how to list the custom attribute in AD

Richa Kumari 286 Reputation points
2024-04-11T10:50:48.1866667+00:00

Hello,

we migrated from old to new AD environment ,need to check all the custom attribute list including any extension custom attribute so that same can be created in new environment.

I couldn't find any script that work well ,I tried below commands but it threw all custom attribute including all default custom attribute

Import-Module ActiveDirectory

$schemaPath = "CN=Schema,CN=Configuration,DC=mydomain,DC=com"

Retrieve all attribute schema objects from the schema container

$customAttributes = Get-ADObject -SearchBase $schemaPath -LDAPFilter "(&(objectClass=attributeSchema)(!isDefunct=TRUE)(!systemFlags:1.2.840.113556.1.4.803:=16))" -Property name |Where-Object { $_.name -notlike "ms-*" } |Select-Object -ExpandProperty name

$customAttributes

may be I am missing something .

just wants custom attributes created by users or modified by any users.

Thanks
Rich

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,544 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,526 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,520 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Rich Matheisen 46,721 Reputation points
    2024-04-11T15:40:40.1933333+00:00

    You've only listed "name" in the -Property parameters values. Try using "*" or just a list of all the additional attribute names you want.

    I'm not sure, in the case of defunct users whether the attribute names are CustomAttribute1, etc., or the LDAP names.

    0 comments No comments

  2. Ian Xue 37,021 Reputation points Microsoft Vendor
    2024-04-12T04:18:45.5333333+00:00

    Hi Richa Kumari,

    I don't think Active Directory can tell whether an attribute is custom or not, so you may need to prepare a list of all the "non-custom attributes" if you want to distinguish between these attributes.

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.