Recipe 10.2 Enabling Schema Updates

Previous page
Table of content
Next page

This is necessary only when the Schema FSMO role owner is running Windows 2000.

10.2.1 Problem

You want to enable schema modifications on the Schema FSMO. This is a necessary first step before you can extend the schema.

10.2.2 Solution

10.2.2.1 Using a graphical user interface

  1. Open the Active Directory Schema snap-in.

  2. Click on Active Directory Schema in the left pane.

  3. Right-click on Active Directory Schema and select Operations Master.

  4. Check the box beside Allow schema modifications.

  5. Click OK.
10.2.2.2 Using a command-line interface

To enable modifications to the schema, use the following command:

> reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /t[RETURN]  REG_DWORD /v "Schema Update Allowed" /d 1

To disable modifications to the schema, use the following command:

> reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /v[RETURN]  "Schema Update Allowed" /f
10.2.2.3 Using VBScript
' This code enables or disables schema mods on Schema FSMO. ' ------ SCRIPT CONFIGURATION ------ ' TRUE to enable schema mods and FALSE to disable  boolSetReg  = TRUE     ' Name of the Schema FSMO or "." to run locally strDC = "<SchemaFSMOName>"   ' ------ END CONFIGURATION --------- const HKEY_LOCAL_MACHINE = &H80000002 set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv") strKeyPath   = "System\CurrentControlSet\Services\NTDS\Parameters" strValueName = "Schema Update Allowed" if boolSetReg = TRUE then    strValue = 1    intRC = objReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath, _                                 strValueName,strValue)    if intRC > 0 then       WScript.Echo "Error occurred: " & intRC    else       WScript.Echo strValueName & " value set to " & strValue    end if else    intRC = objReg.DeleteValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName)    if intRC > 0 then       WScript.Echo "Error occurred: " & intRC    else       WScript.Echo strValueName & " value deleted"    end if end if

10.2.3 Discussion

When the Schema FSMO role owner is running Windows 2000, you must explicitly enable schema modifications on the server before extending the schema. To enable this, you need to create a key value called Schema Update Allowed with a value of 1 under the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

To disable schema modifications, set the value to 0 or delete it from the registry.

This is no longer necessary when the Schema FSMO owner is running Windows Server 2003. Microsoft removed this registry hack as a requirement for extending the schema.

10.2.4 See Also

MS KB 285172 (Schema Updates Require Write Access to Schema in Active Directory)


Previous page
Table of content
Next page
Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456
Authors: Laura E. Hunter, Robbie Allen
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Certified Ethical Hacker Exam Prep
Mapping Hacks: Tips & Tools for Electronic Cartography
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy