How to create custom attribute in Active Directory

Active Directory structure contains different type schema attributes which are used to store unique information about the AD object. By default, Active Directory schema contains all the essential attributes to manage entire organization. But need of every organization will change day by day depends upon various business activity. So that modifying Active Directory schema is inevitable.

In this article I am going to explain about how to create Custom Attribute and how to add custom attribute to User Class.

Required Permission

Adding custom attribute involves modification in Active Directory schema which requires the modifying user to be a member of Schema Administrators and Enterprise Administrators groups. By default, the Administrator account is a member of the Schema Administrator group.

Adding custom attribute to user object includes the following procedures

Register Schema snap-in
Creating Custom Attribute
Adding Custom Attribute to User Class
Restarting Active Directory Domain Services

Register Schema snap-in

Press the keys ‘Windows‘ + ‘R‘.
Type the command RegSvr32SchmMgmt.dll in text field and click OK button.

How to create custom attribute in Active Directory

3. On successful Schema snap-in registration you can see the following confirmation message box.

Creating Custom Attribute

Press the keys ‘Windows‘ + ‘R‘ to open Run Window.
Type the command mmc.exe and click OK button.
Go to File -> Add/Remove snap-in…or simply press the keys ‘Ctrl’ + ‘M’ to open Add/Remove snap-in.
Select the snap-in Active Directory Schema, click Add >, and click the button OK.

5. Expand the Active Directory Schema root node, right-click the node Attributes, click Create Attribute….(Go to Active Directory Schema ->Attributes ->Create Attribute…)

6. If you receive Schema Object Creation warning message,click continue to proceed.

7. Generating OID: To create custom attribute we need to give new OID. To create new OID, check this article https://www.morgantechspace.com/2013/08/generate-oid-to-create-custom attribute.html to know about how to create new OID using VBScript. Copy the script code from above article and paste it in Notepad file and save the file with the extension .vbs like GenerateOID.vbs

Run this VBScript file and you will see the output window like below screen.

Steps to create custom attribute in Active Directory

Note this OID: 1.2.840.113556.1.8000.2554.53105.25931.2174.18205.37173.12892922.10177807

and in your case you may get different OID depends upon your Domain.

8. Now I am going to create custom attribute panID .Fill the following parameters.

Common Name: Pan ID
LDAP Display Name: panID – (This value automatically populates while you typing Common Name but you can change it if you want give other value)
Unique X500 Object ID: 1.2.840.113556.1.8000.2554.53105.25931.2174.18205.37173.12892922.10177807

9. Click the button OK. Now the new custom attribute panID created successfully
and displayed in child node of Attributes. see the below image.

Adding Custom Attribute to User Class

To add newly created attribute to User Class follow the below steps.

1. Navigate to the node Active Directory Schema->Classes, select the class user

2. Right-click the user class, select properties, navigate to Attributes tab, and click Add button.

3. Select the schema object panID and click OK button.

4. Now, you have added panID as optional attributes for user class. click Apply to complete process.

5. Now you have successfully added the panID attribute to user class. once again right-click the user class, select properties, navigate to Attributes tab and check your change has been updated or not.

Restarting Active Directory Domain Services

Now you have created custom attribute and added it into user class to apply these schema changes in complete Active Directory structure we need to restart the AD Domain Services.

1. Press the keys ‘Windows‘+ ‘R‘ to open Run Window.
2. Type the command services.msc and click OK button.
3. Select the service Active Directory Domain Services, right-click the service, click Restart, and click Yes to Restart all the related services.

Checking new attribute in Active Directory Users and Computers Console

1. Press the keys ‘Windows‘+ ‘R‘ to open Run Window.
2. Type the command dsa.msc and click OK button.
3. Select the user object Administrator, Right-click->Properties ->Attributes and check the attribute panID.

Now, you have successfully created custom attribute panID and linked that attribute into user class.

Thanks,
Morgan
Software Developer

4 thoughts on “How to create custom attribute in Active Directory”

Unknown

August 14, 2014 at 1:26 am

Nice Article. Thank you. if we have multiple DCs in the environment, how long would you recommend waiting before we restart AD DS on the other controllers.
Unknown

July 13, 2016 at 7:36 am

Very Very Nice Article Morgan . thanks
Anonymous

October 24, 2018 at 1:18 pm

Thank you for the concise solution.
Akash

January 20, 2021 at 10:16 pm

amazing and detailed article Morgan, thanks