業務介紹

因為一個業務需要在域用戶上增加一個屬性，來存儲一個特定的路徑標識。在網上搜了下自定義屬性，沒找到太具體的介紹，於是看了下官網文檔。本次測試增加的屬性名為userPdictionary

系統環境

Windows Server 2016 Standard
AD
DNS

操作步驟

AD搭建步驟略

開啟MMC中的Active Directory架構

在cmd中執行regsvr32 schmmgmt.dll

regsvr32 schmmgmt.dll

在mmc中添加Active Directory架構

在運行中輸入mmc，啟動控制台，選擇“文件-添加/刪除管理單元”,

選擇“Active Directory架構--添加--確定”，

此時左側可以看到當前AD中的類及屬性

添加自定義屬性

在左側屬性上點擊右鍵,選擇“新建--屬性”，然后選擇繼續即可

此時可以看到創建新屬性的界面，主要參數有：

公用名
LDAP顯示名
唯一的X500對象ID
描述
這里主要需要說明的是“唯一的X500對象ID”

獲取對象標識符

根據官網說明

(Oid) 對象標識符是由各種頒發機構頒發的唯一數字值，用於唯一標識分布式應用程序的數據元素、語法和其他部分。在 OSI 應用程序、X 500 目錄、SNMP 和其他應用程序中可以找到 Oid，其中的唯一性非常重要。 Oid 基於樹結構，在該結構中，高級頒發機構（如 ISO）將樹的分支分配給 subauthority，后者又可以分配子。
LDAP 協議 (RFC 2251) 需要目錄服務以使用 Oid 識別對象類、屬性和語法。這是 LDAP X. 500 舊版本的一部分。
Active Directory 域服務中的 Oid 包括 ISO 為 X. 500 類和屬性頒發的部分，以及由 Microsoft 和其他頒發機構頒發的部分。 OID 表示法是一串數字，例如 "1.2.840.113556.1.5.9"，下表對此進行了說明。

值	含義	描述
1	ISO	標識根證書頒發機構。
2	ANSI	ISO 指定的組指定。
840	USA	組分配的國家/地區指定。
113556	Microsoft	國家/地區分配的組織稱號。
1	Active Directory	由組織分配。
5	類	由組織分配。
9	用戶類	由組織分配。
上面中的“唯一的X500對象ID”在官網文檔中叫做對象標識符，在擴展本地的域架構時，需要獲取本地的對象標識符。這里按照文旦介紹，使用“從 Microsoft 獲取對象標識符”。

若要成功擴展 Active Directory 架構，可以從如下所示的腳本中獲取根 OID。從腳本生成的 Oid 是唯一的;它們是從唯一的 GUID 映射的。請仔細閱讀最佳做法，因為處理不當的 Oid 會導致數據丟失。
獲取根OID的腳本如下:

' oidgen.vbs 
'  
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED  
' OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR  
' FITNESS FOR A PARTICULAR PURPOSE. 
' 
' Copyright (c) Microsoft Corporation. All rights reserved 
' Improvements made by Ryein C. Goddard
' 
' This script is not supported under any Microsoft standard support program or service.  
' The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 
' implied warranties including, without limitation, any implied warranties of merchantability 
' or of fitness for a particular purpose. The entire risk arising out of the use or performance 
' of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 
' or anyone else involved in the creation, production, or delivery of the script be liable for  
' any damages whatsoever (including, without limitation, damages for loss of business profits,  
' business interruption, loss of business information, or other pecuniary loss) arising out of  
' the use of or inability to use the script or documentation, even if Microsoft has been advised  
' of the possibility of such damages. 
' ---------------------------------------------------------------------- 
Function GenerateOID() 
    'Initializing Variables 
    Dim guidString, oidPrefix 
    Dim guidPart0, guidPart1, guidPart2, guidPart3, guidPart4, guidPart5, guidPart6 
    Dim oidPart0, oidPart1, oidPart2, oidPart3, oidPart4, oidPart5, oidPart6 
    On Error Resume Next 
    'Generate GUID 
    Set TypeLib = CreateObject("Scriptlet.TypeLib") 
    guidString = TypeLib.Guid 
    'If no network card is available on the machine then generating GUID can result with an error. 
    If Err.Number <> 0 Then 
        Wscript.Echo "ERROR: Guid could not be generated, please ensure machine has a network card." 
        Err.Clear 
        WScript.Quit 
    End If 
    'Stop Error Resume Next 
    On Error GoTo 0 
    'The Microsoft OID Prefix used for the automated OID Generator 
    oidPrefix = "1.2.840.113556.1.8000.2554" 
    'Split GUID into 6 hexadecimal numbers 
    guidPart0 = Trim(Mid(guidString, 2, 4)) 
    guidPart1 = Trim(Mid(guidString, 6, 4)) 
    guidPart2 = Trim(Mid(guidString, 11, 4)) 
    guidPart3 = Trim(Mid(guidString, 16, 4)) 
    guidPart4 = Trim(Mid(guidString, 21, 4)) 
    guidPart5 = Trim(Mid(guidString, 26, 6)) 
    guidPart6 = Trim(Mid(guidString, 32, 6)) 
    'Convert the hexadecimal to decimal 
    oidPart0 = CLng("&H" & guidPart0) 
    oidPart1 = CLng("&H" & guidPart1) 
    oidPart2 = CLng("&H" & guidPart2) 
    oidPart3 = CLng("&H" & guidPart3) 
    oidPart4 = CLng("&H" & guidPart4) 
    oidPart5 = CLng("&H" & guidPart5) 
    oidPart6 = CLng("&H" & guidPart6) 
    'Concatenate all the generated OIDs together with the assigned Microsoft prefix and return 
    GenerateOID = oidPrefix & "." & oidPart0 & "." & oidPart1 & "." & oidPart2 & "." & oidPart3 & _ 
        "." & oidPart4 & "." & oidPart5 & "." & oidPart6 
End Function 



