Editing the schema is a potentially dangerous activity—you need to know exactly what you're doing and why you're doing it. Before you begin making schema changes, be sure to back up the current AD database contents and schema (e.g., by using ntbackup.exe or a third-party utility's System State backup option on an up-to-date domain controller—DC).
To view the AD schema, use the Microsoft Management Console (MMC) Active Directory Schema snap-in, which you'll find among Win2K's Support Tools. (You can install these tools from the Win2K CD-ROM's \support folder.) To use this snap-in, you need to manually register the snap-in by selecting Start, Run (or entering a command-prompt session) and typing
regsvr32 schmmgmt.dll
After you do so, you'll receive a message stating that the OS successfully registered the .dll file. You can now load and use the Active Directory Schema snap-in through the MMC utility (i.e., mmc.exe). For example, you can open an MMC session and choose Add/Remove Snap-in from the Console menu, then select Active Directory Schema from the Add Standalone Snap-in dialog box.
To modify the AD schema, you need to use a different utility: the MMC ADSI Edit snap-in. ADSI Edit is essentially a low-level AD editor that lets you view, change, and delete AD objects and object attributes. In terms of usefulness and potential danger, ADSI Edit is to AD what regedit or regedt32 is to the system registry.
To use the ADSI Edit utility to make schema modifications, you need to be a member of the Schema Admins group. (The Schema Admins group is a universal group in native-mode Win2K domains, and it's a global group in mixed-mode Win2K domains.) To use the snap-in, first register the associated adsiedit.dll file. At the command line, type the following instruction:
regsrv32 adsiedit.dll
The ADSI Edit snap-in will be available from the MMC's Console/Add/Remove snap-in menu, as Figure 1 shows. You can now use the ADSI Edit console to make changes to AD objects and attributes.
|
|
|
|
|
|
|
|