Recipe 10.2 Enabling Schema Updates

This is necessary only when the Schema FSMO role owner is running Windows 2000.

10.2.1 Problem

You want to enable schema modifications on the Schema FSMO. This is a necessary first step before you can extend the schema.

10.2.2 Solution

10.2.2.1 Using a graphical user interface
  1. Open the Active Directory Schema snap-in.

  2. Click on Active Directory Schema in the left pane.

  3. Right-click on Active Directory Schema and select Operations Master.

  4. Check the box beside Allow schema modifications.

  5. Click OK.

10.2.2.2 Using a command-line interface

To enable modifications to the schema, use the following command:

> reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /t[RETURN]  REG_DWORD /v "Schema Update Allowed" /d 1

To disable modifications to the schema, use the following command:

> reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /v[RETURN]  "Schema Update Allowed" /f
10.2.2.3 Using VBScript
' This code enables or disables schema mods on Schema FSMO. ' ------ SCRIPT CONFIGURATION ------ ' TRUE to enable schema mods and FALSE to disable  boolSetReg  = TRUE     ' Name of the Schema FSMO or "." to run locally strDC = "<SchemaFSMOName>"   ' ------ END CONFIGURATION --------- const HKEY_LOCAL_MACHINE = &H80000002 set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv") strKeyPath   = "System\CurrentControlSet\Services\NTDS\Parameters" strValueName = "Schema Update Allowed" if boolSetReg = TRUE then    strValue = 1    intRC = objReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath, _                                 strValueName,strValue)    if intRC > 0 then       WScript.Echo "Error occurred: " & intRC    else       WScript.Echo strValueName & " value set to " & strValue    end if else    intRC = objReg.DeleteValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName)    if intRC > 0 then       WScript.Echo "Error occurred: " & intRC    else       WScript.Echo strValueName & " value deleted"    end if end if

10.2.3 Discussion

When the Schema FSMO role owner is running Windows 2000, you must explicitly enable schema modifications on the server before extending the schema. To enable this, you need to create a key value called Schema Update Allowed with a value of 1 under the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

To disable schema modifications, set the value to 0 or delete it from the registry.

This is no longer necessary when the Schema FSMO owner is running Windows Server 2003. Microsoft removed this registry hack as a requirement for extending the schema.

10.2.4 See Also

MS KB 285172 (Schema Updates Require Write Access to Schema in Active Directory)



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net