By default Active Directory Users and Computers only allows you to display specific columns for any given object within Active Directory. A popular request is to be able to see the Employee Number, but it isn't available by default. As you can see from the screenshot below, it can be available, but some modifications need to be done.
So how is this done? First let's discuss how the AD users and computer MMC works. When the MMC displays the objects for any give container, it has a set of default columns it can display. You can add/remove what is displayed, but many attributes are missing. The columns that are allowed to be displayed are stored in an attribute in AD called extraColumns. Each object type can be customized to allow virtually any attribute available to that object to be allowed in the Add/Remove columns pick list. When the extraColumns attribute is blank or <Not Set> for any given object type, the default-Display object's extraColumns attribute is used.
All of this is done using the ADSIEDIT tool.
A note of caution: Be very careful using ADSIEDIT and modifying attributes as you can seriously affect AD.
- Load ADSIEDIT
- Connect to the Configuration naming context.
- Navigate to CN=DisplaySpecifiers
- Navigate to CN=409 (This setting changes as per your locale setting. 409 is for english)
You will now see a list of objects with the class of displaySpecifier. As mentioned earlier by default most of the Add/Remove columns will load the extraColumns from the CN=default-Display object unless a specific object type contains a values in the extraColumns attribute. For instance the display specifier for user objects is user-Display and the extraColumns is blank. Thus the value for extraColumns in the default-Display class is used.
Going back to our previous example, if we wanted to add the Employee Number to the list of Add/Remove columns we would need to navigate to default-Display and add an entry to the extraColumns attribute. The format for the adding to the list is: <AD Attribute>,<Display Name>,<Default Visibility> ,<Column width>, <Future>
Default Visibility can be either: 0 (hidden) or 1 (visible). Hidden means you must add it with Add Remove Columns.
Column Width can be -1 (Auto Width), or the column width (i.e. 100)
So adding the following line to extraColumns would do the trick:
employeeNumber,Employee Number,0,100,0
Once you save the value, just re-open the Active Directory Users and Computers MMC and you will be able to select the Employee Number to be displayed from the pick list.
A few things to note:
- Only one extraColumns attribute is used to display the list of Add/Remove columns, they are not cumulative. So if you specify something in extraColumns in the user-Display object, it will only show those columns.
- Editing the default-Display extraColumns attribute as per the above example, would allow for an Employee Number column to be potentially displayed for all objects types that don't have a extraColumns set for its object type (i.e. Groups, OUs, etc).
- The extraColumns in the default-Display objects only works for default containers. It won't show added columns for an OU. You need to copy all the extraColumns entries plus your modifications to the organizationalUnit-Display display specifier object for it to work. If you want only users to show the Employee Number, you would have to copy all values from the extraColumns attribute of default-Display and then add the employeeNumber as per the example.
Hope this helps... feel free to add other attribute as needed. The ability to edit these extra attribute can be added as well either by programming property page extensions or by linking scripts to the MMC. I may discuss those in future posts.
No comments:
Post a Comment