Schema Updates Require Write Access to Schema in Active Directory
This article was previously published under Q285172
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses schema updates.
IMPORTANT: This article contains information about modifying the Active Directory schema. If problems occur, a system backup, or reinstallation of your system, may be the only way to recover data.
CAUTION: You should use extreme caution when you make any changes to the Active Directory schema because the changes occur forest-wide, and you cannot remove objects and attributes that are added to the schema.
The extension or the modification of the Active Directory schema requires write access to the schema. This is enabled by means of the "Schema Update Allowed" registry key. Schema updates may be enabled by means of the Schema Management Console, or directly in the registry. The schema updates can only be enabled on the domain controller that holds the schema master role.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
Schema updates may be enabled by means of the Schema Management Console or by editing the registry.
To Enable Schema Updates by Means of the Schema Management Console:
- At a command prompt, type:regsvr32 schmmgmt.dllNOTE: RegSvr32 has been successfully registered when a DllRegisterServer in schmmgmt.dll succeeded dialog box is displayed.
- Open a new management console by clicking Start, click Run, and then type:MMC
- On the Console menu, click Add/Remove Snap-in.
- Click Add to open the Add Standalone Snap-in dialog box.
- Click Active Directory Schema, and then click Add.
- "Active Directory Schema" is displayed in the Add/Remove snap-in. Click Close, and then click OK to return to the console.
- Click Active Directory Schema so that the Classes and Attributes sections are displayed on the right-hand side.
- Right-click Active Directory Schema and click Operations Master.
- Click to select the Schema may be modified on this Domain Controller check box. Click OK, and then exit the console.
To Enable Schema Updates by Means of the Registry:It is not recommended to enable schema updates by directly editing the "Schema Update Allowed" registry key. Schema updates should be enabled through the console method, whenever possible. If for some reason the console method cannot be used, the following registry key may be edited directly:
To directly edit this registry key, perform the following steps:
- Click Start, click Run, and then in the Open box, type:regedit
Then press ENTER.
- Locate and click the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
- On the Edit menu, click New, and then click DWORD Value.
- Enter the value data when the following registry value is displayed:Value Name: Schema Update Allowed
Data Type: REG_DWORD
Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.
- Quit Registry Editor.
More Information:Clicking to select the Schema may be modified on this Domain Controller check box in the console adds the "Schema Update Allowed" registry value if it is not present.
Clicking to clear the Schema may be modified on this Domain Controller check box sets the "Schema Update Allowed" registry value to zero, but it does not delete the value.
Further information about the Active Directory schema may be found in Chapter 4 of the Windows 2000 Server Distributed Systems Guide, which is part of the Windows 2000 Server Resource Kit.
Article ID: 285172 - Last Review: 12/05/2015 23:50:56 - Revision: 2.6
Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server
- kbnosurvey kbarchive kbenv kbinfo kbregistry kbschema KB285172