How to add attributes to AD DS schema with PowerShell

This topic contains 1 reply, has 2 voices, and was last updated by  Richard Siddaway 4 years, 2 months ago.

  • Author
    Posts
  • #10254

    Guy Horn
    Participant

    ... and then hang the new attributes on the user class.

    Is there a powershell solution?

    I'm looking for an automated solution for creating attributes in the AD as needed. Why: to enrich WS-federation claims. These claims can be very detailed and vary. Off course we can use ldifde -import function and csv files but i want to explore the possibilities of using solely PowerShell.

    Greetings, Guy

  • #10258

    Richard Siddaway
    Moderator

    In theory it is possible using New-ADObject

    You need to supply:
    Name
    -Type 'attributeSchema'

    plus
    distinguishedname, attributeId, oMSyntax, attributesyntax, description and search flags

    However,

    Its not something I would recommend you do. A schema update can, and will, cause problems if you get things wrong (remember you can't delete attributes once you've created them).

    I would recommend that a slow & careful approach with full change control and testing is the correct approach. This is one area where "just because you can doesn't mean you should"

You must be logged in to reply to this topic.