Enabling Schema Changes at the Schema Master
By default, schema modification is disabled on all Windows 2000 domain controllers. The ability to update the schema is controlled by the following registry value on the schema master domain controller:
HKEY_LOCAL_MACHINE
System
CurrentControlSet
Services
NTDS
Parameters
Schema Update Allowed
This registry value is a REG_DWORD value. If this value is not present or contains zero (0), then schema modification is disabled. If this value is present and contains a value other than zero, then schema modification is enabled.
The Schema Manager MMC snap-in provides the user with the ability to manually enable or disable schema modification. Schema modification can be enabled or disabled programmatically by modifying this registry value on the schema master domain controller.
The following C++ function shows how to determine if the schema can be modified on a specified schema master.
HRESULT IsSchemaUpdateEnabled(
LPTSTR pszSchemaMasterComputerName,
BOOL *pfEnabled)
{
*pfEnabled = FALSE;
LPTSTR szPrefix = "\\\\";
LPTSTR pszPath = new TCHAR[lstrlen(szPrefix) +
lstrlen(pszSchemaMasterComputerName) + 1];
if(!pszPath)
{
return E_OUTOFMEMORY;
}
HRESULT hr = E_FAIL;
LONG lReturn;
HKEY hKeyMachine;
tcscpy_s(pszPath, szPrefix);
tcscat_s(pszPath, pszSchemaMasterComputerName);
lReturn = RegConnectRegistry(
pszPath,
HKEY_LOCAL_MACHINE,
&hKeyMachine);
delete [] pszPath;
if (ERROR_SUCCESS == lReturn)
{
HKEY hKeyParameters;
LPTSTR szKeyPath =
TEXT("System\\CurrentControlSet\\Services\\NTDS\\Parameters");
LPTSTR szValueName = TEXT("Schema Update Allowed");
lReturn = RegOpenKeyEx(
hKeyMachine,
szKeyPath,
0,
KEY_READ,
&hKeyParameters);
if (ERROR_SUCCESS == lReturn)
{
DWORD dwType;
DWORD dwValue;
DWORD dwSize;
dwSize = sizeof(dwValue);
lReturn = RegQueryValueEx(
hKeyParameters,
szValueName,
0,
&dwType,
(LPBYTE)&dwValue,
&dwSize);
if (ERROR_SUCCESS == lReturn)
{
*pfEnabled = (0 != dwValue);
hr = S_OK;
}
RegCloseKey(hKeyParameters);
}
RegCloseKey(hKeyMachine);
}
return hr;
}
The following C++ function shows how to enable or disable schema modification on a specified schema master.
HRESULT EnableSchemaUpdate(
LPTSTR pszSchemaMasterComputerName,
BOOL fEnabled)
{
LPTSTR szPrefix = "\\\\";
LPTSTR pszPath = new TCHAR[lstrlen(szPrefix) +
lstrlen(pszSchemaMasterComputerName) + 1];
if(!pszPath)
{
return E_OUTOFMEMORY;
}
HRESULT hr = E_FAIL;
LONG lReturn;
HKEY hKeyMachine;
strcpy_s(pszPath, szPrefix);
strcat_s(pszPath, pszSchemaMasterComputerName);
lReturn = RegConnectRegistry(
pszPath,
HKEY_LOCAL_MACHINE,
&hKeyMachine);
delete [] pszPath;
if (ERROR_SUCCESS == lReturn)
{
HKEY hKeyParameters;
LPTSTR szRelKeyPath =
TEXT("System\\CurrentControlSet\\Services\\NTDS\\Parameters");
LPTSTR szValueName = TEXT("Schema Update Allowed");
lReturn = RegOpenKeyEx(
hKeyMachine,
szRelKeyPath,
0,
KEY_SET_VALUE,
&hKeyParameters);
if (ERROR_SUCCESS == lReturn)
{
DWORD dwValue;
DWORD dwSize;
if(fEnabled)
{
dwValue = 1;
}
else
{
dwValue = 0;
}
dwSize = sizeof(dwValue);
lReturn = RegSetValueEx(
hKeyParameters,
szValueName,
0L,
REG_DWORD,
(LPBYTE)&dwValue,
dwSize);
if (ERROR_SUCCESS == lReturn)
{
hr = S_OK;
}
RegCloseKey(hKeyParameters);
}
RegCloseKey(hKeyMachine);
}
return hr;
}