How to create custom attribute (CompanyID) in Active Directory

Question

Hi

I have two Active Directory (DC01 and DC02) servers syncing with each other, and I have configured AAD sync with my M365 tenant. So I want to create a new attribute that does not exist, how can I create a new attribute need to sync it via AAD to the cloud tenant also. So how do I create it with Microsoft best practice?

What is the correct way to create **** a Unique X500 Object ID? Since this is for the production environment.

Answer 1

Hello [Kosala R Paranathala],

Thank you for posting in Microsoft Community forum.

X500 Object ID – Each and every attribute in active directory schema has unique OID value. You can directly run the following PowerShell command to get it.

#--- 

$Prefix="1.2.840.113556.1.8000.2554" 

$GUID=[System.Guid]::NewGuid().ToString() 

$Parts=@() 

$Parts+=[UInt64]::Parse($guid.SubString(0,4),"AllowHexSpecifier") 

$Parts+=[UInt64]::Parse($guid.SubString(4,4),"AllowHexSpecifier") 

$Parts+=[UInt64]::Parse($guid.SubString(9,4),"AllowHexSpecifier") 

$Parts+=[UInt64]::Parse($guid.SubString(14,4),"AllowHexSpecifier") 

$Parts+=[UInt64]::Parse($guid.SubString(19,4),"AllowHexSpecifier") 

$Parts+=[UInt64]::Parse($guid.SubString(24,6),"AllowHexSpecifier") 

$Parts+=[UInt64]::Parse($guid.SubString(30,6),"AllowHexSpecifier") 

$OID=[String]::Format("{0}.{1}.{2}.{3}.{4}.{5}.{6}.{7}",$prefix,$Parts[0],$Parts[1],$Parts[2],$Parts[3],$Parts[4],$Parts[5],$Parts[6]) 

$oid 

#---

For example:

So how do I create it with Microsoft best practice?

A: To create custom attribute in on-premises AD domain, you can try the steps below.

You can create a custom attribute and add a custom attribute to an AD object as below.

1.Open MMC.exe-click File-click Add\Remove Snap-in-click Active Directory Schema.

2.Right click Attribute container- Create Attribute.

Tip – In order to open active directory schema snap-in you need to run command regsvr32 schmmgmt.dll from the Domain Controller. After that you can use MMC and add active directory schema as snap-in.

3.Check Multi-Valued option if needed.

4.Link this custom attribute to the class you want.

Click Classes container\ find one class you need\open this class Properties\link this custom attribute to this class by click Add button and find this custom attribute and select this custom attribute, then click OK.

For more information, please refer to links below.

Step-by-Step guide to create custom Active Directory Attributes - REBELADMIN

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,

Daisy Zhou

Answer 2

Hi

I have two Active Directory (DC01 and DC02) servers syncing with each other, and I have configured AAD sync with my M365 tenant. So I want to create a new attribute that does not exist, how can I create a new attribute need to sync it via AAD to the cloud tenant also. So how do I create it with Microsoft best practice?

What is the correct way to create **** a Unique X500 Object ID? Since this is for the production environment.

Thank you for the answer and by following this I was able to create a attribute and it working as expected.