo
Set oUser = Nothing
WScript.Quit
- ...and code ends here.
Good Luck!!! Let me know how you got on at http://www.Menkaura.com/Forums.index.php
or see this topic at http://www.menkaura.com/Forum/index.php?topic=111.0
_____________________________
Regards, John
Find me at: http://www.Menkaura.com/Forum/index.php
|
|
Printable Version
Step-by-Step Guide to Using Active Directory Schema and... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread