G
Gary
Step-by-Step Guide to Using Active Directory Schema and Display
Specifiers
My own experience shared:
First run this on a Test Domain. There would be nothing worse than
making a total mess of you Corporate Active Directory Environment. Any
work undertaken
on a live Active directory implementation should be undertaken with due
caution.
Getting Started:
You will have to perform all the following on the Domain Controller
within the Forest that has the Schema
Master role. You will also have to be logged in as a User that has
'Schema Admin' rights. The 'Administrator'
User is a member of the 'Schema Admins' group and therefore has
sufficient rights straight out of the box.
My system was tested in a VMware environment with AD being setup on a
Windows 2003 Server. My Domain name
set up for the purposes of this guide is 'Server01.Menkaura.local'.
This guide will use the following MMC Snap-Ins: You can use these two
support tools to view the results of what follows:
1. ADSIEdit
2. Active Directory Schema
For some unknow reason my out of the box AD environment did'nt come
with with either of these Snap-Ins Available
when viewed from the MMC. I had to search for the appropriate dll's on
the the AD Server and the Windows Server
2003 CD. ADSIEdit requires a file called the file 'adsiedit.dll' and
the 'Active Directory Schema' requires the
file 'schmmgmt.dll'.
Register these files as follows if the Snap_In is not available from
within the MMC:
C:\>regsvr32 adsiedit.dll
and
C:\>regsvr32 schmmgmt.dll
In both cases if the registration is successful the following message
will be presented:
'DllRegisterServer in <dll name> succeeded'.
Finally go into the MMC and add both Snap-Ins.
Senario:
For the purposes of this guide we are going to add the following User
Attributes to our AD Schema:
1. attServiceGroup
2. attServiceUnit
We are aiming to provide a bit more information within AD in terms of
the Users position within the Corporate
Organisational Structure.
Lets Step through the Process:
Creating the 'Attributes' -
1. Start the MMC and add the 'Active Directory Schema' Snap-In.
2. In my case I can see that the 'Active Directory Schema
[Server01.Menkaura.local]' is available.
4. Now right click on the 'Attributes' folder and choose 'Create
Attribute...'. You will get a gentle warning.
5. Fill in the fields as appropriate starting with the
'attServiceGroup' attribute. Note that you may need to give some
consideration to the OID number that you allocate. please see
http://www.menkaura.com/Forum/index.php?topic=110.0 for
more information on this subject.
6. Set the remaining attributes up as above.
Creating the 'Class' -
1. Right click on the 'Class' folder and choose to 'Create Class...'.
You will get a gentle warning.
2. Fill in the field as appropriate. For example I used the Class name
of cOrganisationStructure.Choosing to set up an
'Auxillary class' in this case.
Setting our Auxillary Class to have a relationship with the mandatory
'User' Class -
1. Double click on the 'User' Class. Choose the 'Relationship' tab.
Add our 'cOrganisationStructure' Class in as an
Auxillary Class.
Finally Reload the Schema -
1. Right click on the 'Active Directory Schema
[Server01.Menkaura.local]' at the top of the right pane and choose to
'Reload Schema'.
You can now use a suitable VBScript to add values to our newly created
User Attributes.
Modifying Display Specifiers
The Active Directory Administrative Tools (such as the Active Directory
Users and Computers snap-in) and the Windows shell
extensions use display specifiers to dynamically create context menu
items and property pages. Display specifiers permit
localization of class and attribute names, context menus, and property
pages, and also support new classes and attributes such
as those you created in the previous procedures in this step-by-step
guide.
Display specifiers are objects of class displaySpecifier and are stored
in a container in Active Directory that corresponds to
the locale ID. This is, in turn, stored in the Display Specifiers
container in the Configuration namespace. For example, UK English
display specifiers are stored in the container 'CN=809 0r 'CN=409' for
the 'US'. Note: you can see these through the 'Active Directory Schema'
MMC Add-In.
To extend the User Class Display Specifier you may want to use the
following code. NB: In this guide, you added an auxiliary class
to the existing User class. All you need to do is add additional
context menus and attribute display names to the 'user' Display
Specifier.
