Adding an Employee ID Number to Active Directory
The Active Directory database contains two fields that can be used to store an employee ID number:
- EmployeeID
- EmployeeNumber
Neither field is used for anything currently, and neither one shows up in Active Directory Users & Computers or Active Directory Administrative Center by default. ADUC can be modified to display one or both of the two available fields (See here for example), but I don’t think ADAC can.
I created a simple PowerShell Script for the help desk to use to update this field. It accepts two parameters: 1) a username and 2) an employee ID number. If either is omitted, it will prompt the user to enter it.
# Param specifies the command-line parameters. The first
# parameter is the username. The second is the employee ID.
# The HelpMessage property contains text to be displayed
# if the user types !? at the prompt.
# The ValidateLength attribute specifies a minimum and max
# length for the EID parameter.
Param(
[Parameter(
Mandatory=$true,
HelpMessage="Enter a complete Username."
)][string]$Identity,
[Parameter(
Mandatory=$true,
HelpMessage="Enter a 7-digit employee ID number."
)][ValidateLength(7,7)][string]$EID
)
# Loads the AD PowerShell module.
if (-not(Get-Module ActiveDirectory)) `
{Import-Module ActiveDirectory}
# Set the EmployeeID property if the user object exists.
If(Get-ADUser -Identity $Identity) {
Set-ADUser -Identity $Identity -Server MyDC `
-EmployeeID $EID
Get-ADUser -Identity $Identity -Server MyDC `
-Properties EmployeeID | Format-List `
UserPrincipalName, EmployeeID
}
|
Be careful with the employeeID and employeeNumber properties. They aren’t displayed anywhere by default, but they’re not hidden either. Anyone with access via LDAP, ADUC, etc., can see these values. Don’t use them to store social security numbers or other sensitive information.