This question is about how/where to store arbitrary key-value pairs in Active Directory. Can it be used, in a pinch, as a data-store like that, assuming the number of such items would be in the dozens not in the thousands?
Is there a canonical place in the hierarchy to store them?
Is there any restriction on the character encoding or any restrictions on which characters can be used? Could value be a json
string?
There is no canonical place to store arbitrary key-value pairs in Active Directory.
In fact the very idea goes against the fundamental design principle of LDAP/Active Directory, which requires every attribute to have a well-defined schema beforehand:
So no, there no canonical way to store any arbitrary domain-related data in Active Directory.
Create a folder in AD; call it `KeyValueStore':
Into that folder add...something. For example an Contact, and you give it the name of the key you want to add:
and then you pick an attribute, like Description to give it the corresponding value:
And now you have your domain-wide, replicated, fault-tolerant, key-value store: