The Active Directory Users and Computers console has a nice feature that allows you to copy a user account. This is especially helpful in situations where you want to create a “template” user account that contains mandatory information shared by all of your users. When you attempt to copy a user account, you’ll notice that not all of the fields are included in the copy process. This is by design.
For instance, if you want to include additional attributes in the copy process, you’ll need to modify the searchFlags
attribute. You’ll need to use the ADSI Edit utility. In addition, you can only modify this setting for attributes that are members of the User Class. If you attempt to do this using the Active Directory Schema, the option to do so is unavailable, even if you log in as a member of the Schema Admins group.
Here’s how to do it:
- Log in as a Schema Admin.
- Start ADSI Edit.
- Connect to the Schema naming context on the server that is the schema master.
- Browse through the containers, right-click the attribute you want to modify, and then click Properties.
- In the Schema attribute editor properties dialog box, select the
searchFlags
value in Select a property to view, and then edit the value as an integer. - If there is an existing value and you want to enable the option to copy an attribute, add 16. For instance, if there is a value of “5” present, add 16 so the new value is 21.
Here is some more information you can reference regarding the searchFlags
attribute: