Chapter 10. Schema

Introduction

The Active Directory schema contains the blueprint for how objects are structured and secured, what data they can contain, and even how they can be viewed. Having a thorough understanding of the schema is paramount for any Active Directory administrator. Understanding key concepts, such as class inheritance, class types, attribute syntax, and attribute indexing options, is critical to being able to adequately design an Active Directory infrastructure and should be considered mandatory for any developer that is writing applications or automation scripts that utilize Active Directory.

If you are one of the lucky few who is designated as a schema administrator (i.e., member of the Schema Admins group), then the importance of the schema is already well known to you. This chapter serves a guide to accomplishing many of the day-to-day tasks you will need to do as a schema administrator. If you feel you need more nuts and bolts information on how the schema works, I suggest reading Chapter 4 of Active Directory, Second Edition (O’Reilly).

The Anatomy of Schema Objects

An interesting feature of Active Directory that is not common among other LDAP implementations is that the schema is stored within Active Directory as a set of objects. This means that you can use similar interfaces and programs to manage the schema as you would any other type of object.

All schema objects are stored in the Schema container (e.g., cn=schema,cn=configuration,<ForestRootDN>). The ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.