I wonder why this information is sort of scattered all over, I eventually got it together and did not have to do a zillion scripts to do it. I will focus on LDS because, I generally do not recommend extending your AD schema, although one may do it for a custom application, same principle applies as below.
Install AD LDS on a server TLKServer1 via Roles and Features. Follow this article. Create an LDS instance e.g TLK1, remember the account you specify as the Admin account of the LDS so you use that for the extension. Create a partition e.g TLKLDS1
Register the Schema snap in see this article.
By default, the Active Directory Schema MMC snap-in is not registered on domain controllers or machines with the Remote Server Administration Tools (RSAT) installed. To use the snap-in for the first time on a new machine, you’ll need to register the DLL. To do this, follow the steps below:
1. Open an elevated command prompt
2. Run the following command: regsvr32 schmmgmt.dll
3. You should receive a success message:
Once you have registered the snap-in, you can add it to an MMC by following these steps:
1. Open a new MMC Console (Start>Run>mmc)
2. In the MMC Console, go to File>Add/Remove Snap-in
3. Add the Active Directory Schema snap-in as shown below:
Once you click OK, you’ll be able to access the snap-in through the MMC Console.
By default, you will be connected to the Domain schema. To connect to LDS schema, in the MMC Right click on the domain and click change domain controller. Type in TLKServer:389
Generate an Object identifier, use this script.
Copy the script to a file call it “oid.vbs”
From command prompt run “cscript oid.vbs”. A base oid number is generated. Store that number. For each attribute you create add a number e.g if “1111234” is generated for your attribute number one enter 1111234.1 for the X500 OID
Add the attributes you want, the common name, Ldapdisplayname, Unique X500 Object ID and syntax should match exactly what you want. You only get one chance, no reversal once done.
Go to class, select the target object, e.g user, select attributes tab, in the optional section click add and select the attributes you just added. You have to add then one at a time so “select all” option. When done click apply and ok.
On the LDS server, go to services and restart the LDS instance. If AD schema restart Domain service on DC.
tlktechidentitythoughts 