10.2.1 ProblemYou want to enable schema modifications on the Schema FSMO. This is a necessary first step before you can extend the schema. 10.2.2 Solution10.2.2.1 Using a graphical user interface
10.2.2.2 Using a command-line interfaceTo enable modifications to the schema, use the following command: > reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /t[RETURN] REG_DWORD /v "Schema Update Allowed" /d 1 To disable modifications to the schema, use the following command: > reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /v[RETURN] "Schema Update Allowed" /f 10.2.2.3 Using VBScript' This code enables or disables schema mods on Schema FSMO. ' ------ SCRIPT CONFIGURATION ------ ' TRUE to enable schema mods and FALSE to disable boolSetReg = TRUE ' Name of the Schema FSMO or "." to run locally strDC = "<SchemaFSMOName>" ' ------ END CONFIGURATION --------- const HKEY_LOCAL_MACHINE = &H80000002 set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv") strKeyPath = "System\CurrentControlSet\Services\NTDS\Parameters" strValueName = "Schema Update Allowed" if boolSetReg = TRUE then strValue = 1 intRC = objReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath, _ strValueName,strValue) if intRC > 0 then WScript.Echo "Error occurred: " & intRC else WScript.Echo strValueName & " value set to " & strValue end if else intRC = objReg.DeleteValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName) if intRC > 0 then WScript.Echo "Error occurred: " & intRC else WScript.Echo strValueName & " value deleted" end if end if 10.2.3 DiscussionWhen the Schema FSMO role owner is running Windows 2000, you must explicitly enable schema modifications on the server before extending the schema. To enable this, you need to create a key value called Schema Update Allowed with a value of 1 under the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters To disable schema modifications, set the value to 0 or delete it from the registry.
10.2.4 See AlsoMS KB 285172 (Schema Updates Require Write Access to Schema in Active Directory) |