RE: [ActiveDir] Adding new attribute(s) to user objects in 2000 A D

[Creamer, Mark]

Title: RE: [ActiveDir] Background

For whatever it’s worth, we use the EmployeeID attribute for this type of thing. We did create a new attribute for SSN, but it only contains the last 4 digits. It’s used for a user verification purpose, kind of like when you forget your password to a site and it asks you a question to verify.   <mc> -----Original Message----- From: Burns, Clyde [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 12:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Adding new attribute(s) to user objects in 2000 A D   Personally I'm with you on the privacy reasons. (can you say HIPAA?) But its a matter of bringing all the options with pro's and con's to the table so management can make an informed decision. The HR (peoplesoft), the web team (coldfusion), and Security (excel & access databases) departments want to tie all their databases together (or replace them) for better identity management without buying something like waveset www.waveset.com. The main idea 'on the table' is use Active Directory as the central authority with a feed from Peoplesoft for user adds/deletes and a feed to peoplesoft for things like email addrs, user locations, phone numbers etc. Also use AD via LDAP as the authentication point for all intranet/extranet web content.   I think using the "EmployeeID" attribute and locking it down would meet the needs as stated to me so far. But if the requirements change / expand I want to make sure I am prepared to address it.   Clyde From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, November 07, 2003 10:52 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Adding new attribute(s) to user objects in 2000 A D Besides the obvious, "don't put SSN in the directory for privacy reasons" I'd have to ask what requirements you have.  For example, why create a new attribute?  Why not use an existing that you won't use anyway?   Al   From: Burns, Clyde [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Adding new attribute(s) to user objects in 2000 AD I am currently tasked with getting social security numbers into AD for my company. I have been reading Microsoft's "Step-by-Step Guide to Using Active Directory Schema and Display Specifiers" http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/adschemasteps.asp and wanted to get some feedback from people who have "been there, done that" before I try this in the lab environment.   Does anyone have any advice for do's and dont's with regards to adding new attributes into Active Directory?   Thanks   Clyde Burns Norton Healthcare   This message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. Any patient health information must be delivered immediately to intended recipient(s). If you are not the intended recipient(s), you are notified that the dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or telephone number above and discard this e-mail. Thank you. This message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. Any patient health information must be delivered immediately to intended recipient(s). If you are not the intended recipient(s), you are notified that the dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or telephone number above and discard this e-mail. Thank you.