Author Posts

September 19, 2013 at 2:51 am

... and then hang the new attributes on the user class.

Is there a powershell solution?

I'm looking for an automated solution for creating attributes in the AD as needed. Why: to enrich WS-federation claims. These claims can be very detailed and vary. Off course we can use ldifde -import function and csv files but i want to explore the possibilities of using solely PowerShell.

Greetings, Guy

September 19, 2013 at 9:34 am

In theory it is possible using New-ADObject

You need to supply:
Name
-Type 'attributeSchema'

plus
distinguishedname, attributeId, oMSyntax, attributesyntax, description and search flags

However,

Its not something I would recommend you do. A schema update can, and will, cause problems if you get things wrong (remember you can't delete attributes once you've created them).

I would recommend that a slow & careful approach with full change control and testing is the correct approach. This is one area where "just because you can doesn't mean you should"