IMPORTANT: This article contains information about modifying the Active Directory schema. If problems occur, a system backup, or reinstallation of your system, may be the only way to recover data.
CAUTION: You should use extreme caution when you make any changes to the Active Directory schema because the changes occur forest-wide, and you cannot remove objects and attributes that are added to the schema.
The extension or the modification of the Active Directory schema requires write access to the schema. This is enabled by means of the "Schema Update Allowed" registry key. Schema updates may be enabled by means of the Schema Management Console, or directly in the registry. The schema updates can only be enabled on the domain controller that holds the schema master role.
Schema updates may be enabled by means of the Schema Management Console or by editing the registry.
To Enable Schema Updates by Means of the Schema Management Console:
- At a command prompt, type:regsvr32 schmmgmt.dllNOTE: RegSvr32 has been successfully registered when a DllRegisterServer in schmmgmt.dll succeeded dialog box is displayed.
- Open a new management console by clicking Start, click Run, and then type:MMC
- On the Console menu, click Add/Remove Snap-in.
- Click Add to open the Add Standalone Snap-in dialog box.
- Click Active Directory Schema, and then click Add.
- "Active Directory Schema" is displayed in the Add/Remove snap-in. Click Close, and then click OK to return to the console.
- Click Active Directory Schema so that the Classes and Attributes sections are displayed on the right-hand side.
- Right-click Active Directory Schema and click Operations Master.
- Click to select the Schema may be modified on this Domain Controller check box. Click OK, and then exit the console.
To Enable Schema Updates by Means of the Registry:It is not recommended to enable schema updates by directly editing the "Schema Update Allowed" registry key. Schema updates should be enabled through the console method, whenever possible. If for some reason the console method cannot be used, the following registry key may be edited directly:
To directly edit this registry key, perform the following steps:
- Click Start, click Run, and then in the Open box, type:regedit
Then press ENTER.
- Locate and click the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
- On the Edit menu, click New, and then click DWORD Value.
- Enter the value data when the following registry value is displayed:Value Name: Schema Update Allowed
Data Type: REG_DWORD
Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.
- Quit Registry Editor.
More Information:Clicking to select the Schema may be modified on this Domain Controller check box in the console adds the "Schema Update Allowed" registry value if it is not present.
Clicking to clear the Schema may be modified on this Domain Controller check box sets the "Schema Update Allowed" registry value to zero, but it does not delete the value.
Further information about the Active Directory schema may be found in Chapter 4 of the Windows 2000 Server Distributed Systems Guide, which is part of the Windows 2000 Server Resource Kit.
Article ID: 285172 - Last Review: Dec 16, 2009 - Revision: 1