Set oShell = WScript.CreateObject ("WScript.Shell")
oShell.run "cmd /c Regsvr32 Schmmgmt.dll"

Set objFSO=CreateObject("Scripting.FileSystemObject")
outFile="C:\Users\Administrator\Desktop\oidInfo.txt"
Set objFile = objFSO.CreateTextFile(outFile,True)

'Output the resulted OID with best practice info 
oidText = "Your root OID is: " & VBCRLF & GenerateOID & VBCRLF & VBCRLF & VBCRLF & _ 
    "This prefix should be used to name your schema attributes and classes. For example: " & _ 
    "if your prefix is ""Microsoft"", you should name schema elements like ""microsoft-Employee-ShoeSize"". " & _ 
    "For more information on the prefix, view the Schema Naming Rules in the server " & _  
    "Application Specification (http://www.microsoft.com/windowsserver2003/partners/isvs/appspec.mspx)." & _ 
    VBCRLF & VBCRLF & _ 
    "You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may " & _ 
    "be any number that you choose.  A common schema extension scheme generally uses the following structure:" & VBCRLF & _ 
    "If your assigned OID was: 1.2.840.113556.1.8000.2554.999999" & VBCRLF & VBCRLF & _ 
    "then classes could be under: 1.2.840.113556.1.8000.2554.999999.1 " & VBCRLF & _  
    "which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1" & VBCRLF & _ 
    "the second class OID: 1.2.840.113556.1.8000.2554.999999.1.2     etc..." & VBCRLF & VBCRLF & _ 
    "Using this example attributes could be under: 1.2.840.113556.1.8000.2554.999999.2 " & VBCRLF & _ 
    "which makes the first attribute OID: 1.2.840.113556.1.8000.2554.999999.2.1 " & VBCRLF & _ 
    "the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2     etc..." & VBCRLF & VBCRLF & _ 
     "Here are some other useful links regarding AD schema:" & VBCRLF & _ 
    "Understanding AD Schema" & VBCRLF & _ 
    "http://technet2.microsoft.com/WindowsServer/en/Library/b7b5b74f-e6df-42f6-a928-e52979a512011033.mspx " & _ 
    VBCRLF & VBCRLF & _ 
    "Developer documentation on AD Schema:" & VBCRLF & _ 
    "http://msdn2.microsoft.com/en-us/library/ms675085.aspx " & VBCRLF & VBCRLF & _ 
    "Extending the Schema" & VBCRLF & _ 
 》   "http://msdn2.microsoft.com/en-us/library/ms676900.aspx " & VBCRLF & VBCRLF & _ 
    "Step-by-Step Guide to Using Active Directory Schema and Display Specifiers " & VBCRLF & _ 
    "http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx " & _ 
    VBCRLF & VBCRLF & _ 
    "Troubleshooting AD Schema " & VBCR & _ 
    "http://technet2.microsoft.com/WindowsServer/en/Library/6008f7bf-80de-4fc0-ae3e-51eda0d7ab651033.mspx  " & _ 
    VBCRLF & VBCRLF 

objFile.Write oidText
objFile.Close

通過cmd中運行該腳本,獲取當前AD的OID,本次測試中生成的oidinfo.txt內容如下：

Your root OID is:
1.2.840.113556.1.8000.2554.55786.31829.55335.19299.48276.12206014.6177421

This prefix should be used to name your schema attributes and classes. For example: if your prefix is "Microsoft", you should name schema elements like "microsoft-Employee-ShoeSize". For more information on the prefix, view the Schema Naming Rules in the server Application Specification (http://www.microsoft.com/windowsserver2003/partners/isvs/appspec.mspx).

