A fascinating report we came across which includes several things to study on. You should definitely check it out and then determine what you think.
Objects are the major storage units within an active directory structure and the way are defined comes under active directory schema. Every time some modification is made to any of the active directory objects like users or computers, administrators query the AD schema for its correct definition. All objects are created and stored as per the schema definitions. Also, only those data types can be created or stored in the active directory structure which is defined in the schema.
Active directory schema modification or extension requires write access to the schema. Administrators can do so by enabling the registry key ?Schema Update Allowed?. Schema updates are enabled by two possible methods, firstly by suing the Schema Management Console and secondly, directly in the registry. However, updation is only possible in the domain controller which holds the schema master role.
Modification or updation of active directory schema should be done only on extreme cases as changes take place forest-wide. This means once the schema has been modified, the objects and attributes that get added to the schema cannot be removed. Another precaution that administrators must take is that is the schema is updated by editing the registry a backup of the registry must first be created in case the registry gets modified incorrectly.
Below mentioned are the steps to update active directory schema using both the Schema Management Console and editing the registry:
To Enable Schema Updates by Means of the Schema Management Console:
At a command prompt, type: regsvr32 schmmgmt.dll NOTE: RegSvr32 has been successfully registered when a DllRegisterServer in schmmgmt.dll succeeded dialog box is displayed.
2. Open a new management console by clicking Start, click Run, and then type: MMC
3. On the Console menu, click Add/Remove Snap-in.
4. Click Add to open the Add Standalone Snap-in dialog box.
5. Click Active Directory Schema, and then click Add.
6. “Active Directory Schema” is displayed in the Add/Remove snap-in. Click Close, and then click OK to return to the console.
7. Click Active Directory Schema so that the Classes and Attributes sections are displayed on the right-hand side.
8. Right-click Active Directory Schema and click Operations Master.
9. Click to select the Schema may be modified on this Domain Controller check box. Click OK, and then exit the console.
The schema is now open to be updated on the domain controller that holds the schema operations master role.
To Enable Schema Updates by Means of the Registry:
This method of enabling the schema updates directly by editing the registry key, ?Schema Update Allowed? is only recommended when the Schema Management Console cannot be used due to some reason. In normal conditions, the registry key should not be edited directly.
To directly edit registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters perform the following steps:
1. Click Start, click Run, and then in the Open box, type: regedit
2. Then press ENTER.
3. Locate and click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
4. On the Edit menu, click New, and then click DWORD Value.
5. Enter the value data when the following registry value is displayed:
a. Value Name: Schema Update Allowed
b. Data Type: REG_DWORD
c. Base: Binary
d. Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.
6. Quit Registry Editor.
The schema may now be updated on the domain controller that holds the schema operations master role.
Active directory schema updates must be performed cautiously because once done, they can only reversed by s forest recovery. Being an otherwise irreversible operation, it is performed on the schema master. However, active directory schema updation can also be achieved by using tool like Lepide Active Directory Management and Reporting software. The tool provides a centralized single platform to effectively manage network-wide organization units, groups, shares without facing any hassles.
The author is an AD administrator with more than decade of experience in working on Windows Server environment and has helped readers by writing different articles that acted like Active directory tutorial. In this article the author talks about Active Directory schema and the steps for updation of the AD schema structure.
I thought that was interesting. Feel free to leave your comments below.