Additional Account Info, including on Vista and higher

Posted on Updated on

 

The classic scenario, based on V1

Active Directory Users and Computers (ADUC) is a console to manage “real” Active Directory content, i.e. users, computers and the like. Starting from the Windows Server 2003 version of this console (which can also be run on Windows XP for example) you can “install” an add-on named Additional Account Info to this console, which can be effectively used if your Active Directory (AD) infrastructure runs WS03 or higher. Browse to a user object, double-click it (or right-click it and select Properties) and select the Additional Account Info tab. This tab is only available if you browse to the object, so it doesn’t work when you search for an object and then double-click it (or right-click it and select Properties). The add-on is part of the Account Lockout and Management Tools, which can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=18465. There is only 1 version (“1”, released in 2003), it’s in English and the package is named ALTools.exe (850 KB). The package contains a DLL that implements the add-on: AcctInfo.dll.

 

Figure 1

 

Figure 2

 

You should know this DLL is 32 bit code. It only pops up when the ADUC MMC snap-in (dsa.msc) runs in a 32 bit Microsoft Management Console (MMC). On 64 bit Windows you should pay attention to this. Also, you have to install AcctInfo.dll differently on 64 bit Windows:

  • Copy the DLL to the right folder:
    • 32 bit Windows: %windir%\system32 (or %windir%\System32 on Vista and later)
    • 64 bit Windows: %windir%\SysWOW64
  • Register the DLL:
    • 32 bit Windows: “regsvr32 %windir%\system32\AcctInfo.dll” (or “regsvr32 %windir%\System32\AcctInfo.dll”)
    • 64 bit Windows: “regsvr32 %windir%\SysWOW64\AcctInfo.dll”

 

Figure 3

 

On pre-Vista systems the usage of the add-on on 64 bit versions is typically not a problem, because when you start ADUC from the Administrative Tools or run dsa.msc directly, a 32 bit MMC is started by default. However, if you just run MMC (mmc.exe), a 64 bit MMC is started; if you add the ADUC snap-in from there you won’t see the Additional Account Info tab, even when browsing to a user… This is not some weird behavior. In fact you do run a 64 bit Windows, so launching MMC starts the 64 bit variant, as is the case with other applications (like Command Prompt (cmd.exe) for example). But when you “start” a file with the msc extension (or launch a shortcut based on this), a 32 bit MMC is started, because the msc extension is actually associated with the 32 bit MMC. Why? Because many add-ons were still 32 bit only, so although a 64 bit Windows is used, the msc extension was still associated with the 32 bit MMC by default because of backwards compatibility. The drawback was the inconsistency and confusion when a snap-in is loaded from an mmc.exe that was launched directly, because some add-ons seem to be missing then… Note: when you start the 32 bit version of mmc.exe explicitly, everything keeps working fine; only when you run mmc.exe without explicitly referring to the location would launch the 64 bit mmc.exe.

 

This changed starting from Vista. The msc extension is now associated with the 64 bit MMC, removing the inconsistency and confusion. But… although many add-ons were/are already available for 64 bit, not all of them were/are. And many people are not aware of the importance of the architecture type when using snap-ins like ADUC. In practice this all means that when you run MMC or dsa.msc (directly or through the default shortcut in Administrative Tools) on a system running Vista or later, a 64 bit MMC is started, the ADUC snap-in is loaded, but the Additional Account Info DLL isn’t of course. The only way to make all this still work is to explicitly call the 32 bit MMC and let MMC load the ADUC snap-in:

  • Run the 32 bit MMC explicitly: %windir%\SysWOW64\mmc.exe
  • Or refer to dsa.msc but pass a parameter to explicitly start it with the 32 bit MMC: dsa.msc -32

 

So, in a nutshell, if you want to run the Additional Account Info add-on on 64 bit Windows, you should make sure you’re doing everything in 32 bit mode. On pre-Vista this means you shouldn’t run the “default” mmc.exe and load ADUC from there. On Vista and later you should always explicitly refer to the 32 bit variant of MMC.

 

 

A new scenario, based on V2

As the titles of the previous and current sections have already stated, there are 2 versions of the Additional Account Info add-on. Version 2 though is not publicly available, well, at least not officially. You can ask Microsoft to provide it to you, but you need a support contract for that. I’m not sure if they only give it you when you experience some specific error. Anyway, it can be downloaded from http://www.activedir.org/ACCTINFO2_64BIT.zip too (the ZIP file includes the V2 DLL and a Word document with instructions). I’m not really sure if this is completely legal, as it could be you’re only allowed to run it when Microsoft explicitly gave it to you.

