The Active Directory schema contains the blueprint for how objects are structured and secured, what data they can contain, and even how they can be viewed. Having a thorough understanding of the schema is paramount for any Active Directory administrator. Understanding key concepts, such as class inheritance, class types, attribute syntax, and attribute indexing options, is critical to being able to adequately design an Active Directory infrastructure and should be considered mandatory for any developer that is writing applications or automation scripts that utilize Active Directory.
If you are one of the lucky few who is designated as a schema
administrator (i.e., member of the
Admins group), then the importance of the schema
is already well known to you. This chapter serves a guide to
accomplishing many of the day-to-day tasks you will need to do as a
schema administrator. If you feel you need more nuts and bolts
information on how the schema works, I suggest reading Chapter 4 of
Active Directory, Second Edition
An interesting feature of Active Directory that is not common among other LDAP implementations is that the schema is stored within Active Directory as a set of objects. This means that you can use similar interfaces and programs to manage the schema as you would any other type of object.
All schema objects are stored in the
container (e.g., cn=schema,cn=configuration,
<ForestRootDN>). The ...