Alerted by an old net.friend The Cerebrate via his blog, I was stunned to discover that the Windows Server 2003 flavor of the Active Directory schema seems to include an attribute named drink, which is meant to store a person or object’s favorite drink.
I confirmed that this attribute is at least present in the MSDN docs. But does it actually reside in Windows Server 2003? Which leads us to the main question — how does one go about finding out whether a given object or attribute exists in the AD schema?
So, I fired up LDP (although you can use ADSIEdit too, and probably should, since it’s very easy to use LDP to mess up AD — and whichever tool you use, make sure you’re not using an account with write access) and headed over to the schema naming context (CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld) for a quick look-see. Lo and behold:
Expanding base 'CN=drink,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld'...
Result <0>: (null)
Getting 1 entries:
>> Dn: CN=drink,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld
2> objectClass: top; attributeSchema;
1> cn: drink;
1> distinguishedName: CN=drink,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 10/22/2002 18:50:14 Pacific Standard Time Pacific Daylight Time;
1> whenChanged: 08/07/2003 13:10:41 Pacific Standard Time Pacific Daylight Time;
1> uSNCreated: 4305;
1> attributeID: 0.9.2342.19200300.100.1.5;
1> attributeSyntax: 220.127.116.11;
1> isSingleValued: FALSE;
1> rangeLower: 1;
1> rangeUpper: 256;
1> uSNChanged: 4305;
1> showInAdvancedViewOnly: TRUE;
1> adminDisplayName: drink;
1> adminDescription: The drink (Favourite Drink) attribute type specifies the favorite drink of an object (or person).;
1> oMSyntax: 64;
1> searchFlags: 0;
1> lDAPDisplayName: drink;
1> name: drink;
1> objectGUID: db19f4f8-a922-429c-bd37-bd1e0a3dfd9c;
1> schemaIDGUID: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048;
1> systemOnly: FALSE;
1> objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld;
So there you have it.
Update: Tony and I are now swapping ideas for AD-based drinking games:
- Tony proposes writing a desktop agent that alerts you when your AD user object has been queried; when it has, take a drink. [Edit: that would require hooking into all your DCs, which would be a massive pain in the ass. I don’t think it’ll fly, but it’s fun!]
- I proposed a game where you have to pick an object that has the drink attribute populated (without scanning the directory first); if they do, they take a drink and are the next person to choose, and if they don’t you get to take a drink and choose again.
What kind of AD drinking games can you come up with?
I wonder if our Cookbook editor Robbie knows about this. I’d be willing to bet he can come up with some great AD drinking games.