![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 4%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
You don't modify the individual objects in the directory, you modify the directory schema. Individual AD objects inherit the new attributes from the schema class you added them to.
Here's some good advice: set up a new server in a completely separate AD forest and verify that your changes do what you expect them to. If you screw it up, you can demote the server and try again. If you do this in a production environment and you make a mistake you're screwed.
Here's an example: 51121.active-directory-schema-update-and-custom-attribute.aspx
I wouldn't mess around with scripts, I'd use an LDIF file to do the work. It's easier to review the modification date before actually making the change.