Page Comparison

The following is the defined members of the utexasAux class. This class contains the custom schema attributes defined An auxiliary class is a schema object class that can be associated with one or more existing base object classes in the schema to extend an object class with additional attributes. The Austin Active Directory includes two custom auxiliary classes: utexasEduAustinAuxClass and utexasEduAzureAuxClass. The custom auxiliary classes and their associated attributes enable the storage of additional information in the Austin Active Directory.

Custom Attribute Availability

...

30

...

30

...

Class Definitions

Expand

title	Austin Auxiliary Class

The utexasEduAustinAuxClass class contains confidential attributes that require both the Read Property and the Control Access permissions to access.

Class Type	Name	OID Prefix

...

Suffix

...

Notes

...

Auxiliary Class

...

utexasEduAustinAuxClass

1.3.6.1.4.1.17940.3.5.

...

AUSTIN-Single1-R / RW

...

AUSTIN-Single2-R / RW

...

mail

...

utexasEduPersonForcePasswdChg

...

AUSTIN-Single5-R / RW

...

AUSTIN-Single6-R / RW

...

AUSTIN-Single8-R / RW

...

AUSTIN-Single9-R / RW

...

0

1

Auxiliary class for Austin attributes; Austin attributes are confidential attributes and require the Control Access permission for any access

Expand

title	Azure Auxiliary Class

The utexasEduAzureAuxClass class contains standard attributes that can be accessed with the Read Property permission.

Class Type	Name	OID Prefix	Suffix	Notes
Auxiliary Class	utexasEduAzureAuxClass	1.3.6.1.4.1.17940.3.5.

...

Multi Valued Attributes

...

AUSTIN-Multi1-R / RW

...

AUSTIN-Multi2-R / RW

...

AUSTIN-Multi3-R / RW

...

AUSTIN-Mult12-R / RW

...

AUSTIN-Multi13-R / RW

...

cn

...

0

...

utexasEduAustinSingle14

...

utexasEduAustinSingle15

...

eduPersonOrgDN

...

2	Auxiliary class for Azure attributes; Azure attributes are standard attributes and may contain only published or directory data.

Attribute Definitions

Expand

title	Austin Attributes

The Austin attributes are associated with the utexasEduAustinAuxClass class and have SearchFlags set to 131:

indexed (1)
containerized-index (2)
confidential (128)

Attribute Type	Class	Name	OID Prefix	Count	Notes
Single-valued String	utexasEduAustinAuxClass	utexasEduAustinSingle#	1.3.6.1.4.1.17940.3.5.

...

1

...

	1 through 40	Attribute for Unicode text but limited to a single value
Multi-valued String	utexasEduAustinAuxClass	utexasEduAustinMulti#	1.3.6.1.4.1.17940.3.5.2

...

1 through 60	Attribute for Unicode text
Time	utexasEduAustinAuxClass	utexasEduAustinTime#	1.3.6.1.4.1.17940.3.5

...

.

...

3

...

utexasEduPersonAssociatedSchoolCode

...

1 through 30	Attribute for time
Boolean	utexasEduAustinAuxClass	utexasEduAustinBool#	1.3.6.1.4.1.17940.3.5.

...

4

...

1 through 10

Attribute for booleans

Expand

title	Azure Attributes

The Azure attributes are associated with the utexasEduAzureAuxClass class and have SearchFlags set to 3:

indexed (1)
containerized-index (2)

Attribute Type	Class	Name	OID Prefix	Count	Notes
Single-valued String	utexasEduAzureAuxClass	utexasEduAzureSingle#	1.3.6.1.4.1.17940.3.5.

...

utexasEduPersonSchoolMajorCode

...

101	1 through 10	Attribute for Unicode text but limited to a single value
Multi-valued String	utexasEduAzureAuxClass	utexasEduAzureMulti#	1.3.6.1.4.1.17940.3.5.

...

Time Attributes

...

AUSTIN-Time1-R / RW

...

AUSTIN-Time2-R / RW

...

AUSTIN-Time3-R / RW

...

Commands to set permissions for security groups

Code Block

# set scope Import-Module ActiveDirectory $attributes = 1..30 $grouptypes = "Single","Multi","Time" $ad = Get-ADDomain $dc = $ad.PDCEmulator.ToLower() $ou = "'\\" + $dc + "\OU=People," + $ad.DistinguishedName + "'" foreach ($attr in $attributes) { foreach ($group in $grouptypes) { $groupAttr = $group + $attr # Check for existing groups; create groups if missing Try { Get-ADGroup ("AUSTIN-" + $groupAttr + "-R") | Out-Null Write-host "Existing group for" ($ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-R") } Catch { Write-Host "Creating group for" ($ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-R") New-ADGroup -Server $dc -Path ("OU=Attributes,OU=Austin,OU=Departments," + $ad.DistinguishedName) -GroupScope Universal -Name ("AUSTIN-" + $groupAttr + "-R") | Out-Null } Try { Get-ADGroup ("AUSTIN-" + $groupAttr + "-RW") | Out-Null Write-host "Existing group for" ($ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-RW") } Catch { Write-Host "Creating group for" ($ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-RW") New-ADGroup -Server $dc -Path ("OU=Attributes,OU=Austin,OU=Departments," + $ad.DistinguishedName) -GroupScope Universal -Name ("AUSTIN-" + $groupAttr + "-RW") | Out-Null } # Remove and reset permissions for groups Write-Host "Setting rights for" ($ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-R") Invoke-Expression ("C:\Windows\System32\dsacls.exe " + $ou + " /R '" + $ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-R'") | Out-Null Invoke-Expression ("C:\Windows\System32\dsacls.exe " + $ou + " /I:S /G '" + $ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-R:CARP;utexasEduAustin" + $groupAttr + ";'") | Out-Null Write-Host "Setting rights for" ($ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-RW") Invoke-Expression ("C:\Windows\System32\dsacls.exe " + $ou + " /R '" + $ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-RW'") | Out-Null Invoke-Expression ("C:\Windows\System32\dsacls.exe " + $ou + " /I:S /G '" + $ad.NetBIOSName + "\AUSTIN-" + $groupAttr + "-RW:CARPWP;utexasEduAustin" + $groupAttr + ";'") | Out-Null } }

102

1 through 10

Attribute for Unicode text

Version	Old Version 1	New Version Current
Changes made by	Alex Barth	Alex Barth
Saved on	May 24, 2019	Dec 16, 2024

Versions Compared

Key

Custom Attribute Availability

Class Definitions

Multi Valued Attributes

Attribute Definitions

Time Attributes

Commands to set permissions for security groups

Attribute Assignment and Mapping