Beheer
      Terug naar start
      1. Helpcentrum
      2. Beheer

      Active Directory Schema Attributes and Classes

      Adding a custom attribute

      To be able to edit the AD schema you need to run the following command. You only need to do this once. You can run it from an elevated PowerShell Terminal.

      PS> regsvr32 schmmgmt.dll
      ad add attributes 7fc0c

      • run mmc

      PS> mmc

      The MMC console will pop up. From here you can add the Active Directory Schema snap-in.

      • File > add / remove snap-in

      • Add Active Directory Schema snap-in

      • OK

      • Right click attributes > create attribute

        Read and understand the warning. This one matters. After creating the Class or Attribute you can not modify or delete it!
      ad add attributes aa7b2
      ad add attributes 8d4d8

      • In the container attributes browse to the newly created attribute and open properties.

      • Select "index this attribute"

      ad add attributes c6d2d

      Adding a custom Class

      ad add attributes 6cc3a

      • Add custom attributes as needed

      ad add attributes 1da8a

      Adding a auxiliary class to another class

      • Open the properties for the higher level class.

      ad add attributes ee394

      • Add the class.

      ad add attributes d4f28
      ad add attributes d37ef

      Generating an OID

      • Run the following commands in the terminal. You can copy this code block and paste it in. The Microsoft OID Prefix is used for the automated OID Generator.

      $Prefix="1.2.840.113556.1.8000.2554"
      $GUID=[System.Guid]::NewGuid().ToString()
      $Parts=@()
      $Parts+=[UInt64]::Parse($guid.SubString(0,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(4,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(9,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(14,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(19,4),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(24,6),"AllowHexSpecifier")
      $Parts+=[UInt64]::Parse($guid.SubString(30,6),"AllowHexSpecifier")
      $OID=[String]::Format("{0}.{1}.{2}.{3}.{4}.{5}.{6}.{7}",$prefix,$Parts[0],$Parts[1],$Parts[2],$Parts[3],$Parts[4],$Parts[5],$Parts[6])
      $oid

      sshPublicKey Attribute for KeyHub provisioning in Active Directory

      When enabling Public Key provisioning in a linked directory KeyHub will expect the following Class and Attribute in the AD.

        When adding classes and attributes in Active Directory it is immutable after creation. Make a backup and test in a lab before going to production! 
      Attribute:
      Common Name: sshPublicKey
      X_500 OID: 1.3.6.1.4.1.24552.500.1.1.1.13
      Description: 'MANDATORY: OpenSSH Public key'
      Syntax: octetString
      Multi-Valued: yes
      Class:
      Common Name: ldapPublicKey
      X_500 OID: 1.3.6.1.4.1.24552.500.1.1.2.0
      Description: 'MANDATORY: OpenSSH LPK objectclass'
      Class type: Auxiliary
      Parrent Class: Top
      Optional Attribute: sshPublicKey