Before you start thinking of changing the schema, you need to consider not just the namespace, but also the data your Active Directory will hold. After all, if you know your data, you can decide what changes you want to make and whom those changes might impact.
No matter how you migrated to Active Directory, at some point you’ll need to determine exactly what data you will add or migrate for the objects you create. Will you use the physicalDeliveryOfficeName attribute of the user object? What about the telephonePager attribute? Do you want to merge the internal staff office location list and telephone database during the migration? What if you really need also to know what languages each of your staff speaks or qualifications they hold? What about their shoe size, their shirt size, number of children, and whether they like animals? The point is that some of these already exist in the Active Directory schema and some don’t. At some point you need to design the actual data that you want to include.
Let’s consider MyUnixCorp, a large fictional
organization that for many years has run perfectly well on a large
mainframe system. The system is unusual in that the login process has
been completely replaced in-house with a two-tier password system. A
additional-passwd maintains a list of usernames and their second Unix password in an encrypted format. Your design for the migration for MyUnixCorp’s system has to take account of ...