Q. When I copy a user account, not all the attributes in the source account are copied to the destination account?

When you right-click a user account in Active Directory Users and Computers and press Copy, only the most commonly used attributes, such as logon hours, workstation restrictions, and account expiration restrictions are transferred to the destination user by default.

You can cause an attribute to be transferred by modifying the schema:

1. Logon to the Schema FSMO domain controller as a Schema Administrator. Microsoft recommends that you do NOT transfer the FSMO role to accomplish this.

2. Run Adsiedit.msc.

3. Navigate to the Schema object and expand it to see the entire DN of the Schema container.

4. Select the Schema container and right-click the user attribute you want to be copied. (in the right hand pane).

5. Press Properties.

6. On the Attribute Editor tab, select searchFlags and press Edit.

7. In the Integer Attribute Editor dialog, modify the Value so that the 5th bit (representing 16) is turned on, per the following:

  1 = Index over attribute only

  2 = Index over container and attribute

  4 = Add this attribute to the ambiguous name resolution (ANR) set (should be used in conjunction with 1)

  8 = Preserve this attribute on logical deletion (that is, make this attribute available on tombstones)

 16 = Include this attribute when copying a user object

 32 = Create a Tuple index for the attribute to improve medial searches

 64 = Reserved for future use; value should be 0.

128 = Available in Windows Server 2003 Service Pack 1 (SP1) only. 
      Mark the attribute confidential (CONTROL_ACCESS is required to read it).
8. Press OK, Apply, and OK.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish