User objects have an employeeID attribute but it doesn't appear by default in active directory users & computers.
Sakari Kouti has written a great script to help with this. You can find that script here(employeeID.vbs)
Step1:
Download the script and save it on your PC. I've put the script on my C drive in a folder called AddID
Step2:
In ADSI Edit go to the configuration container and navigate to CN=DisplaySpecifiers, CN=409)
In the right pane find CN=user-display and right click and select properties.
Step3:
Select the adminContextMenu attribute. Add the following value
2, Employee &ID, path to script
Note: If 2 is in use just pick the next number. In my example I've put the script in c:\addid\employeeid.vbs
UPDATE: I should have added this when I first posted this but thanks to Rob Sampson for pointing it out. Rob is one of the strongest scripters I've met and is a valuable member of the IT community.
From Rob (Thanks Rob!):
you could place "employeeid.vbs" in your NetLogon share of a Domain Controller (which then replicates to all other DCs), and have 2. Employee &ID, \\domain.com\sysvol\domain.com\scripts\employeeid.vbs
Screen shot below shows that example in my mktest.com domain.
Step4:
Now if you use Active Directory Users & Computers you can right click on a user and employee ID should appear.
You can select the field and edit it:
Thanks to Sakari Kouti for the script. He also has a new book coming out called Active Directory 2008 Unleashed
If that book is anything like his last book (Inside AD 2nd Edition) then it is a must have...I've already pre-orderd the new book :)
Posts
This script just let you add a value, or change.. I need something more.. if i've added the wrong value, how can i delete (clear) the value?
ReplyDeleteThank you ;)
Use the following version of the script that I've modified.
Delete' -------------------------------------------------------------------------
' Script by Sakari Kouti (see http://www.kouti.com)
' You have a royalty-free right to use, modify, reproduce and distribute
' this script (and/or any modified version) in any way you find useful,
' provided that you agree that Addison-Wesley or Sakari Kouti has no
' warranty, obligations or liability for the script. If you modify
' the script, you must retain this copyright notice.
' -------------------------------------------------------------------------
'
' Modified by Jeremy@jhouseconsulting.com 28th April 2014
' Added the logic so that the value can be cleared.
'
Option Explicit
Const ADS_PROPERTY_CLEAR = 1
Dim wshArguments, objUser, objSchemaEmployeeID, strCurrentID, strEmployeeID, intMaxLen
On Error Resume Next
Set wshArguments = WScript.Arguments
Set objUser = GetObject(wshArguments(0))
Set objSchemaEmployeeID = GetObject("LDAP://schema/employeeID")
intMaxLen = objSchemaEmployeeID.MaxRange
If objUser.employeeID <> "" Then
strCurrentID = objUser.employeeID
Else
strCurrentID = "empty"
End If
strEmployeeID = InputBox( _
"The current Employee ID is " & strCurrentID & vbCrLf & _
vbCrLf & _
"Enter the new Employee ID (1 through " & intMaxLen & " chars)" & vbCrLf & _
vbCrLf & _
"Type empty or clear to clear the value altogether.", _
Right(objUser.Name, Len(objUser.Name) - 3) & " Employee ID", _
objUser.employeeID)
If strEmployeeID = "" Then WScript.Quit 'User clicked Cancel
If Len(strEmployeeID) > intMaxLen Then
MsgBox "The new Employee ID was too long and it was not saved.", _
vbCritical, "Error Occurred"
Else
Err.Clear
If (trim(strEmployeeID) = "" or _
trim(lcase(strEmployeeID)) = "empty" or _
trim(lcase(strEmployeeID)) = "clear") Then
objUser.PutEx ADS_PROPERTY_CLEAR, "employeeID", 0
Else
objUser.employeeID = trim(strEmployeeID)
End If
objUser.SetInfo
If Err Then MsgBox "The new Employee ID was not saved.", _
vbCritical, "Error Occurred"
End If
Thanks a lot Jeremy!
DeleteOh,boy you guy´s are good. Thank you.
ReplyDeleteIs it possible to have employeeID diplayed in user properties
ReplyDeleteHow do I add this in Profile?
ReplyDeleteNo easy way to add it in a tab in ADUC unless you have some really good developers. I'm not that developer :)
ReplyDeleteif connect to dc from Windows7 or server2008 mmc console it's not working?
ReplyDeleteIndeed, same result here. From a server2003 mmc its working, but not on a W7 or server 2008 mmc console.
DeleteOh that means we dont need anythird party toolanymore. Today its been seen over there are different tools at the market which are allowing this sort of updated but its very fine now that by using this script we wont be using any third party tool any more.
ReplyDeleteThanks for your valuable feedback.
Hey Guys,
ReplyDeleteI see the employee id when I right click but I am unable to update the field. Did I miss something in the post?
Thanks.
I am wanting to make a correction in ADSI to the the location of the script in the adminContextMenu . It is currently pointed to a DC that has been demoted and is no longer a member server. I would like to point it to \\domain.com\sysvol\domain.com\scripts\employeeid.vbs as per the update from Rob. If I do this, will it wreck the way it is working now, and it does work as advertised, or does it just pick up where it left off?
ReplyDeleteThank you,
PeterG