Recipe 10.2 Enabling Schema Updates
|
This is necessary only when the Schema FSMO role owner is running
Windows 2000.
|
|
10.2.1 Problem
You want to enable schema
modifications on the Schema FSMO. This is a necessary first step
before you can extend the schema.
10.2.2 Solution
10.2.2.1 Using a graphical user interface
Open the Active Directory Schema snap-in. Click on Active Directory Schema in the left pane. Right-click on Active Directory Schema and select Operations Master. Check the box beside Allow schema
modifications. Click OK.
10.2.2.2 Using a command-line interface
To enable modifications to the schema, use the following command:
> reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /t[RETURN]
REG_DWORD /v "Schema Update Allowed" /d 1
To disable modifications to the schema, use the following command:
> reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters /v[RETURN]
"Schema Update Allowed" /f
10.2.2.3 Using VBScript
' This code enables or disables schema mods on Schema FSMO.
' ------ SCRIPT CONFIGURATION ------
' TRUE to enable schema mods and FALSE to disable
boolSetReg = TRUE
' Name of the Schema FSMO or "." to run locally
strDC = "<SchemaFSMOName>"
' ------ END CONFIGURATION ---------
const HKEY_LOCAL_MACHINE = &H80000002
set objReg = GetObject("winmgmts:\\" & strDC & "\root\default:StdRegProv")
strKeyPath = "System\CurrentControlSet\Services\NTDS\Parameters"
strValueName = "Schema Update Allowed"
if boolSetReg = TRUE then
strValue = 1
intRC = objReg.SetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath, _
strValueName,strValue)
if intRC > 0 then
WScript.Echo "Error occurred: " & intRC
else
WScript.Echo strValueName & " value set to " & strValue
end if
else
intRC = objReg.DeleteValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName)
if intRC > 0 then
WScript.Echo "Error occurred: " & intRC
else
WScript.Echo strValueName & " value deleted"
end if
end if
10.2.3 Discussion
When the Schema FSMO role owner is running Windows 2000, you must
explicitly enable schema modifications on the server before extending
the schema. To enable this, you need to create a key value
called Schema
Update Allowed with a value of
1 under the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
To disable schema modifications, set the value to 0 or delete it from
the registry.
|
This is no longer necessary when the Schema FSMO owner is running
Windows Server 2003. Microsoft removed this registry hack as a
requirement for extending the schema.
|
|
10.2.4 See Also
MS KB 285172 (Schema Updates Require Write Access to Schema in Active
Directory)
|