You can add attribute display names for the new attributes
attServiceGroup and attServiceUnit, a context menu for the Active
Directory
Users and Computers snap-in, and a context menu for the Windows shell
by executing the following VBScript called addmenu.vbs
Alternatively you can use the 'Active Directory Schema' to make these
changes manually.
Seeing the results of you hard work - You can view the results by right
clicking on the Users in AD Users & Computers and selecting the
userAdmin
menu item that will be created. Or you may want to find the User in the
Windows Directory from a PC. When you right click on the User the
shellMenuContexts
info will appear
However to do this in the form of a VBScript follow the steps below:
1. Firstly save the first VBScript given below into a file called
'addmenu.vbs'.
2. Execute the 'addmenu.vbs' VBScript.
3. Save the 'Menkaura Admin.vbs' and 'Menkaura Info.vbs VBScripts in
the SystemFolder (ie C:\Windows\System32).
What it does - The script adds attribute display names for the newly
created attributes attServiceGroup and attServiceUnit, adds Windows
shell and Administrative Tools context menus, and points to two simple
VBScript programs 'MenkauraShell.vbs' and 'MenkauraAdmin.vbs' in the
Windows System directory. Note: These files therfore need to be there
so that the respective menu item when clicked can execute them.
Note: You may want to change the Display Specifier 'CN=809' which is
'UK' to 'CN=409' which is 'US'.
Code starts here for 'addmenu.vbs'-
' Set Variables
Dim oRoot
Dim oDisp
Dim oCont
Dim aMenu
Dim iCount
Dim sNewMenu
Dim oFileSystem
Dim sOutFile
Dim sSystemFolder
Set oFileSystem = WScript.CreateObject("Scripting.FileSystemObject")
sSystemFolder = oFileSystem.GetSpecialFolder(1)
'Connect to Display Specifiers Container
set oRoot = Getobject("LDAP://RootDSE")
set oCont = GetObject("LDAP://" & "CN=809, CN=DisplaySpecifiers," &
oRoot.get("configurationNamingContext"))
Set oDisp = oCont.GetObject("displaySpecifier","cn=user-Display")
MsgBox "Display Specifier: " & oDisp.Name
'Add Attribute Display Names for the new attributes attServiceGroup and
attServiceUnit
MsgBox "Adding Attribute Display Names for the new attributes
attServiceGroup and attServiceUnit"
oDisp.PutEx 3,"attributeDisplayNames" ,
Array("attServiceGroup,attServiceUnit","attServiceGroup,attServiceUnit")
oDisp.SetInfo
'Add Shell Context Menu. Associated with the User's attributes in the
Windows interface
MsgBox "Adding Shell Context Menu Item"
iCount = 0
If Not IsEmpty(oDisp.shellContextMenu) Then
aMenu = oDisp.GetEx("shellContextMenu")
For iCount = LBound(aMenu) to UBound(aMenu)
MsgBox "Existing Menu item: " & aMenu(iCount)
Next
iCount = iCount + 1
End If
MsgBox "Adding Shell Context Menu Program"
sNewMenu = CStr(iCount) & ",&Menkaura Info...,MenkauraShell.vbs"
oDisp.PutEx 3,"shellContextMenu" , Array(sNewMenu)
oDisp.SetInfo
'Add Admin Context Menu
'This is the Menu Item that appears when you right click the User
object in AD Users & Computers.
MsgBox "Adding Admin Context Menu item"
iCount = 0
If Not IsEmpty(oDisp.adminContextMenu) Then
aMenu = oDisp.GetEx("adminContextMenu")
For iCount = LBound(aMenu) to UBound(aMenu)
MsgBox "Existing Menu item: " & aMenu(iCount)
Next
iCount = iCount + 1
End If
MsgBox "Adding Admin Context Menu Program"
sNewMenu = CStr(iCount) & ",&Menkaura Admin...,MenkauraAdmin.vbs"
oDisp.PutEx 3,"adminContextMenu" , Array(sNewMenu)
oDisp.SetInfo
MsgBox "Finished..."
