MemberUID group class attribute

  • Thread starter Thread starter Ryan Sanders
  • Start date Start date
R

Ryan Sanders

Two questions on this.

1) Where does this attribute come from? I have two domain controller.
A 2003 R2 in native mode and a 2003 in mixed mode. The R2 domain has
this attribute and the mixed mode does not. Does this come from R2 or
native mode upgrade?

2) This object is defined as something to do with POSIX, since I am
never going to utilize UNIX in this environment can I safely stick
another piece of data into this attribute?

Thanks,
Ryan
 
Ryan said:
Two questions on this.

1) Where does this attribute come from? I have two domain controller.
A 2003 R2 in native mode and a 2003 in mixed mode. The R2 domain has
this attribute and the mixed mode does not. Does this come from R2 or
native mode upgrade?

2) This object is defined as something to do with POSIX, since I am
never going to utilize UNIX in this environment can I safely stick
another piece of data into this attribute?

Thanks,
Ryan
Click to expand...

To address 2) I'd say that yes you could stick something else in here if
you don't think you'll ever utilize UNIX but do you really know that for
sure? Maybe mixed mode or R2 works differently (I've only used 2k3 in
native mode) but memberUID shouldn't even be listed for a user unless it
has a value and it shouldn't have a value unless you have modified the
schema to support POSIX (again, I'm guessing based on what i've seen in
native mode).

Lastly, if you need to use the attribute for something why not just
create another attribute and use that for your data? It's better to be
safe and use a custom attribute than it is to use an attribute for
something that it wasn't meant to be used for. You just never know what
conflicts it can cause in the future.
 
1. memberUID is defined in the Windows Server 2003 R2 and Longhorn
Schemas. It has nothing to do with domain functional mode. Once you do
an R2 Forest Prep on your 2003 Forest it will have the same attributes
and classes added that are in your R2 forest.

2. Well I usually say "never say never" and it is a bad idea to try and
repurpose attributes with fixed defined purposes. No one can say it will
be safe or not to use in any particular context unless they have already
hit a known case where it isn't safe.... It is your directory, you can
do whatever you want, you are the one responsible for the consequences.
Just keep in mind that at some point in the future you may be stuck
cleaning up because you do start using some UNIX machines (or Linux or
BSD or Mac or any number of NAS products) and some tools (third party or
MSFT) may be trying to interpret that value and have issues due to it.

Creation of AD attributes is really quite a simple and painless thing if
done properly. The usual fears and issues are due to people not really
having a clue what they are doing. There are two schema chapters in the
book in the signature below, I suggest reading them. If there are more
questions, pick up Inside AD 2E and that gets even deeper.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top