Active Directory Custom User Profiles/Attributes?

Question

Hi all,

I am currently using the ActiveDirectoryMembershipProvider just for authentication on an internal business app built in asp.net. This works like a charm.

I am now looking to add some functionality to handle custom profile information for a user, ideally also stored in Active Directory.

For a simple example let's just say the custom attribute is FavoriteColor. Then the goal would be for my app to be able to read in this custom attribute for the authenticated user.

I have looked into ADAM a bit. That looks like it would be great for a Role Provider, but I haven't really found anything that indicates it would work well for a Profile Provider or if it would even let me store custom attributes like FavoriteColor. Maybe someone knows better?

I'm also pretty new to Active Directory so maybe there is even an option to store custom user attributes (like FavoriteColor) within it?

In general I am just looking for ideas about the best way to implement this?

Thanks!

Answer 1

Yes, it is possible to add such an attribute to the AD user object, but you have to be very cautious. Changes made when modifying the schema cannot be undone. It is all too easy to severely damage your Active Directory tree.

To make schema changes, you can use the Active Directory Schema Editor MMC snap-in. You must register the snap-in before you can use it. To register the Active Directory Schema Editor, open a command prompt, type regsvr32 schmmgmt.dll

Then you can load the snap-in in MMC, add a new FavouriteColour attribute, and link it to the user class.

Unless you really know what you are doing though, it's probably safer to use a DB table for such fields. This site has some more information.