'Nullify Variables
Set oDisp = Nothing
Set oCont = Nothing
Set oRoot = Nothing
Set oFileSystem = Nothing
WScript.Quit
- and Code ends here.
Sample 'MenkauraShell.vbs' file. Place this in the SystemFolder. This
VBScript will run when you View New Attributes of a User in
the Windows Interface.
To view a user's attributes in the Windows interface
1. Double-click the My Network Places icon on the desktop,
double-click Entire Network, click Entire Contents, and then
double-click
the Directory icon. Double-click 'Menkaura.local'.
2. Right-click the user Fred and select 'Menkaura Info' from the
context menu. A small VBScript message box displays the user's
Menkaura information.
- Code starts here
Dim Args
Dim oUser
Set Args = Wscript.Arguments
MsgBox "LDAP Path: " & Args(0)
MsgBox "Object Class: " & Args(1)
Set oUser = GetObject(Args(0))
MsgBox "User Info" & vbCRLF & "Service Group: " & oUser.attServiceGroup
& vbCRLF & "Service Unit: " & oUser.attServiceGroup
Set oUser = Nothing
WScript.Quit
- and Code ends here.
Sample 'MenkauraAdmin.vbs' file. Place this in the SystemFolder. This
code will run when you right click the 'Menkaura Admin...'
menu item for a User when you are in AD Users & Computers.
- Code starts here
Dim Args
Dim oUser
Dim temp
Set Args = Wscript.Arguments
MsgBox "LDAP Path: " & Args(0)
MsgBox "Object Class: " & Args(1)
Set oUser = GetObject(Args(0))
temp = InputBox("Old Service Group: " & oUser.attServiceGroup & vbCRLF
& "New Service Group")
if temp <> "" then oUser.Put "attServiceGroup",temp
temp = InputBox("Service Unit: " & oUser.attServiceUnit & vbCRLF &
"Service Unit")
if temp <> "" then oUser.Put "attServiceUnit",temp
oUser.SetInfo
Set oUser = Nothing
WScript.Quit
- ...and code ends here.
Good Luck!!! Let me know how you got on at
http://www.Menkaura.com/Forums.index.php
Specifiers
My own experience shared:
First run this on a Test Domain. There would be nothing worse than
making a total mess of you Corporate Active Directory Environment. Any
work undertaken
on a live Active directory implementation should be undertaken with due
caution.
Getting Started:
You will have to perform all the following on the Domain Controller
within the Forest that has the Schema
Master role. You will also have to be logged in as a User that has
'Schema Admin' rights. The 'Administrator'
User is a member of the 'Schema Admins' group and therefore has
sufficient rights straight out of the box.
My system was tested in a VMware environment with AD being setup on a
Windows 2003 Server. My Domain name
set up for the purposes of this guide is 'Server01.Menkaura.local'.
This guide will use the following MMC Snap-Ins: You can use these two
support tools to view the results of what follows:
1. ADSIEdit
2. Active Directory Schema
For some unknow reason my out of the box AD environment did'nt come
with with either of these Snap-Ins Available
when viewed from the MMC. I had to search for the appropriate dll's on
the the AD Server and the Windows Server
2003 CD. ADSIEdit requires a file called the file 'adsiedit.dll' and
the 'Active Directory Schema' requires the
file 'schmmgmt.dll'.
Register these files as follows if the Snap_In is not available from
within the MMC:
C:\>regsvr32 adsiedit.dll
and
C:\>regsvr32 schmmgmt.dll
In both cases if the registration is successful the following message
will be presented:
'DllRegisterServer in <dll name> succeeded'.
Finally go into the MMC and add both Snap-Ins.
Senario:
For the purposes of this guide we are going to add the following User
Attributes to our AD Schema:
1. attServiceGroup
2. attServiceUnit
We are aiming to provide a bit more information within AD in terms of
the Users position within the Corporate
Organisational Structure.
Lets Step through the Process:
Creating the 'Attributes' -
1. Start the MMC and add the 'Active Directory Schema' Snap-In.
2. In my case I can see that the 'Active Directory Schema
[Server01.Menkaura.local]' is available.
