Wednesday, 26 October 2011

Displaying Hidden Attributes in Active Directory Administrative Center

Active Directory Users and Computers for Windows Server 2003 does not display all of the properties of an object. For example, the employeeType attribute of the User object is not visible. Custom VB scripts that allow editing can be added to the power menu for an object but this requires the script to be present on each of the clients that use Active Directory Users and Computers.

Windows 2008 improves on this by integrating an Attribute Editor into the both Active Directory Users and Computers and Active Directory Administrative Center. In Active Directory Users and Computers, it must be enabled by selecting Advanced Features from the View menu.

image

You can then right click on an object, select Properties and you will see an additional Attribute Editor tab that shows the attributes that are not normally visible.

image

However, when I tested, the Attribute Editor tab was did not when I viewed the properties from the results of a Find:

image

The Attribute Editor is also accessible through the Active Directory Administrative Center, the all-new tool delivered with Windows 2008 R2, provided you have added the Extensions sections to the Properties Page:

image

To use these features on a client computer, you must install Remote Server Administration Tools (RSAT). These are only supported on Vista and Windows 7.

 

References

mcpmag.com: AD Your Way (adding scripts to context menus in ADUC)

policelli.com: Built-in Attribute Editor in Windows Server 2008

Technet: What's new in Active Directory Domain Services in Windows 2008

Remote Server Administration Tools (RSAT).

6 comments:

  1. Your images seem to be broken.

    ReplyDelete
  2. Thanks for pointing this out - I've fixed for this article and will work through others with lost images.

    ReplyDelete
  3. Hi
    Cool post.
    What is the difference between “Custom Attribute” and “Extension Custom Attribute”?
    I need to grant rights to a service account to write to a custom field in AD.
    How can I do this?
    Thanks, Maelito

    ReplyDelete
  4. I should add one caveat to this description.

    The attribute tab is only available when you check the properties from within the OU that the object resides.

    You will not see the Attribute tab if you do a 'Find' on the user at the domain level.

    ReplyDelete
  5. hi, very convenient post; is there also any way to display the 'object' tab?

    ReplyDelete
  6. Thanks. This was really helpful

    ReplyDelete

Please leave a comment.