Extending the Active Directory Schema

  • Article

 

Microsoft Corporation

April 2001

Summary: When needed to meet your needs, extending the Windows 2000 Active Directory Schema is encouraged as long as you follow normal planning and testing criteria. This article includes guidelines for using the schema and steps to creating a shippable schema. (3 printed pages)

Companies should download the Server Specification (W2KappSpecVer13.exe), which includes Datacenter additions, from Certified for Windows Program Downloads. To register a schema naming prefix or access other services, go to the Active Directory Naming Registration Site.

The Server Specification documentation can also be browsed in the MSDN Library.

Contents

Introduction Best Practices Shipping Schema Extensions with Your Application Additional Information

Introduction

The Active Directory™ schema has a wealth of classes and attributes defined in it that can be used by application developers to build directory-enabled applications. When these definitions are not sufficient to fill your needs, the schema may be extended. There has been a lot of discussion about this being forbidden or dangerous. Neither is true. It is encouraged as long as you adhere to the normal planning and testing guidelines that you would follow with any project.

Best Practices

The schema is neither a database nor a file system. Don't treat it as such. It is better to place references in the directory that point to other data stores than to use the directory for something for which it was not designed. The following is a list of guidelines for using the schema:

  • Only define globally interesting, relatively static information in the schema.
  • Objects defined in the schema should not be created very often or modified frequently.
  • Objects should have a long life.
  • Use twice the maximum replication frequency when determining longevity or frequency.
  • Class 88 classes should not be defined in the schema. This will cause problems with ADSI applications.
  • Test your application in a private forest and with other applications before deploying.
  • The schema upgrade must be separate from the application installation.
  • Resist adding attributes to the Global Catalog. This will cause a full GC sync that will affect network performance.

Shipping Schema Extensions with Your Application

If you want to ship extensions with your application, there are some caveats you should be aware of. You will have to create a separate install for the schema extensions and your application. If your application is installed on a separate server from the one where the schema was extended, be aware that the schema on the server may not have been updated due to replication latency.

Steps to Creating a Shippable Schema

  1. Use a registered prefix and base OID for each class and attribute.
  2. Create a unique schemaIDGuid for each class and attribute. The system will create one for you if it is not defined. You may then export each schemaIDGuid to use in your schema definition.
  3. Create LDIF files for your schema installation.
  4. Use LDIFDE.exe to load your LDF files (included with Windows® 2000).
  5. Test your schema extensions on your local network.

Additional Information

For more information on the Active Directory schema and how to extend it, view the Active Directory Programmer's Guide and read the sections, "Active Directory Schema" and "Extending the Schema."