Home
Windows Server 2003 – Schema

Windows Server 2003 – Schema

July 18, 2001 No Comments w2k3

Introduction to Windows 2003’s Schema

The Windows Server 2003 Schema Snap-in is not available by default.  There lies a clue that ordinary administrators are not meant to change the Schema.  However, to complete your understanding of Active Directory take time to appreciate the object model that underpins Windows Server 2003.

Topics for Windows Server 2003 Schema

  ‡

What you need to know about the Schema

Object based Nature

It us useful to understand the nature of the Schema.  Active Directory is an object based system.  The schema keeps a list of the definitions for each object such as Computer or User.  The list is divided into Classes and Attributes and the Schema recycles attributes like location and applies an instance to the site, printer or computer object.

Flexible Master

The Schema is one of the five single master operations, this means that only one domain controller has a read / write copy of the schema.  Take the time to find out which machine hold the Schema Master role.  right-click the Schema Snap-in, select Operations Master from the short cut menu.

Modification by Exchange 2003 and Schema Admins

Exchange 2003 relies on Active Directory for definitions of the users mailboxes.  When you install Exchange 2003, firstly you have to be a member of the Schema Admin Global group; secondly Exchange extends the schema to include these extra attributes like mailbox server.  While it is possible to add attributes and classes yourself – resist.  Modifying the schema affects the entire forest and in my opinion should only be done by a developer when there is a clear business need.

Schema Admins Group

Please note that the Schema Admins group only appears in the root domain of any forest.  Naturally, the Administrator is a member of this group; as for other users you should only add user accounts on an ‘as needed’ basis, that is you have an architect who needs to make changes to the Active Directory Schema.

The only other scenario I can think of where you need to add members of this group is if you are delegating users to change the Schema Master FSMO role.

Role of the Global Catalog

The Global Catalog server keeps track of a subset of the most important attributes, and the Global Catalog replicates this information to other Global Catalog servers.  Be aware that you can add extra attributes to the list, for example, information on department could be replicated.  The benefit is you could search on department or any other attribute that you added.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v12 v12

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

Perhaps the NPM’s best feature is the way it suggests solutions to network problems.  Its second best feature is the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.

Download your free trial of SolarWinds Network Performance Monitor.

Major changes compared with Windows 2000

Deactivating attributes

Active Directory will not allow you to delete classes or attributes but you can deactivate them if you are sure they will not be needed.

Improved replication

In Windows Server 2003, only changes in attributes are replicated, the benefit is less replication traffic and less change of a conflict.

ADPREP

Active Directory preparation allows you to extend the schema ready for an installation of the NTDS.dit database files.  ADPREP uses /forestprep and /domainprep switches rather like Exchange 2000/3.

Getting Started

To make the Schema Snap-in appear, first you need to register a dll.:   Start, Run, regsvr32 schmmgmt.dll.   Next I add the Schema snap-in to my MMC.  Run, MMC if you need to create a blank shell for the snap-ins, then its File (Menu) Add/Remove Snap-in.Windows Server 2003 Schema Admin Explained

The schema shows all the Objects that exist in Active Directory.  Examples of Active Directory Schema Classes include: computer, printer and user

Each object has attributes e.g. CN = Common Name, Department, HomeDrive and USN.  From a design point of view, Microsoft implement ‘mix and match’.  Once a attribute like Location is created it can be matched with several objects e.g. Printer Object or Computer Object.  Finally, attributes have values which you set through interfaces like the Active Directory Users and Computers.

While knowledge of the object based systems builds a picture of Active Directory; there is practical value in understanding the role of the schema in Active Directory.  For instance, when you install Exchange 2000 you need to be member of the Schema Admins otherwise your install will fail.  You should also be aware that Exchange 2000 alters the schema so that 4 new Email tabs are added to users’ property tabs.

Inspecting the Schema Snap-in

Once you have registered the Active Directory Schema you can check out the Classes and Attributes; this will give you an idea of how objects like users are built up of attributes.  Do not worry about the X500 OID, but do inspect the Attributes Properties to see which are published in the Global Catalog.  The Global Catalog is a subset of the Schema containing the most useful attributes which are used in the Search menus.

In my opinion you should only create new Classes or even new Attributes if you are a developer.  One extra Class I have heard suggested is Laptop.  Personally I think that there enough user attributes, but someone suggested adding a Car with an Expense attribute.

Recommendations

  • Take the time to understand what the schema does for Active Directory.
  • Register the Schema snap-in
  • Find out which machine has the Schema Master Role.
  • Normally you will not need to alter the schema.  The only time the Schema is extended is when you install Active Directory aware programs like Exchange 2003.

Guy Recommends 3 Free Active Directory ToolsDownload Solarwinds Active Directory Administration Tool

SolarWinds have produced three Active Directory add-ons.  These free utilities have been approved by Microsoft, and will help to manage your domain by:

  1. Seeking and zapping unwanted user accounts.
  2. Finding inactive computers.
  3. Bulk-importing new users.  Give this AD utility a try, it’s free!

Download your FREE Active Directory administration tools.

 

If you like this page then please share it with your friends

 

More Windows Server 2003 topics:

Global Catalog Server   •Exchange Global Catalog Server  • Schema Admin

• FSMO Roles   • FSMO Advice   • FSMO Transfer  • FSMO Transfer Example

About The Author

Guy Thomas

Related Posts