How do I allow modifications to the schema?

A. The schema is extensible, which means that you can change it. However, modifying the schema is dangerous because doing so affects the entire domain forest. Microsoft doesn’t recommend schema modification.

If you insist on modifying the schema, you can use the GUI or edit the registry. To use the GUI, you must first register the .dll file for the Microsoft Management Console (MMC) snap-in. Go to a command prompt, and enter

regsvr32 schmmgmt.dll

Then, use the Microsoft Windows 2000 Resource Kit’s Tools console to start the Schema Manager. Alternatively, create a custom MMC to start the Schema Manager. Next, add the Active Directory Schema snap-in to the Schema Manager. (From the Start menu, select Run, and enter


From the Console menu, select Add/Remove Snap-in. Click Add, and select Active Directory Schema. Finally, click Add, Close, OK.)

  1. Start the MMC Active Directory Schema snap-in on the domain controller (DC).
  2. In the leftmost pane, right-click Active Directory Schema, and select Operations Master from the context menu.
  3. You’ll see the name of the machine that holds the domain name operations Flexible Single-Master Operation (FSMO) role, as the Screen shows.

  4. Click here to view image

  5. Select the checkbox labeled The Schema may be modified on this server.
  6. Click OK in the confirmation dialog box.

Another way to modify the schema is to edit the registry.

  1. Start regedit.
  2. Go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters registry entry.
  3. Double-click Schema Update Allowed (of type REG_DWORD).
  4. Set the value to 1.
  5. Click OK.
  6. Close the registry editor.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.