Extending AD Schema

Extending the schema of the Active Directory (AD) is a treacherous thing because the results are irreversible. But if you run a shop that's going to use the AD in its enterprise applications, you need to store information in the AD that isn't accommodated by default (e.g., an employee's role in a company-wide committee). If you don't have a logical place to store your user- or application-level data in the AD, you must add an attribute or object to the schema. Microsoft provides a wealth of information in the Windows 2000 online documentation, on the Microsoft Developer Network (MSDN) and on the Win2K site. Microsoft cautions you to do some initial research before you make changes to the AD. In fact, Microsoft provides a lengthy checklist in the online documentation that details what you need to do before you extend the schema.

When you're ready to extend the schema, two tools are available in Win2K:

  • Active Directory Service Interfaces (ADSI) Edit—This tool lets you edit the AD. Be aware that this tool is very difficult to use: You need to be an expert in ADSI, Lightweight Directory Access Protocol (LDAP), and the AD or you'll create a disaster that might include the destruction of the AD Directory Service (DS).
  • The AD Schema Editor—This tool lets you examine the AD without having to modify or add to it.

The AD Schema Editor is a Microsoft Management Console (MMC) snap-in that doesn't install by default with Win2K Server. You must manually register the AD Schema Editor to make it appear in your list of MMC snap-ins. To register the tool, run regsvr32 on the DLL (schmmgmt.dll) from the command prompt.

When you've successfully registered the tool,

  1. Choose Start, Run; type mmc /a, then click OK.
  2. From the Console menu, click Add/Remove Snap-in, then click Add.
  3. Under Snap-in, double-click Active Directory Schema, then click Close.
  4. Click OK.
  5. To save this console, click Save on the Console menu.

You'll default to the Administrative Tools folder. Save your snap-in in that location, and it will appear under the Start, Programs, Administrative Tools menu.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.