Alerted by an old net.friend The Cerebrate via his blog, I was stunned to discover that the Windows Server 2003 flavor of the Active Directory schema seems to include an attribute named drink, which is meant to store a person or object’s favorite drink.
I confirmed that this attribute is at least present in the MSDN docs. But does it actually reside in Windows Server 2003? Which leads us to the main question — how does one go about finding out whether a given object or attribute exists in the AD schema?
So, I fired up LDP (although you can use ADSIEdit too, and probably should, since it’s very easy to use LDP to mess up AD — and whichever tool you use, make sure you’re not using an account with write access) and headed over to the schema naming context (CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld) for a quick look-see. Lo and behold:
Expanding base 'CN=drink,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld'... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=drink,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld 2> objectClass: top; attributeSchema; 1> cn: drink; 1> distinguishedName: CN=drink,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld; 1> instanceType: 0x4 = ( IT_WRITE ); 1> whenCreated: 10/22/2002 18:50:14 Pacific Standard Time Pacific Daylight Time; 1> whenChanged: 08/07/2003 13:10:41 Pacific Standard Time Pacific Daylight Time; 1> uSNCreated: 4305; 1> attributeID: 0.9.2342.19200300.100.1.5; 1> attributeSyntax: 18.104.22.168; 1> isSingleValued: FALSE; 1> rangeLower: 1; 1> rangeUpper: 256; 1> uSNChanged: 4305; 1> showInAdvancedViewOnly: TRUE; 1> adminDisplayName: drink; 1> adminDescription: The drink (Favourite Drink) attribute type specifies the favorite drink of an object (or person).; 1> oMSyntax: 64; 1> searchFlags: 0; 1> lDAPDisplayName: drink; 1> name: drink; 1> objectGUID: db19f4f8-a922-429c-bd37-bd1e0a3dfd9c; 1> schemaIDGUID: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048; 1> systemOnly: FALSE; 1> objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=domain,DC=rootdomain,DC=tld; -----------
So there you have it.
Update: Tony and I are now swapping ideas for AD-based drinking games:
- Tony proposes writing a desktop agent that alerts you when your AD user object has been queried; when it has, take a drink. [Edit: that would require hooking into all your DCs, which would be a massive pain in the ass. I don’t think it’ll fly, but it’s fun!]
- I proposed a game where you have to pick an object that has the drink attribute populated (without scanning the directory first); if they do, they take a drink and are the next person to choose, and if they don’t you get to take a drink and choose again.
What kind of AD drinking games can you come up with?
I wonder if our Cookbook editor Robbie knows about this. I’d be willing to bet he can come up with some great AD drinking games.