1 / 21

Module 11: Preparing for Schema Modifications

Module 11: Preparing for Schema Modifications. Overview. The Active Directory Schema Schema Components Processes Which Modify the Schema Deciding When to Modify the Schema Implications of Schema Modification Modifying Schema Components Developing a Schema Modification Policy.

brock-allison
Download Presentation

Module 11: Preparing for Schema Modifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 11: Preparing for Schema Modifications

  2. Overview • The Active Directory Schema • Schema Components • Processes Which Modify the Schema • Deciding When to Modify the Schema • Implications of Schema Modification • Modifying Schema Components • Developing a Schema Modification Policy

  3. The Active Directory Schema • Stored in a Database File in Active Directory • Dynamically available • Dynamically updateable • Can use access control lists • Only One Schema for Entire Forest • Logically Stored As a Separate Naming Context • Physically Stored in Ntds.dit • Default Schema Created on First Domain Controller

  4. Users Groups Schema Components Create Objects (Common!) Classes Class Definition Object Name Object Identifier “May Contain” Attributes “Must Contain” Attributes Parent Classes Class Derived From Auxiliary Classes Create New: Computers, User Objects Values for Attributes Computers Attribute Definition Modify Schema (Rare!) Object Name Object Identifier Syntax Optional Range Limits User Attributes Create New: First name Last name Logon name Classes Class Attributes

  5. Processes Which Modify the Schema • Schema Modification Occurs When You • Use Active Directory Schema to create, modify, or deactivate classes or attributes • Write scripts to automate schema modification • Install software applications that add classes or attributes

  6. Deciding When to Modify the Schema • Modify the Schema When • No existing class meets your needs • An existing class needs more specific attributes • You need a set of unique attributes to apply across classes • Existing classes or attributes are no longer relevant

  7. Implications of Schema Modification • Write Conflict Prevention • Replication Latency and Recovery • Deciding Where to Create Class Definitions

  8. Write Conflict Prevention • Two Copies of the Schema Exist • Five Minute Delay Between Write and Replication • Old Schema Remains Until All Threads Terminate • First Domain Controller in the Forest Is Schema Operations Master • Schema Operations Master Not Enabled for Changes by Default

  9. Replication Latency and Recovery • Schema Changes Replicated to All Domain Controllers • Schema Replication Is Separate from Directory Replication • Time Delays Can Occur (Latency) • Failures Due to Latency Can Be Corrected (Recovery)

  10. Deciding Where to Create Class Definitions User User Class with Attribute Employee_ID • UserSales Subclass • Inherits Parent Attribute • Can Create New Attributes UserSales • UserSalesToys Subclass • Inherits Attributes of Both Parents • Can Create New Attributes Employee_ID Commission UserSalesToys Employee_ID Commission ProductList

  11. Modifying Schema Components • Obtaining and Extending Object Identifiers • Preparing the Schema Operations Master for Modification • Creating and Modifying Classes • Creating and Modifying Attributes • Indexing and Replicating Attributes • Deactivating a Class or an Attribute

  12. Obtaining and Extending Object Identifiers • Object Identifiers • Unique identifiers for classes and objects • Obtained from an ISO issuing authority • Extend to accommodate your enterprise • Object Identifier Format, 1.2.840.x.w.y.z • 1.2.840, issuing authority • x.w.y.z for extension

  13. Preparing the Schema Operations Master for Modification • Install Active Directory Schema in MMC • Verify Membership in the Schema Admins Group • Enable Write Access to the Schema Operations Master

  14. Creating and Modifying Classes • Create a New Class • Add new attributes to the schema • Add new classes to the schema • Add attributes to classes • Modify an Existing Class

  15. Creating and Modifying Attributes • Create a New Attribute • Modify an Existing Attribute

  16. name Properties General name Description: RDN Common Name: RDN X.500 OID: 1.2.840.113556.1.4.1 Syntax and Range Syntax: Unicode String Minimum: 1 Maximum: 255 This attribute is single-valued. Show objects of this class while browsing. Deactivate this attribute. Index this attribute in the Active Directory. Replicate this attribute to the Global Catalog. This is a system class, some edits are not allowed. Cancel Apply OK Indexing and Replicating Attributes

  17. Deactivating a Class or an Attribute • Classes and Attributes Are Not Deleted, but Deactivated • Deactivation of Classes and Attributes • Improves performance • Is easily reversible

  18. Developing a Schema Modification Policy • Thoroughly Plan and Prepare for Schema Modifications • Create an Experienced Committee Responsible for Schema Modification • Develop a Schema Modification Policy That Covers • Initiating schema modifications • Planning schema modifications • Modifying the schema

  19. Plan and Implement Schema Modification with Care Prevent Unnecessary Confusion Prevent Unauthorized Modifications Best Practices for Schema Modification

  20. Lab A: Modifying the Schema

  21. Review • The Active Directory Schema • Schema Components • Processes Which Modify the Schema • Deciding When to Make Schema Modifications • Implications of Schema Modification • Modifying Schema Components • Developing a Schema Modification Policy

More Related