Back up the am_remote_ad_schema.ldif file.
After you have unzipped opensso_enterprise_80.zip, this file is available in the following directory:
zip-root/opensso/ldif
In the am_remote_ad_schema.ldif file, replace @ROOT_SUFFIX@ with the root suffix of your Active Directory installation.
Using Active Directory tools (or another tool of your choice), load the am_remote_ad_schema.ldif file from the previous step into Active Directory.
Log in to the OpenSSO Administration Console. In the data store configuration page's LDAP User Attributes field, add the attribute names defined in the above LDIF file.
If you are writing your own service with dynamic user attributes, the service.ldif file for Active Directory must NOT have the following lines:
dn: CN=User,CN=Schema,CN=Configuration,ROOT_SUFFIX changetype: modify add: auxiliaryClass auxiliaryClass: yourClassname
Otherwise, OpenSSO Enterprise will not be able to assign the service's object class name to the user's object class attribute.