 

Anyway, what’s up with V2? First of all, it’s visible when you’ve searched for a user too. So this time you can see the extra information without actually browsing to the user object. Just search for the object in ADUC, double-click it and watch the additional account information!

Secondly, it’s 64 bit. This means you can only use it on 64 bit Windows. On pre-Vista systems this means you have to start mmc.exe (explicitly referring to the 64 bit version or just the default way, which launches the 64 bit version too) or refer to dsa.msc with a special parameter (“dsa.msc -64”). On systems running Vista or later, just start mmc.exe or dsa.msc the normal way or explicitly the 64 bit way (but not explicitly the 32 bit way of course). If you really, really want to have this information in the 32 bit version of MMC too, you can install both versions of the add-on for maximum usability (note the 32 bit version is the older one, so it won’t be completely consistent across the architecture). In normal cases though it’s best to only install V2 and use MMC and dsa.msc in the default way. Only when you still really need the 32 bit version (for example for compatibility with other add-ons) you should install V1 too (or only V1, depending on what you want).

 

Speaking of installation, this is how it works for V2:

  • Copy the DLL (ACCTINFO2.dll) to %windir%system32 (or %windir%\System32 on Vista and later)
  • Register the DLL: “regsvr32 %windir%\system32\ACCTINFO2.dll” (or “regsvr32 %windir%\System32\ACCTINFO2.dll”)
  • Register V2 for the right locale(s): read the next section to know how to do this

 

Figure 4

 

 

Some background information; finish the installation

V1 is a property page extension, while V2 is a so-called Display Specifier. Both are actually COM objects and they need to be registered (with regsvr32) before they can be used. Because V2 is a Display Specifier it also needs to be “registered” for a certain locale. For example, if you use ADUC in English, you should also register V2 for English (with language identifier 409); if you used ADUC in Dutch, registration should also occur for this language (with language identifier 413). Of course you can register for as many locales as you want.

 

Ok, so how do you do that? Well, open ADSI Edit, connect to the Configuration naming context (NC) and browse to CN=user-Display,CN=LOCALE,CN=DisplaySpecifiers,CN=Configuration,DC=ocean,DC=com with LOCALE to be replaced with the language identifier of your choice (without prefixing zeros; so for example 409, but not 0409). Right-click user-Display and choose to see the properties. In the Properties dialog box double-click the adminPropertyPages attribute. A new dialog box pops up, where you can edit the attribute, including adding a new entry. Add the entry “VALUE,{5969F63F-CACF-40bf-8891-CA580EB589E9}” (without the quotes), with VALUE a value not yet used by other entries. Perhaps it’s just best to choose the lowest free number. Apply. Do the same for other locales you would like to use the add-on for.

 

Figure 5

 

Figure 6

 

For completeness it’s worth mentioning {5969F63F-CACF-40bf-8891-CA580EB589E9} is the CLSID of the COM type implement by the DLL. The COM class is named “Additional Account Info V2” and the registry clearly shows this is an in-process COM object type implemented by ACCTINFO2.DLL, which is described as “Additional Account Info”. In the registry take a look at HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5969F63F-CACF-40BF-8891-CA580EB589E9}.

 

Figure 7

 

Figure 8

 

Figure 9

 

Every system you want to use the ADUC add-on on should have this COM object registered. The “locale Display Specifier registration” should only happen once for every domain. The V2 add-on will only be effectively used by the 64 bit MMC.

 

Oh yes, the V1 add-on is also described as “Additional Account Info” and is also an in-process COM object type named “Additional Account Info”. The CLSID is {667F54C7-5D60-4931-A2B5-0EE59AD6E3B9}, registered in the registry here: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667F54C7-5D60-4931-A2B5-0EE59AD6E3B9} (definitely the 64 bit location for CLSIDs).

 

Figure 10

 

Figure 11

 

Figure 12

 

Links:

 

 

I hope all this is very clear to you now? A lot of information on the web is incomplete, so I hope I’ve bundled everything together the way you want it.

 

 

Ciao,

Pedro

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s