Active Directory fun: How to verify the presence of an attribute in your schema

Alerted by an old net.friend The Cerebrate via his blog, I was stunned to discover that the Windows Server 2003 flavor of the Active Directory schema seems to include an attribute named drink, which is meant to store a person or object’s favorite drink.

I confirmed that this attribute is at least present in the MSDN docs. But does it actually reside in Windows Server 2003? Which leads us to the main question — how does one go about finding out whether a given object or attribute exists in the AD schema?

So, I fired up LDP (although you can use ADSIEdit too, and probably should, since it’s very easy to use LDP to mess up AD — and whichever tool you use, make sure you’re not using an account with write access) and headed over to the schema naming context (CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld) for a quick look-see. Lo and behold:

So there you have it.

Update: Tony and I are now swapping ideas for AD-based drinking games:

  • Tony proposes writing a desktop agent that alerts you when your AD user object has been queried; when it has, take a drink. [Edit: that would require hooking into all your DCs, which would be a massive pain in the ass. I don’t think it’ll fly, but it’s fun!]
  • I proposed a game where you have to pick an object that has the drink attribute populated (without scanning the directory first); if they do, they take a drink and are the next person to choose, and if they don’t you get to take a drink and choose again.

What kind of AD drinking games can you come up with?

I wonder if our Cookbook editor Robbie knows about this. I’d be willing to bet he can come up with some great AD drinking games.