Loading...
 

ActiveDirectory Schema Notes

Lessons in extending the AD Schema

General info

  • Making Schema changes

Domain and Forest need to be in Win2k3 functional mode to make certain schema changes (defunct, rename)
Domain is done in AD Users & Computers
Forest is done in AD Domains & Trusts (context menu at very top of tree)

  • Fixing attribute errors

In Win2k3 you can rename attriibutes and recreate them. The process is something like

    • Using ADSIEdit, Rename:
      • ldapdisplayname
      • name
      • adminDescription
      • adminDisplayName
      • cn
    • Set attribute as not active (defunct)

LDIF formats

  • Attribute format (LDIF)

dn: CN=ets-dbLink-ID,CN=Schema,CN=Configuration,DC=etsextdev,DC=org

changetype: add

adminDescription: dbLink-ID

adminDisplayName: ets-dbLink-ID

attributeID: 1.2.840.113556.1.8000.866.2.142

attributeSyntax: 2.5.5.12

cn: ets-dbLink-ID

description: ets-dbLink-ID

isMemberOfPartialAttributeSet: FALSE

isSingleValued: TRUE

lDAPDisplayName: etsdbLinkID

distinguishedName: CN=ets-dbLink-ID,CN=Schema,CN=Configuration,DC=etsextdev,DC=org

objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=etsextdev,DC=org

objectClass: attributeSchema

oMSyntax: 64

name: ets-dbLink-ID

searchFlags:0

dn: CN=ets-PS-ID,CN=Schema,CN=Configuration,DC=etsextdev,DC=org

...

  • Modify format (LDIF)

DN:

changetype: modify

add: schemaUpdateNow

schemaUpdateNow: 1

- (note: the last hyphen is important)

  • Create Class format (LDIF)

dn: CN=ets-inetUser,CN=Schema,CN=Configuration,DC=etsextDev,DC=org

changetype: add

adminDescription: inetUser

adminDisplayName: ets-inetUser

cn: ets-inetUser

defaultObjectCategory: CN=ets-inetUser,CN=Schema,CN=Configuration,DC=etsextDev,DC=org

governsID: 1.2.840.113556.1.8000.866.1.104

lDAPDisplayName: etsinetUser

mayContain: etsChallengeQuestionIDList

mayContain: etsChallengeQuestionHistory

mayContain: etschallengeQuestionAnswerList

mayContain: etschallengeQuestionAttempts

maycontain: etsdbLinkID

mayContain: etsPSID

distinguishedName: CN=ets-inetUserUser,CN=Schema,CN=Configuration,DC=etsextDev,DC=org

objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=etsextDev,DC=org

objectClass: classSchema

objectClassCategory: 3

name: ets-inetUser

rDNAttID: cn

subClassOf: top

  • Adding auxiliary classes to existing classes (LDIF)

DN: CN=User,CN=Schema,CN=Configuration,DC=etsextdev,DC=org

changetype: modify

add: auxiliaryClass

auxiliaryClass: etstestUser

-


Created by gmartin. Last Modification: Wednesday 22 of December, 2004 15:20:17 EST by gmartin.