You can create subsequent OIDs for new schema classes and attributes by appending a .X to the OID where X may be any number that you choose. A common schema extension scheme generally uses the following structure:
If your assigned OID was: 1.2.840.113556.1.8000.2554.999999

then classes could be under: 1.2.840.113556.1.8000.2554.999999.1
which makes the first class OID: 1.2.840.113556.1.8000.2554.999999.1.1
the second class OID: 1.2.840.113556.1.8000.2554.999999.1.2 etc...

Using this example attributes could be under: 1.2.840.113556.1.8000.2554.999999.2
which makes the first attribute OID: 1.2.840.113556.1.8000.2554.999999.2.1
the second attribute OID: 1.2.840.113556.1.8000.2554.999999.2.2 etc...

Here are some other useful links regarding AD schema:
Understanding AD Schema
http://technet2.microsoft.com/WindowsServer/en/Library/b7b5b74f-e6df-42f6-a928-e52979a512011033.mspx

Developer documentation on AD Schema:
http://msdn2.microsoft.com/en-us/library/ms675085.aspx

Extending the Schema
http://msdn2.microsoft.com/en-us/library/ms676900.aspx

Step-by-Step Guide to Using Active Directory Schema and Display Specifiers
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/howto/adschema.mspx

Troubleshooting AD Schema
http://technet2.microsoft.com/WindowsServer/en/Library/6008f7bf-80de-4fc0-ae3e-51eda0d7ab651033.mspx

獲取基 OID 后

如果有一個基本 OID，請在決定如何將 Oid 划分為多個類別時小心，因為這些 Oid 包含在前綴表中，並且是 DC 復制數據的一部分。建議不要創建兩個以上的 OID 類別。
可以通過將數字追加到 oid 的形式，為新架構類和屬性創建后續 Oid。X，其中 X 可以是你選擇的任何數字。常見的架構擴展通常使用以下結構：
如果分配的基本 OID 為1.2.840.113556.1.8000.999999，則可以按如下所示創建類別。

OID 基值	描述
1.2.840.113556.1.8000.999999.1	應用程序類 ,第一個類將具有 OID 1.2.840.113556.1.8000.999999.1.1，第二個類將具有 OID 1.2.840.113556.1.8000.999999.1.2，依此類推。
1.2.840.113556.1.8000.999999.2	應用程序屬性 , 第一個屬性的 OID 為1.2.840.113556.1.8000.999999.2.1，第二個屬性的 OID 為1.2.840.113556.1.8000.999999.2.2，依此類推。
按照文檔中要求，測試中設置id為

1.2.840.113556.1.8000.2554.55786.31829.55335.19299.48276.12206014.6177421.2.1
最終配置如下:

將屬性關聯到類

在類項目下選擇user，右鍵--屬性，如圖

選擇屬性標簽,在可選項目中，將自定義的屬性添加進來，之后點擊確定

安裝必須執行的操作

擴展該架構的應用程序必須按以下過程所述應用更新。在擴展架構時應用更新

添加新屬性。
添加新類。
將新屬性添加到類。
觸發緩存重新加載。
由於此時架構緩存中不存在新的屬性名稱，在步驟3中引用的新屬性必須由其 OID 引用。
如果不立即使用擴展，則不需要步驟 4;擴展將在大約5分鍾的時間內出現在架構緩存中，具體取決於系統負載。有關架構緩存和如何觸發緩存重新加載的詳細信息，請參閱更新架構緩存。

編輯屬性內容

在ad的用戶和計算機中，編輯用戶的屬性即可。

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Windows 2008 r2 AD域自定義屬性 AD域自定義屬性《完整》自定義屬性固有屬性與自定義屬性 jquery 根據自定義屬性選擇自定義屬性 —— data-* vue實例自定義屬性 PropertyDrawer 自定義屬性繪圖 Android之創建自定義屬性 javascript自定義屬性的應用