Extending the schema
When the set of classes and attributes in the base Active Directory schema do not meet your needs, you can extend the schema by modifying or adding classes and attributes. You should only extend the schema when absolutely necessary. The easiest way to extend the schema is through the Schema Microsoft Management Console (MMC) snap-in. You should always develop and test your schema extensions in a test lab before moving them to your production network
To install the Active Directory Schema snap-in
Open an elevated command prompt. Click Start, type command prompt, and then right-click Command Prompt when it appears in the Start menu. Next, click Run as administrator. When the command prompt opens, type the following command, and then press ENTER
- Click Start, click Run, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- Under Available snap-ins, click Active Directory Schema, click Add, and then click OK.
- To save this console, on the File menu, click Save.
- In the Save As dialog box, do one of the following:
- To place the snap-in in the Administrative Tools folder, in File name, type a name for the snap-in, and then click Save.
- To save the snap-in to a location other than the Administrative Tools folder, in Save in, navigate to a location for the snap-in. In File name, type a name for the snap-in, and then click Save.
Modifying the schema is an advanced operation that is best performed by experienced programmers and system administrators. For detailed information about modifying the schema, see Active Directory Schema (http://go.microsoft.com/fwlink/?LinkId=80809).
- To perform the Schmmgmt.dll registration portion of this procedure, you must be a member of the Domain Admins group in the domain or the Enterprise Admins group in the forest, or you must have been delegated the appropriate authority. Adding the Active Directory Schema snap-in to MMC requires only Domain Users group membership. However, making changes to the schema requires membership in the Schema Admins group.
Creating a New Attribute
When creating classes and attributes, note the following:
- Do not include spaces when entering the attribute and class names. An LDAP display name with embedded spaces can cause problems.
- Object identifiers (OIDs) are issued by International Standards Authorities such as the International Telecommunications Union (ITU) to prevent issuance of duplicates. If your organization expects to create new classes and attributes, you may want to first request OIDs from the relevant standards body in your country. The OIDs listed here have been issued by Microsoft and are guaranteed to be unique. Do not create your own OIDs.
Add a new schema class or attribute definition
To add a new schema class or attribute definition
- Open the Active Directory Schema snap-in.
- In the console tree, click Active Directory Schema.
- Do one of the following:
- To add a class definition, in the console tree, right-click Classes, click Create Class, and then follow the instructions.
To add an attribute definition, in the console tree, right-click Attributes, click Create Attribute
Voer waardes in bij Common Name and Description
Wijzig Syntax in Generalized Time
The Unique X500 Object ID MUST be filled in.
To get a unique X500 ID follow the instructions on
Copy the code into Notepad and save as .VBS
Open het VBS script
Root OID = 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681
Our Rooyt OID = 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681
Attribute will be: 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681.2
First attribute OID: 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681.2.1
Now you need to create a SharePoint user profile attribute and map it to the new Active Directory attribute. Before you can do that, you need to update the schema in the Forefront Identity Manager 2010 on the SharePoint server running the User Profile Service Application.
a) Navigate to the C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell folder
b) Double-click on the miisclient.exe application. This will open Forefront Identity Manager 2010. (ensure that the services are running and that you have permission to open!!)
c) Click the Management Agents button on the toolbar
d) Select your Active Directory management agent (it should say Active Directory Domain Services in the Type column)
e) In the Actions menu select Refresh Schema
f) Click OK in the confirmation dialog box
g) If prompted, specify credentials for the domain account used by the agent
h) A window will open showing the schema refresh progress
i) Once schema refresh is complete, click Close button to close the refresh window
j) Open Properties
k)Select Attributes – Show All and Add dateofbirth
Close Forefront Identity Manager 2010
SharePoint 2010 actions
Once the Forefront Identity Manager schema has been updated, you can create a new SharePoint user profile property and map it to the Active Directory attribute.
a) In Central Administration under Application Management select Manage service applications
b) Click on the User Profile Service Application
c) Under People click Manage User Properties
d) Edit Birthdayproperty
e) Scroll down to the Add New Mapping section
f) Select your Active Directory synchronization connection in the date no year field
g) Select your new Active Directory attribute in the Attribute field
h) Select Import in the Direction field
i) Click Add to add the new mapping
j) Click OK to save the new profile property
Open Active Directory
Choose View – Advanced Features
Choose the OU you want to sync SharePoint with
Select a user and open the properties
Choose Attribute Editor
Scroll down to dateofbirth and choose Edit
Enter a value
Open Central Administration
Manage Service Applications
Open User Profile Service Application
Choose Start Profile Synchronization
Control this by opening Manage User Profiles
Enter a name to search for
Edit the profile and scroll down to Birthday
There it is!!!!