Common Default Attributes Set for Active Directory and Global Catalog


The Windows 2000 schema contains a large number of object attributes that administrators can use. The attributes typically required by Windows 2000 are enabled by default when the first domain controller is installed; a number of these attributes are used by both Active Directory and the global catalog (GC). These attributes have the Index this attribute in the Active Directory and Replicate this attribute to the Global Catalog options selected in their properties.

You can change both the number of attributes selected and which specific attributes are used by using the Active Directory Schema snap-in in Microsoft Management Console (MMC). However, in most cases, there is no need to modify any of these attributes. Carefully consider any changes to these default settings before making changes.

NOTE: You should make changes or additions to the schema only after careful consideration and planning. After you make additions, you can only disable them (you cannot delete them). Additional attributes may increase the time required for their replication.

For additional information about modifying the schema, click the article number below to view the article in the Microsoft Knowledge Base:

216060 Registry Modification Required to Allow Writing to Schema

More Information

The following attributes are enabled in both Active Directory and GC by default.

alt-Security-Identities Unicode String Alt-Security-Identities
common-Name Unicode String Common-Name
display-Name Unicode String Display-Name
given-Name Unicode String Given-Name
group-Type Integer Group-Type
keywords Unicode String Keywords
lUnicode String Locality-Name
lDAP-Display-Name Unicode String LDAP-Display-Name
legacy-Exchange-DN Unicode String Legacy-Exchange-DN
location Unicode String Location
mailUnicode String E-mail-Addresses
mSMQ-Digests Octet String MSMQ-Digests
mSMQ-Label Case Insensitive String MSMQ-Label
mSMQ-Owner-ID Octet String MSMQ-Owner-ID
mSMQ-Queue-Type Octet String MSMQ-Queue-Type
mS-SQL-Alias Unicode string MS-SQL-Alias
mS-SQL-Database Unicode string MS-SQL-Database
mS-SQL-Name Unicode string MS-SQL-Name
mS-SQL-Version Unicode string MS-SQL-Version
name Unicode string RDN
netboot-GUID Octet string Netboot-GUID
object-Category Distinguished Name Object-Category
object-Guid Octet string Object-Guid
object-Sid SIDObject-Sid
organizational-Unit-Name Unicode string Organizational-Unit-Name
primary-Group-ID Integer Primary-Group-ID
sAM-Account-Name Unicode string SAM-Account-Name
sAM-Account-Type IntegerSAM-Account-Type
service-Principal-Name Unicode string Service-Principal-Name
sID-History SID SID-History
surname Unicode string Surname
uNC-Name Unicode string UNC-Name
user-Account-Control Integer User-Account-Control
user-Principal-Name Unicode string User-Principal-Name
uSN-Changed Larger Integer USN-Changed
uSN-Created Larger Integer USN-Created

The following attributes also have their flags set for Ambiguous Name Resolution (ANR):

ANR is a search algorithm implemented by Windows 2000 Active Directory for easier searching. Selected attributes are defined by the schema as being indexed for ANR. For additional information about ANR, click the article number below to view the article in the Microsoft Knowledge Base:

243299 Ambiguous Name Resolution for LDAP in Windows 2000
NOTE: Locality-Name is shown as "l" in the schema attribute list. RDN is shown as "name" in the schema attribute list. E-mail-Address is shown as "mail" in the schema attribute list.

Номер статьи: 257203 — последний просмотр: 28 февр. 2007 г. — редакция: 1

Отзывы и предложения