Extending the Schema

Extending the Schema


You want to extend the schema to support new classes and attributes in Active Directory.


Extending the schema is a straightforward process that consists of adding new classes or attributes, or modifying existing ones in the schema. While extending the schema is not hard, due to the sensitive nature of the schema, you should implement a schema extension process that thoroughly tests any extensions before you put them in your production forest. Here is a suggested summary of what your schema extension process should be:

  1. Meet with clients and determine if there is a business justification for integrating their application with Active Directory. Determine if there are any existing attributes that would fulfill the desired requirements.

  2. Examine the extensions and determine what impact, if any, they will have on your Active Directory environment (e.g., adding an attribute to the global catalog).

  3. Try out the extensions in a test environment. Observe any peculiarities.

  4. Document the extensions.

  5. Extend the schema in your production Active Directory.

For more information on defining a schema extension process, see Chapter 12 of Active Directory, Third Edition, by Joe Richards et al. (O'Reilly).


One thing to be cautious of when developing a schema extension process is not to make it an overly bureaucratic process that can require several weeks to complete. At the same time, you want to ensure that any schema changes that you make are well thought out, tested, and documented thoroughly to avoid encountering troubleshooting issues later. While some organizations may want to strictly limit schema extensions, there is nothing inherently bad about properly extending the schema; it is one of the core features and advantages over Active Directory's predecessor, Windows NT 4.0.

See Also

Recipe 11.8 for adding a new attribute, Recipe 11.10 for adding a new class, and MS KB 283791 (How to Modify Schema Information Using the Ldifde Utility)

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows