Windows Server 2003 - Schema Explained

Windows Server 2003 - Schema

OpusFlow Exchange
Group Calendar

Introduction to Windows 2003's Schema

The Windows Server 2003 Schema Snap-in is not available by default. There lies a clue that ordinary administrators are not meant to change the Schema. However, to complete your understanding of Active Directory take time to appreciate the object model that underpins Windows Server 2003.

What you need to know about the Schema.

Object based Nature

It us useful to understand the nature of the Schema. Active Directory is an object based system. The schema keeps a list of the definitions for each object such as Computer or User. The list is divided into Classes and Attributes and the Schema recycles attributes like location and applies an instance to the site, printer or computer object.

Flexible Master

The Schema is one of the five single master operations, this means that only one domain controller has a read / write copy of the schema. Take the time to find out which machine hold the Schema Master role. Right Click the Schema Snap-in, select Operations Master from the short cut menu.

Active Directory Training. As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training. In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Active Directory or go for a combination of modules. See more about Active Directory training

Modification by Exchange 2003 and Schema Admins

Exchange 2003 relies on Active Directory for definitions of the users mailboxes. When you install Exchange 2003, firstly you have to be a member of the Schema Admin Global group; secondly Exchange extends the schema to include these extra attributes like mailbox server. While it is possible to add attributes and classes yourself - resist. Modifying the schema affects the entire forest and in my opinion should only be done by a developer when there is a clear business need.

Role of the Global Catalog

The Global Catalog server keeps track of a subset of the most important attributes, and the Global Catalog replicates this information to other Global Catalog servers. Be aware that you can add extra attributes to the list, for example, information on department could be replicated. The benefit is you could search on department or any other attribute that you added.

Major changes compared with Windows 2000

Deactivating attributes

Active Directory will not allow you to delete classes or attributes but you can deactivate them if you are sure they will not be needed.

Improved replication

In Windows Server 2003, only changes in attributes are replicated, the benefit is less replication traffic and less change of a conflict.

▫

ADPREP

Active Directory preparation allows you to extend the schema ready for an installation of the NTDS.dit database files. ADPREP uses /forestprep and /domainprep switches rather like Exchange 2000/3.

Getting Started

To make the Schema Snap-in appear, first you need to register a dll.: Start, Run, regsvr32 schmmgmt.dll. Next I add the Schema snap-in to my MMC. Run, MMC if you need to create a blank shell for the snap-ins, then its File (Menu) Add/Remove Snap-in.

The schema shows all the Objects that exist in Active Directory. Examples of Active Directory Schema Classes include: computer, printer and user

Each object has attributes e.g. CN = Common Name, Department, HomeDrive and USN. From a design point of view, Microsoft implement 'mix and match'. Once a attribute like Location is created it can be matched with several objects e.g. Printer Object or Computer Object. Finally, attributes have values which you set through interfaces like the Active Directory Users and Computers.

While knowledge of the object based systems builds a picture of Active Directory; there is practical value in understanding the role of the schema in Active Directory. For instance, when you install Exchange 2000 you need to be member of the Schema Admins otherwise your install will fail. You should also be aware that Exchange 2000 alters the schema so that 4 new Email tabs are added to users' property tabs.

Inspecting the Schema Snap-in

Once you have registered the Active Directory Schema you can check out the Classes and Attributes; this will give you an idea of how objects like users are built up of attributes. Do not worry about the X500 OID, but do inspect the Attributes Properties to see which are published in the Global Catalog. The Global Catalog is a subset of the Schema containing the most useful attributes which are used in the Search menus.

In my opinion you should only create new Classes or even new Attributes if you are a developer. One extra Class I have heard suggested is Laptop. Personally I think that there enough user attributes, but someone suggested adding a Car with an Expense attribute.

Recommendations

Take the time to understand what the schema does for Active Directory.
Register the Schema snap-in
Find out which machine has the Schema Master Role.
Normally you will not need to alter the schema. The only time the Schema is extended is when you install Active Directory aware programs like Exchange 2003.

Is Your Server Running Slowly? Check with SolarWinds ipMonitor

Analyze your network with ipMonitor. Get a free evaluation copy, and monitor the performance of the servers on your network. Free Download of SolarWinds ipMonitor

Download your Active Directory 2003 eBook for only $5.25

The extra features you get in your eBook include: lots of examples on 'How to ...'. New pages with deployment recommendations. Detailed instructions and screen shots showing the menus to configure.

Go for offline convenience and get a printable version with copy enabled and no expiry date. Released October 2003. Check out the features.