Active Directory: Right-Click to Update Employee ID & Employee Number in Active Directory Users & Computers

Due to a recent acquisition, I needed to give the helpdesk a good way to update the employeeID and employeeNumber fields in the properties of various user accounts.  As these two properties are not natively accessible from Active Directory Users & Computers, my choice was to either give them access to ADSI Edit (love them, but not going to happen) or figure out a way to add those fields to ADUC.

I ended up finding an elegant way to add them as choices when right-clicking on a user account (just like you would to reset a password).  This is a simple, quick way to extend functionality without trying to write a .Net app (something I suck at).

First, you’ll create two files names employeeID.vbs and employeeNumber.vbs (code at the end of this article).  While you could place these scripts anywhere, I found it handy to add them to directory called aduc in the Netlogon directory for our domain:

\\domain\sysvol\DOMAIN\scripts\aduc

This gives everyone access to them.  Keep in mind that while a user will have access to them, they won’t do them any good unless they have permissions to modify directory objects.

Second, you need to open ADSI Edit and edit the following key:

CN=user-Display,CN=409, CN=DisplaySpecifiers, CN=Configuration

Look for the adminContextMenu and add the following to it.  Be careful here and make sure it is exactly as it is shown below, spaces and all:


2, Employee &ID, \\DOMAIN\sysvol\DOMAIN\scripts\aduc\employeeID.vbs
3, Employee &Number, \\DOMAIN\sysvol\DOMAIN\scripts\aduc\employeeNumber.vbs

Remember to replace DOMAIN with your actual domain name.

Once that key is updated, you’ll need to wait a bit for replication to occur if you have a wide area network.

That’s it, now just launch a fresh copy of Active Directory Users & Computers, right click on a user account, and you should see “Employee ID” and “Employee Number” listed.

If you get a pop up script warning when you click on one of them, you’ll need to add your Active Directory domain name to your list of Intranet sites in Internet Explorer (Security Tab in Internet Options, Local Intranet properties, then click Advanced to add the domain name).

Here are the scripts.  Enjoy!


=================employeeID.vbs=================
 Option Explicit
 Dim wshArguments, objUser, objSchemaEmployeeID, strCurrentID, strEmployeeID, intMaxLen
 On Error Resume Next
 Set wshArguments = WScript.Arguments
 Set objUser = GetObject(wshArguments(0))
 Set objSchemaEmployeeID = GetObject(LDAP://schema/employeeID)
 intMaxLen = objSchemaEmployeeID.MaxRange
 If objUser.employeeID <> "" Then
 strCurrentID = objUser.employeeID
 Else
 strCurrentID = "empty"
 End If
 strEmployeeID = InputBox( _
 "The current Employee ID is " & strCurrentID & vbCrLf & _
 vbCrLf & _
 "Enter the new Employee ID (1 through " & intMaxLen & " chars)", _
 Right(objUser.Name, Len(objUser.Name) - 3) & " Employee ID", _
 objUser.employeeID)
 If strEmployeeID = "" Then WScript.Quit 'User clicked Cancel
 If Len(strEmployeeID) > intMaxLen Then
 MsgBox "The new Employee ID was too long and it was not saved.", _
 vbCritical, "Error Occurred"
 Else
 Err.Clear
 objUser.employeeID = strEmployeeID
 objUser.SetInfo
 If Err Then MsgBox "The new Employee ID was not saved.", _
 vbCritical, "Error Occurred"
 End If
 ===============================================


==============employeeNumber.vbs===============
 Option Explicit
 Dim wshArguments, objUser, objSchemaEmployeeNumber, strCurrentID, strEmployeeNumber, intMaxLen
 On Error Resume Next
 Set wshArguments = WScript.Arguments
 Set objUser = GetObject(wshArguments(0))
 Set objSchemaEmployeeNumber = GetObject(LDAP://schema/EmployeeNumber)
 intMaxLen = objSchemaEmployeeNumber.MaxRange
 If objUser.EmployeeNumber <> "" Then
 strCurrentID = objUser.EmployeeNumber
 Else
 strCurrentID = "empty"
 End If
 strEmployeeNumber = InputBox( _
 "The current Employee Number is " & strCurrentID & vbCrLf & _
 vbCrLf & _
 "Enter the new Employee Number (1 through " & intMaxLen & " chars)", _
 Right(objUser.Name, Len(objUser.Name) - 3) & " Employee Number", _
 objUser.EmployeeNumber)
 If strEmployeeNumber = "" Then WScript.Quit 'User clicked Cancel
 If Len(strEmployeeNumber) > intMaxLen Then
 MsgBox "The new Employee Number was too long and it was not saved.", _
 vbCritical, "Error Occurred"
 Else
 Err.Clear
 objUser.EmployeeNumber = strEmployeeNumber
 objUser.SetInfo
 If Err Then MsgBox "The new Employee Number was not saved.", _
 vbCritical, "Error Occurred"
 End If
 ===============================================

Advertisements

One Response to “Active Directory: Right-Click to Update Employee ID & Employee Number in Active Directory Users & Computers”

  1. nice script. i was looking for What value is piped in to the argument slot from the drop down.

    the drop down portion works nicely but i want to preset a batch of accounts with data i already have.

    so i tried from the Command Line:
    Cscript.exe employeeID.vbs “VALUE”

    I tried replaceing VALUE with the samaccountname, sid, guid,canonicalname, and distinguished name…. all returned hte same result

    (5, 2) (null): invalid syntax

    What data is being inserted to the argument?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s