Chapter 12. Designing and Implementing Schema Extensions

For Active Directory to hold any object, such as a user, it needs to know what the attributes and characteristics of that object are. In other words, it needs a blueprint for that object. The Active Directory schema is the blueprint for all classes, attributes, and syntaxes that can potentially be stored in Active Directory.

The default schema definition is defined in the %systemroot%\ntds\schema.ini file that also contains the initial structure for the ntds.dit (Active Directory database). This file contains plain ASCII text and can be viewed using Notepad or any text editor.

The following considerations should be kept in mind when you contemplate extending your schema:

  • Microsoft designed Active Directory to hold the most common objects and attributes you would require. Because they could never anticipate every class of object or every specific attribute (languages spoken, professional qualifications) that a company would need, Active Directory was designed to be extensible. After all, if these objects and properties are going to be in everyday use, the design shouldn't be taken lightly. Administrators need to be aware of the importance of the schema and how to extend it. Extending the schema is a useful and simple solution to a variety of problems and not being aware of this potential means that you will have a hard time identifying it as a solution to problems you might encounter.

  • Designing schema extensions is very important, ...

Get Active Directory, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.