Esittely suomeksi (Intro in Finnish)

ADAE (Active Directory Attribute Editor) on tuote helpottamaan Active Directoryn ylläpitoa. ADAEn avulla Microsoftin ADUC-työkaluun (Active Directory Users and Computers) voidaan lisätä omia uusia välilehtiä, joiden kautta voidaan katsella ja muokata sellaisia tietokenttiä, joita siellä ei normaalisti näy. Olivat ne sitten Windowsin vakiokenttiä kuten EmployeeID tai omien schema-laajennosten kautta lisättyjä kenttiä.

Lisätietoja ja tilauksia varten voit ottaa yhteyttä myyntipalveluumme p. 042 42 2121 tai myyntipalvelu@sovelto.fi

 

Intro in English

ADAE (Active Directory Attribute Editor) is a product that helps manage Active Directory. ADAE enables you to add your own property pages (tabs) to the Active Directory Users and Computers. This way you can view and/or modify predefined attributes, such as user’s EmployeeID, or any new attributes you or your applications have added to AD. You define which tabs and attributes you want to add by modifying the registry of your workstation.

 

Scenarios

You can use ADAE to enhance AD Users and Computers (ADUC) in many ways. Here are some typical scenarios:

Description Click to enlarge 
Employee ID Many organizations want to use the employeeID attribute.
Object Info If you turn Advanced Features on in AD Users and Computers, you’ll see the path name (canonical name) of the object, as well as its creation and last modification date. The downside, however, is that also many unnecessary containers become visible, which may make the user interface clumsier. By using ADAE, you can see the same good information without making the unnecessary information visible.
Logon Info AD Users and Computers doesn’t have built-in capability of displaying various logon information. ADAE resolves this problem. You can also extract individual bit of an attribute, so you can add fields, such as Password Not Required, which is not otherwise visible in AD Users and Computers.  
Own Attributes If you or your applications add any new attributes to the schema, you can use ADAE to manage those attributes.
Extension Attributes Microsoft Exchange adds extension attributes 1-15 to the schema. You can manage these attributes with Exchange Server 2003, but in Exchange Server 2007 they are no longer visible in AD Users and Computers. Therefore, you need ADAE, if you still want to manage them with AD Users and Computers.

 

Download

Here you can download an unlicensed evaluation copy of ADAE. You can also download a sample reg file that helps you get started.

By downloading ADAE and/or the reg file you agree to be bound by the terms and conditions described in the License & Buy section. If you do not agree to be bound by these provisions, you should not download ADAE and/or the reg file. Downloading ADAE and/or the reg file constitutes an acceptance of the said terms and conditions.

Installation Instructions

In order to use ADAE, you need to do three things:

  1. Add the class id of ADAE to your forest configuration.
  2. Copy and register the the ADAE dll file in the computer, where ADAE is to be used.
  3. Define the attributes you want to edit by modifying the registry of the computer, where ADAE is to be used

The following sections explain the three steps.

Per-Forest Installation

Perform the following steps using Enterprise Admin privileges.

WARNING! In step 5, if you forget the ending curly brace (}), for example, no one can edit users anymore in your forest with AD Users and Computers.

  1. If not yet installed, install Support Tools from Windows Server installation media, folder SUPPORT\TOOLS.
  2. Start adsiedit.msc
  3. Locate the object CN=user-Display, CN=409, CN=DisplaySpecifiers, CN=Configuration, DC=<yourforestname> (Currently, only 409 (English) is supported).
  4. Open the object’s properties and locate the attribute adminPropertyPages.
  5. AdminPropertyPages is a multivalued attribute, add a new value xx,{06C7C934-A012-4698-8108-927E76F144AC} where xx is a free number, possibly 11. Save the changes.

Per-Computer Installation

Perform the following steps on each computer where ADAE is to be used.

  1. Copy ADAttrEd.dll to C:\Windows or another folder.
  2. Either on command line or Start-Run window, enter the command regsvr32 ADAttrEd.dll. You also need to type the folder name, if ADAttrEd.dll is not in a folder that is listed in the PATH setting.
  3. You should see the popup DllRegisterServer in <path-you-typed> succeeded.
  4. Modify the computer’s registry to define which tabs and attributes to include in the user properties of AD Users and Computers. See the next section about how to modify the registry.

Modifying the Registry

Modify the registry of each computer where ADAE is to be used.

WARNING! You should not add to ADAE any attributes that are already visible in AD Users and Computers (ADUC). If you do, the ADUC user can later enter a value for that attribute both in the pre-existing tab and in the ADAE tab. When she saves the changes, only one of the values is stored, and it is quite random which one.

All ADAE settings are stored in the registry key HKLM – SOFTWARE – FC Sovelto – AD Attribute Editor – Attributes.

The easiest way to learn the format is to look at the accompanied ADAETest.reg file in the Download section.

1. Under the Attributes key, there is one key for each dialog page.

  • The page name is in the key name.
  • Page sorting is in key data.

2. Under each page key, there is one key for each attribute group, which becomes a frame in the user interface.

  • The frame caption is in the key name.
  • The frame sorting is in key data.

3. Under each group key, there is one string value (REG_SZ) per attribute
(max 9 per group).

  • The value name is unimportant.
  • The data contains attribute sorting, LDAP name, caption, and flags, all separated with commas. An example is 1, employeeID, &Employee ID, RO
  • The ampersand (&) in the caption defines the alt key.
  • The caption is optional. If not included, the LDAP name is used instead.
  • There may or may not be a space after each comma.
  • The possible flags are:
    RO, which makes the field read only and
    DATE, which causes ADAE to display a large integer value as date/time. You could use this with attributes such as lastLogon and lastLogonTimestamp.
    The flags are case sensitive, so you must type them in uppercase letters.
  • You can extract individual bits of an attribute with a syntax such as
    1, userAccountControl & 32, Password Not Required
    You can see some bit values in the sample script CH11-06 ADSI List the Account Options of a User.vbs at http://www.kouti.com/scripts.htm

See also the following section about the supported data types.

