Active Directory Schema – The Basics You Must Know

by

Sharath Reddy

Active Directory Schema refers to a formal set of definitions or rules that governs the structure of a database and the types of attributes and objects contained in it. In other words, an AD schema is something that consists of a comprehensive list of all attributes and classes in the forest. Basically, it keeps a track of all the classes, sub-classes, super-classes, class attributes, and complex object relationships. Note that the term \’super-classes\’ refer to the parent classes in the forest, while the term \’sub-classes\’ refer to the child classes that derive their attributes from their respective parent classes. Another thing you must remember is that every class in an Active Directory Database has a corresponding \’classSchema\’ object. Similarly, every object attribute contained in the AD database has a unique \’attributeSchema\’ object corresponding to it.

AD Schema Partitions

Another important concept is that of an Active Directory Schema Partition. All the AD objects are actually stored in the DIT (Directory Information Tree) that is further divided into three major partitions – Schema, Configuration, and Domain partitions. A \’Schema Partition\’ defines all those rules that are required for modification and creation of all objects contained in the forest. If this partition is replicated further to all the domain controllers of the forest, it is referred to as \’Enterprise Partition\’. Note that the AD information tree has all the information required to run and start the Active Directory Services.

AD Schema Containers

The AD schema partition has a special dMD (directory Management Domain) object, called the AD schema container, at its top. You can view this container using the ADSI (Active Directory Services Interface) edit utility or the MMC ADS console from your installation CDROM.

Active Directory Schema and System Attributes

As mentioned earlier, attributes and classes are contained in attributeSchema and classSchema objects respectively. The attributes of the attributeSchema offer all the required information about the attributes from a different AD object. Some of the mandatory attributes contained in this object include \’attributeID\’, \’attributeSyntax\’, \’cn\’, \’isSingleValued\’, \’ObjectClass\’, \’NTSecurityDescriptor\’, \’OMSyntax\’, \’SchemalDGUID\’, and \’LDAPDisplayName\’. Similarly, the mandatory attributes contained in the classSchema object include \’DefaultObjectCategory\’, \’cn\’, \’GovernsID\’, \’ObjectClassCategory\’, \’LDAPDisplayName\’, and \’NTSecurityDescriptor\’. The system attributes, which are mainly managed by the DSA (Directory System Agent), include \’systemAuxillaryClass\’, \’systemMayContain\’, \’systemMustContain\’, and \’systemPossSuperiors\’.

These are just the first few basics that you must know about an Active Directory Schema. There is a lot more to learn and explore on this subject. You may also keep yourself updated with the recent updates on AD services.

Go to Active Directory Schema to clarify all your doubts and get more detailed information and updates on this topic.

You may browse through Techyv.com – A free to use site with lots of technical Articles, Tips, Blogs, Questions, and Solutions related to IT software and hardware.

Article Source: http://EzineArticles.com/?expert=Sharath_ReddyArticle Source: http://EzineArticles.com/6383271

Article Source:

ArticleRich.com