Hi David, My $.02, I would go ahead and extend the schema in all cases. There's too much risk of different applications attempting to use the extension attributes for different purposes. The cost of extending the schema is low, you just need to make sure that when you extend it that the extension is exactly what you want.
Its imperative to test the extension in a test forest with the applications that use it before you extend the production forest. Having a couple of different people eyeball the change before you make it (schema review board or some such) is good too, but I think testing is the most important. Robbie Allen has some good perspective on schema extensions; he might be able to chime in on this. One thing they do at Cisco that is pretty cool is that they use VMWare to set up a small test forest, save the image files, extend the schema and test the apps, and if they need to redo the schema extension, they just revert to the saved VM images. Pretty painless. -gil -----Original Message----- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 1:37 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Add attributes or use existing ExtensionAttributes ? We've gotten by so far (2 years plus) without making any 'custom' schema changes to our forest - only changes have been due to E2K. We now have a need to store some company-specific user attributes (some codes regarding each person's place in the organization that are defined in our payroll system). These codes are also used by some areas besides payroll, because they are a useful way to determine which labor group the person is part of. As such, they are a known commodity across multiple business areas. There are no existing, unused attributes defined in the schema that neatly map to these values. I know I can just arbitrarily designate some of the built-in Extension Attributes to hold this data (ExtensionAttribute1, ExtensionAttribute2, etc.) and publish this fact to the developers that need to know. I could also extend the schema by creating new attributes, which I would assign to an auxiliary class and attach the auxiliary class to the User class. I know how to do this, and we do have a base OID assigned for our company. We built a schema modification policy as part of our migration to AD, but have never had to use it. My question is, what criteria do you folks use to determine whether to use an existing extension attribute versus creating your own custom attribute ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
