Edit

Defining a New Attribute

  • Article

This topic shows how to define a new attribute when extending the Active Directory schema.

Consider the following when defining a new attribute:

  • Use existing attributes when possible.
  • Always use the cn ("common name") property as the naming (relative distinguished name) attribute. This is the default for most classes, including those derived directly from Top. The cn property is an indexed property and will make searching for objects by name more efficient.
  • Large multi-valued attributes are costly to store and retrieve and should be avoided. Active Directory Domain Services implement an LDAP extension to enable incremental read of large properties with multiple values, but not all LDAP clients will recognize this extension.
  • Remember that attributes are flat, that is there is no implied substructure to an attribute. All attributes in a given class should relate directly to instances of that class.

Creating a New Attribute

To create a new attribute:

  • Choose a name for the attribute. The name will be contained in the cn and lDAPDisplayName attributes. For more information about composing a name for a new attribute, see Naming Attributes and Classes.

  • Obtain an object identifier (OID) for the attribute. For more information, see Obtaining a Root Object Identifier.

  • Choose a syntax for the attribute. The syntax is determined by the combination of the oMSyntax and oMObjectClass attributes. For more information, see Choosing a Syntax.

  • Decide if the attribute is single or multi-valued. The isSingleValued attribute determines if the attribute is single or multi-valued.

  • Decide if the attribute should be indexed by default. For more information, see Indexed Attributes.

  • Decide if the attribute should be in the global catalog by default. For more information, see Attributes Included in the Global Catalog.

  • If the attribute is an integer or string, decide if a range limit is required. The rangeLower and rangeUpper attributes are used to specify the range limit.

  • If the attribute is DN-valued, decide if the attribute should be linked with another attribute. If so, the linkID attribute must be set appropriately on each attribute; one attribute must be a forward link, the other a back link. For more information about linked attributes, see Linked Attributes.

  • Create a new attributeSchema object in the schema container and set the appropriate attributes for the object. There are a large number of attributes that can be set for an attributeSchema object, but the attributes listed in the following table below are critical to the definition of a new attribute. The values of these attributes are determined by the previous steps. For more information about these attributes, see Characteristics of Attributes.

    Attribute Comment
    cn
    		 Required.
    lDAPDisplayName
    		 Required.
    adminDisplayName
    		 Required.
    attributeSyntax
    		 Required.
    oMSyntax
    		 Required.
    oMObjectClass
    		 Required.
    schemaIDGUID
    		 Required.
    attributeID
    		 Required.
    isSingleValued
    		 Required.
    searchFlags
    		 Required.
    isMemberOfPartialAttributeSet
    		 Required.
    rangeLower
    		 Optional.
    rangeUpper
    		 Optional.
    linkID
    		 Optional. Required for linked attributes.
    description
    		 Optional.

  • Commit the new attributeSchema object to the schema container.

  • Update the schema cache, if necessary. For more information, see Updating the Schema Cache.