Copying Attributes From a Template User Object

Friday, October 28, 2011

The Active Directory Users and Computers console has a nice feature that allows you to copy a user account. This is especially helpful in situations where you want to create a "template" user account that contains mandatory information shared by all of your users. When you attempt to copy a user account, you'll notice that not all of the fields are included in the copy process. This is by design.

For instance if you want to include additional attributes in the copy process, you'll need to modify the searchFlags attribute. You'll need to use the ADSI Edit utility. In addition, you can only modify this setting for attributes that are members of the User Class. If you attempt to do this using the Active Directory Schema, the option to do so is unavailable, even if you log in as a member of the Schema Admins group.

Here's how to do it:

  • Log in as a Schema Admin
  • Start ADSI Edit
  • Connect to the Schema naming context on the server that is the schema master.
  • Browse through the containers, right-click the attribute you want to modify, and then click Properties.
  • In the Schema attribute editor properties dialog box, select the "searchFlags" value in Select a property to view, and then edit the value as an integer.
  • If there is an existing value and you want to enable the option to copy an attribute, add 16. For instance, if there is a value of "5" present, add 16 so the new value is 21.

Here is some more information you can reference regarding the searchFlags attribute:

Search-Flags Attribute
http://msdn.microsoft.com/en-us/library/ms679765.aspx

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed