Is there a canonical place to store arbitrary key/value pairs in Active Directory
This question is about how/where to store arbitrary key-value pairs in Active Directory. Can it be used, in a pinch, as a data-store like that, assuming the number of such items would be in the dozens not in the thousands?
Is there a canonical place in the hierarchy to store them?
Is there any restriction on the character encoding or any restrictions on which characters can be used? Could value be a json string?
There is no canonical place to store arbitrary key-value pairs in Active Directory.
In fact the very idea goes against the fundamental design principle of LDAP/Active Directory, which requires every attribute to have a well-defined schema beforehand:
- a defined name
- a defined type
So no, there no canonical way to store any arbitrary domain-related data in Active Directory.
But you can hack it
Create a folder in AD; call it `KeyValueStore':
Into that folder add...something. For example an Contact, and you give it the name of the key you want to add:
and then you pick an attribute, like Description to give it the corresponding value:
And now you have your domain-wide, replicated, fault-tolerant, key-value store:
- How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
- unresolved external symbol IID_IADs?
- Web API 2 Controller isn't picking up IPrincipal.User.Identity.Name
- How to get all groups that a user is a member of?
- Why am I getting 'System.__ComObject' from my LDAP property?
- PowerShell Find Members of Two Specific AD Groups
- C# Cannot connect to AD using LDAPS
- Get users that are 'memberof' a group
- Login failed for user identified principal
- How to make requests to local-hosted Azure Devops Server pats API?
- Powershell Foreach Get-ADGroupMember on Array of Group Names Not Returning Consistent Results
- Execute a RESTAPI request from Powershell using the credentials of the user logged into the windows machine(AD Credential's)
- How to automatically update data from outlook to sql using c#, When someone rejects my meeting request it should be updated to my database
- Is there a canonical place to store arbitrary key/value pairs in Active Directory
- Change Identity Source for Azure Accounts and Groups
- Is context need to be closed explicity in LDAP connection pooling
- Keycloak adapter not able retrieve current username from windows AD logged-in user
- Reset Active Directory password using Python and ldap3
- Get user's non-truncated Active Directory groups from command line
- Import Data issue from CSV to AD
- Renaming Azure Active Directory
- Enumerate all users including SIDs
- PowerShell Out-GridView result
- How to get list of Active Directory group names beginning with "ABC_" in PowerShell?
- Web-based LDAP Browser
- Django Auth LDAP - Direct Bind using sAMAccountName
- Gradle proxy configuration
- How do I retrieve domain user information from controller using WMI
- C# OpenLDAP Error: unicodePwd: attribute type undefined
- Why do POST requests not work using Spnego/Kerberos authentication with Spring Security Kerberos?