I run a set of AD managed servers (both unix and Windows) and keep most of my users in the normal schema. My users (on the whole) use a wide array of laptops/desktops to connect to these servers in a multi-team office and many users have more than one laptop or use VMs within their laptop and so have more than one mac-address associated with them.
To ensure that security requirements are met, I currently manage a list of mac-addresses that are allowed to connect to this network (for a Cisco VMPS server). At present, this is purely a flat, annotated file but I'd like to move this information into AD if possible.
I had hoped there would be a way to add custom attributes to a user but cannot yet find one.
Right now I can see two possible approaches (both should ignore disabled users):
1. write a custom script for our VMPS server to query AD directly
2. write a sync script to query all objects within AD and regenerate the flat file on a periodic basis.
Without adding custom attributes, all I can see is to make use of the notes field parse multiple mac-addresses out of this section.
Is this the best approach?