AD SCHEMA-NEW AD attribute

hello,
I wanted to use the script to find Unique*500 obj Id for adding new attributes to the schema in the lab. but after I copied it from the course, I could not paste it to the PowerShell in the windows server lab. Also, I could not find it in the related windows server lab. would you please tell me how can I access it in the windows server? so I can complete the related lab.

1 Like

You can easily copy and paste between your host computer and lab VMs by clicking in the top left corner: Lightning Bolt > Type Text > Type Clipboard Text:

image

I added this to the opening tutorial so it will be easier for other students to find.

Thank you so much!

thank you for your reply.
i have another question.


as you see in the picture I create two attributes for the schema named"serveracademyid" and “serveracademyid4”, when I wanted to retrieve them by Powershell commands, they did not retrieve. I was wondering to ask what is the problem and how can I solve it?

1 Like

Try doing this:

Get-ADUser -identity paul.hill -Properties *

This will list ALL available properties. Run that and see if you can find your attribute that way.

I worked my way through the lab for creating new attributes but when I opened the paul hill user, the Attribute Editor tab was gone. What happened?

1 Like

Hi @bigword

You need to enable the Advanced Features.
Click on View in Active Directory Users and Computers and select Advanced Features and try again.

Ricardo

1 Like

Good day @bigword

Hope you are well.

Following up on Ricardo’s message. Advanced Features needs to be enabled.

Do let us know if this helps,

Kind Regards

Thanks for responding! I did enable Advanced Features and the Attribute Editor tab shows up now…but when I run the Get-ADUser command to display the user and newly created attribute, that attribute doesn’t show up.

1 Like

@bigword did you restart the AD DS service?

1 Like

Yes. I restarted the service. The ServerAcademyID attribute still doesn’t show up when I run the script.

Can you list all the properties of the user to see if the attribute is set with the following command:

Get-ADUser -identity paul.hill -Properties *

Ricardo

Hi paul, please I may needs some help any moment from now. What to do when you are deploying new computers to an organization or if the computers are given to what will be the best approach? Please looking forward to hear from you soon, thanks.

Hi @frachill

The first thing to do is join them to the domain to manage them like the other computers. Do you have any specific requirements for those computers?

Ricardo

Ricardo,

I tried this, showing all properties, but I still didn’t get my custom attribute.


I tried adding attributes three times.
The first time I did the serverAcademyID, but it didn’t show up in the user attributes in the AD
The second and third attributes did show up in the AD user attributes, but they won’t show up in the properties list.
And I did restart the service after adding each attribute.

1 Like

Did you restart your PowerShell instance after restarting the AD DS service?

I had an instance of PowerShell ISE that I didn’t close since it had the script for the unique identifier in it. But I did open a new instance of just PowerShell as Admin. Do I need to close all instances of PS?

You can try Paul’s suggestion @matthew.stricker15 and see if it works for you.

You can also try:

Get-ADUser -identity paul.hill -Properties hoodLife

Do let us know if it works for you.

Ricardo

I did both suggestions. I completely closed out of every form of PowerShell, and I tried the line @ricardo.p suggested that doesn’t have the quotation marks. Neither of these worked for me.
Is there something else I’m missing?

I’ll do some tests in the lab to check.

From the screenshot, I see that the PowerShell output is displaying the Paul Hill and the Properties window shows the Paul Hill Admin account.

Can you try executing:

Get-ADUser -identity paul.hill-admin -Properties hoodLife

If you specify -Properties *, you get all default and extended properties exposed by the cmdlet, plus any AD attributes that have values (and can be displayed). Not sure if this is because the user paul.hill has no value hence not showing up.

I’ll do some testing to get a better answer for you in the meantime.