 

Supported Data Types

The following table describes how ADAE supports and handles the 23 data types that may exist in AD in the case of single-valued attributes. In addition, ADAE has limited support for multivalued attributes, as described after the table.

Data Type Description
Boolean A check box
Enumeration,
Integer
A text box with up/down arrows (spin controls); accepts only characters 0-9; contains a 32-bit non-negative number ranging from 0 through 4,294,967,296, or whatever rangeLower and rangeUpper are specified in the schema;
can also extract individual bits, see the Modifying the Registry section
Large integer (a.k.a. INTEGER8) A text box with up/down arrows (spin controls); accepts only characters 0-9; contains a 64-bit number ranging from
-9,223,372,036,854,775,807 through 9,223,372,036,854,775,807;
can be also shown as read-only date/time, see the Modifying the Registry section
Case-ignore string (teletex),
Case-sensitive string (a.k.a. case-exact string),
IA5 string,
Numeric string,
OID string,
Printable string,
Unicode string (a.k.a. directory string),
Access point DN,
DN (a.k.a. distinguished name or DN String),
OR name,
Presentation address
A text box; a certain character set, such as IA5, is not enforced
Generalized time string,
UTC time string
A read-only text box of date and time; the time is in 24h format with no time zone correction (i.e., UTC time)
NT security descriptor,
Octet string,
SID string,
DN with binary (a.k.a. DN with octet string),
DN with Unicode string,
Replica link
Data type not supported

ADAE has the following limited support for multivalued attributes:

  • Multivalued attributes are displayed in one text box,
    delimited with colons (;).
  • Multivalued attributes are displayed in read-only format.

License & buy

You may have either the downloaded (unlicensed) copy of ADAE or the licensed copy you bought. The following table describes them.

Feature The Downloaded Copy The Licensed Copy
Right to Use You may use ADAE freely, except as specified in this table.
Restrictions You may not modify or reverse engineer ADAE.

You may not distribute ADAE outside your organization. In other words, each organization must download its copy from this Web page.

Other Terms In this context, ”ADAE” means both the unlicensed copy of the ADAE software that you can download, and the licensed copy that you receive by e-mail, along with any accompanying files, such as the sample reg file.

FC Sovelto Oyj, Sakari Kouti, and Heikki Raatikainen (the “SUPPLIERS”) provide ADAE as is and with all faults, and hereby disclaim all other warranties and conditions, either express, implied, or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, all with regard to ADAE, and the provision of or failure to provide support services.

Exclusion of incidental, consequential, and certain other damages. To the maximum extent permitted by applicable law, in no event shall the SUPPLIERS be liable for any special, incidental, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits or confidential or other information, for business interruption, for personal injury, for loss of privacy, for failure to meet any duty including of good faith or of reasonable care, for negligence, and for any other pecuniary or other loss whatsoever) arising out of or in any way related to the use of or inability to use ADAE, the provision of or failure to provide support services, or otherwise under or in connection with any provision of these terms, even in the event of the fault, tort (including negligence), strict liability, breach of contract, or breach of warranty of the SUPPLIERS, and even if the SUPPLIERS have been advised of the possibility of such damages.

Limitation of liability and remedies. Notwithstanding any damages that you might incur for any reason whatsoever (including, without limitation, all damages referenced above and all direct or general damages), the entire liability of the SUPPLIERS under any provision of this license text and your exclusive remedy for all of the foregoing shall be limited to the amount actually paid by you for ADAE (and this possible monetary liablity applies only to the company FC Sovelto Oyj, so there is no liability whatsoever of the persons Sakari Kouti or Heikki Raatikainen). The foregoing limitations, exclusions, and disclaimers shall apply to the maximum extent permitted by applicable law, even if any remedy fails its essential purpose.

Running Mode Read/write, when used in the specified domain, read-only in other domains.
Specified Domain test.local The name you specified, when placing the order. You can place multiple orders, if you need to use ADAE in multiple domains.
Price Free USD 890/EUR 790/GBP 550 per domain. No limitation on how many people use ADAE or how many users are managed with it.
Order Go to Download Click here to order your copy at ShareIt.com

The Order Process

The order process is the following:

  1. Place your order and make the payment at ShareIt.com.
  2. The order form requires you to enter the License to text (where you can enter the domain name), and your e-mail address.
  3. You receive your licensed copy by e-mail.

Customized Version

If you need a customized version of ADAE, please contact Sakari Kouti (sakari.kouti@sovelto.fi) to check if this is possible.

Refunds policy

No refunds will be issued for ADAE. Please use the downloadable version to determine if ADAE meets your needs prior to placing an order.

Known shortcomings

There are the following known shortcomings in ADAE 1.0:

  • The up and down arrows (spin control) with integer attributes sometimes uses 100 as the largest value. Also, the up arrow sometimes decreases the value instead of increasing it.
  • The time format of a time string displays with a 24-hour clock, such as 18.40, while the time format of a Large integer converted to a date/time may display as 6.40 PM.

Troubleshooting

There are quite a few attributes, data types, combinations, and scenarios that you can use ADAE with. Therefore, it is possible to run into a situation, where you suspect a bug in ADAE. If you do, please contact Sakari Kouti (sakari.kouti@sovelto.fi).

Version history

Version 1.0

  • The first public version.