You can't actually remove the aux class after the fact. For one attribute, go with #1.
I usually create the attribute in a dev AD or AD LDS instance using the MMC snap-in and then use ldifde or AD Schema Analyzer to export the attribute for import to production (and backup of the LDIF). Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Christopher Bodnar Sent: Wednesday, July 31, 2013 12:17 PM To: [email protected] Subject: [NTSysADM] Adding attribute to AD schema I'm working on a project that is going to use Tivoli Identity Manager to automate the provisioning of users. It will initially integrate with our HR system and Active Directory. Eventually it will integrate with all the other systems in the environment. We have one attribute in our HR system that currently doesn't exist in Active Directory and would like to add it . I've read through this: http://technet.microsoft.com/en-us/library/bb727064.aspx And the process looks fairly straight forward. My question is more of approach. Here are the 2 options as I see them: Option # 1: Create a new attribute Add the new attribute to the User class Option # 2: Create a new attribute Create a new auxiliary Class Add the Attribute to the new auxiliary class Add the new auxiliary class to the User class The only benefit I can see with Option # 2 is that if at some point you wanted to remove all the changes, if you had a number of them, you could do it all at once by removing the auxiliary class. At this point I really don't see us adding more than a few attributes at most. But you never know. Thoughts? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
<<inline: image001.jpg>>