4. Now right click on the 'Attributes' folder and choose 'Create
Attribute...'. You will get a gentle warning.
5. Fill in the fields as appropriate starting with the
'attServiceGroup' attribute. Note that you may need to give some
consideration to the OID number that you allocate. please see
http://www.menkaura.com/Forum/index.php?topic=110.0 for
more information on this subject.
6. Set the remaining attributes up as above.
Creating the 'Class' -
1. Right click on the 'Class' folder and choose to 'Create Class...'.
You will get a gentle warning.
2. Fill in the field as appropriate. For example I used the Class name
of cOrganisationStructure.Choosing to set up an
'Auxillary class' in this case.
Setting our Auxillary Class to have a relationship with the mandatory
'User' Class -
1. Double click on the 'User' Class. Choose the 'Relationship' tab.
Add our 'cOrganisationStructure' Class in as an
Auxillary Class.
Finally Reload the Schema -
1. Right click on the 'Active Directory Schema
[Server01.Menkaura.local]' at the top of the right pane and choose to
'Reload Schema'.
You can now use a suitable VBScript to add values to our newly created
User Attributes.
Modifying Display Specifiers
The Active Directory Administrative Tools (such as the Active Directory
Users and Computers snap-in) and the Windows shell
extensions use display specifiers to dynamically create context menu
items and property pages. Display specifiers permit
localization of class and attribute names, context menus, and property
pages, and also support new classes and attributes such
as those you created in the previous procedures in this step-by-step
guide.
Display specifiers are objects of class displaySpecifier and are stored
in a container in Active Directory that corresponds to
the locale ID. This is, in turn, stored in the Display Specifiers
container in the Configuration namespace. For example, UK English
display specifiers are stored in the container 'CN=809 0r 'CN=409' for
the 'US'. Note: you can see these through the 'Active Directory Schema'
MMC Add-In.
To extend the User Class Display Specifier you may want to use the
following code. NB: In this guide, you added an auxiliary class
to the existing User class. All you need to do is add additional
context menus and attribute display names to the 'user' Display
Specifier.
You can add attribute display names for the new attributes
attServiceGroup and attServiceUnit, a context menu for the Active
Directory
Users and Computers snap-in, and a context menu for the Windows shell
by executing the following VBScript called addmenu.vbs
Alternatively you can use the 'Active Directory Schema' to make these
changes manually.
Seeing the results of you hard work - You can view the results by right
clicking on the Users in AD Users & Computers and selecting the
userAdmin
menu item that will be created. Or you may want to find the User in the
Windows Directory from a PC. When you right click on the User the
shellMenuContexts
info will appear
However to do this in the form of a VBScript follow the steps below:
1. Firstly save the first VBScript given below into a file called
'addmenu.vbs'.
2. Execute the 'addmenu.vbs' VBScript.
3. Save the 'Menkaura Admin.vbs' and 'Menkaura Info.vbs VBScripts in
the SystemFolder (ie C:\Windows\System32).
What it does - The script adds attribute display names for the newly
created attributes attServiceGroup and attServiceUnit, adds Windows
shell and Administrative Tools context menus, and points to two simple
VBScript programs 'MenkauraShell.vbs' and 'MenkauraAdmin.vbs' in the
Windows System directory. Note: These files therfore need to be there
so that the respective menu item when clicked can execute them.
Note: You may want to change the Display Specifier 'CN=809' which is
'UK' to 'CN=409' which is 'US'.
