10.2. Enabling Schema Updates

Tip

This is necessary only when the Schema FSMO role owner is running Windows 2000.

Problem

You want to enable schema modifications on the Schema FSMO. This is a necessary first step before you can extend the schema.

Solution

Using a graphical user interface

  1. Open the Active Directory Schema snap-in.

  2. Click on Active Directory Schema in the left pane.

  3. Right-click on Active Directory Schema and select Operations Master.

  4. Check the box beside Allow schema modifications.

  5. Click OK.

Using a command-line interface

To enable modifications to the schema, use the following command:

> reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /t[RETURN] 
REG_DWORD /v "Schema Update Allowed" /d 1

To disable modifications to the schema, use the following command:

> reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /v[RETURN] 
"Schema Update Allowed" /f

Using VBScript

' This code enables or disables schema mods on Schema FSMO.
' ------ SCRIPT CONFIGURATION ------
' TRUE to enable schema mods and FALSE to disable 
boolSetReg  = TRUE    

' Name of the Schema FSMO or "." to run locally
strDC = "<SchemaFSMOName>" ' ------ END CONFIGURATION --------- const HKEY_LOCAL_MACHINE = &H80000002 set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv") strKeyPath = "System\CurrentControlSet\Services\NTDS\Parameters" strValueName = "Schema Update Allowed" if boolSetReg = TRUE then strValue = 1 intRC = objReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath, ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.