0

I'm working on the AD user management application. C#, UserPrincipal. So I need to add some extra attributes to AD shema, one of them is BirthDate.

Our AD server is 2012 R2 Domain Controller. I'm following the manuals:

  1. Open mmc.
  2. Add "Active Directory Shema" to mmc.
  3. And at this step I must add new Attribute, but I can't. It's not active. There is such menu item like "Add Attribute" to shema, but it's not in the "Enabled" state.
  4. My account has "Domain Admin" and "Shema Admin" privileges.
  5. I'v added the DWORD parameter "Schema Update Allowed" with value 1 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\ and even restarted the server. But I can't add new attribute. What's I'm doing wrong?

Update 1 So, there is a suggestion to use extension attributes. It's the first thing that I did.

[DirectoryObjectClass("user")]
[DirectoryRdnPrefix("CN")]
public class UserPrincipalEx : UserPrincipal
{
    private const string _jobTitle = "extensionAttribute1";
    [DirectoryProperty(_jobTitle)]
    public string JobTitle
    {
        get
        {
            if (ExtensionGet(_jobTitle).Length != 1)
                return null;

            return (string)ExtensionGet(_jobTitle)[0];
        }
        set
        {
            this.ExtensionSet(_jobTitle, value);
        }
    }
}

Then userPrincipal.Save(); cause "System.DirectoryServices.AccountManagement.PrincipalOperationException" with Message"The specified value or attribute directory service does not exist."

aligin
  • 1,370
  • 1
  • 13
  • 18
  • 1
    You shouldn't ever be changing the schema unless you know what you are doing, which you don't seem to. Use extention attributes 1-15 for stuff like this. Thats what they are there for. – Ashigore Mar 26 '15 at 11:48
  • So, I've decided do not modify the schema. I've add simple mongo database and wrote sync script between mongo and AD. – aligin Aug 05 '15 at 12:04

0 Answers0