Code starts here for 'addmenu.vbs'-
' Set Variables
Dim oRoot
Dim oDisp
Dim oCont
Dim aMenu
Dim iCount
Dim sNewMenu
Dim oFileSystem
Dim sOutFile
Dim sSystemFolder
Set oFileSystem = WScript.CreateObject("Scripting.FileSystemObject")
sSystemFolder = oFileSystem.GetSpecialFolder(1)
'Connect to Display Specifiers Container
set oRoot = Getobject("LDAP://RootDSE")
set oCont = GetObject("LDAP://" & "CN=809, CN=DisplaySpecifiers," &
oRoot.get("configurationNamingContext"))
Set oDisp = oCont.GetObject("displaySpecifier","cn=user-Display")
MsgBox "Display Specifier: " & oDisp.Name
'Add Attribute Display Names for the new attributes attServiceGroup and
attServiceUnit
MsgBox "Adding Attribute Display Names for the new attributes
attServiceGroup and attServiceUnit"
oDisp.PutEx 3,"attributeDisplayNames" ,
Array("attServiceGroup,attServiceUnit","attServiceGroup,attServiceUnit")
oDisp.SetInfo
'Add Shell Context Menu. Associated with the User's attributes in the
Windows interface
MsgBox "Adding Shell Context Menu Item"
iCount = 0
If Not IsEmpty(oDisp.shellContextMenu) Then
aMenu = oDisp.GetEx("shellContextMenu")
For iCount = LBound(aMenu) to UBound(aMenu)
MsgBox "Existing Menu item: " & aMenu(iCount)
Next
iCount = iCount + 1
End If
MsgBox "Adding Shell Context Menu Program"
sNewMenu = CStr(iCount) & ",&Menkaura Info...,MenkauraShell.vbs"
oDisp.PutEx 3,"shellContextMenu" , Array(sNewMenu)
oDisp.SetInfo
'Add Admin Context Menu
'This is the Menu Item that appears when you right click the User
object in AD Users & Computers.
MsgBox "Adding Admin Context Menu item"
iCount = 0
If Not IsEmpty(oDisp.adminContextMenu) Then
aMenu = oDisp.GetEx("adminContextMenu")
For iCount = LBound(aMenu) to UBound(aMenu)
MsgBox "Existing Menu item: " & aMenu(iCount)
Next
iCount = iCount + 1
End If
MsgBox "Adding Admin Context Menu Program"
sNewMenu = CStr(iCount) & ",&Menkaura Admin...,MenkauraAdmin.vbs"
oDisp.PutEx 3,"adminContextMenu" , Array(sNewMenu)
oDisp.SetInfo
MsgBox "Finished..."
'Nullify Variables
Set oDisp = Nothing
Set oCont = Nothing
Set oRoot = Nothing
Set oFileSystem = Nothing
WScript.Quit
- and Code ends here.
Sample 'MenkauraShell.vbs' file. Place this in the SystemFolder. This
VBScript will run when you View New Attributes of a User in
the Windows Interface.
To view a user's attributes in the Windows interface
1. Double-click the My Network Places icon on the desktop,
double-click Entire Network, click Entire Contents, and then
double-click
the Directory icon. Double-click 'Menkaura.local'.
2. Right-click the user Fred and select 'Menkaura Info' from the
context menu. A small VBScript message box displays the user's
Menkaura information.
- Code starts here
Dim Args
Dim oUser
Set Args = Wscript.Arguments
MsgBox "LDAP Path: " & Args(0)
MsgBox "Object Class: " & Args(1)
Set oUser = GetObject(Args(0))
MsgBox "User Info" & vbCRLF & "Service Group: " & oUser.attServiceGroup
& vbCRLF & "Service Unit: " & oUser.attServiceGroup
Set oUser = Nothing
WScript.Quit
- and Code ends here.
Sample 'MenkauraAdmin.vbs' file. Place this in the SystemFolder. This
code will run when you right click the 'Menkaura Admin...'
menu item for a User when you are in AD Users & Computers.
- Code starts here
Dim Args
Dim oUser
Dim temp
Set Args = Wscript.Arguments
MsgBox "LDAP Path: " & Args(0)
MsgBox "Object Class: " & Args(1)
Set oUser = GetObject(Args(0))
temp = InputBox("Old Service Group: " & oUser.attServiceGroup & vbCRLF
& "New Service Group")
if temp <> "" then oUser.Put "attServiceGroup",temp
temp = InputBox("Service Unit: " & oUser.attServiceUnit & vbCRLF &
"Service Unit")
if temp <> "" then oUser.Put "attServiceUnit",temp
oUser.SetInfo
Set oUser = Nothing
WScript.Quit
- ...and code ends here.
Good Luck!!! Let me know how you got on at
http://www.Menkaura.com/Forums.index.php