| Registry Tip #28: Active Directory Schema Update Allowed |
Hits: Failed to execute CGI : Win32 Error Code = 3
|
Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\NTDS\Parameters
Name: Schema Update Allowed
Type: REG_DWORD
Set the Schema Update Allowed value to 1 to allow write access to the schema.
To modify the schema, you must be logged on as a member of the Schema Administrators group. The other bit of info of interest is that the schema uses a floating single-master model. Active Directory uses a multiple-master system. This means that updates can occur simultaneously on multiple domain controllers and the changes will replicate across the domain. Schema modifications can not be performed simultaneously on multiple domain controllers. The update can be performed on any domain controller but when the schema is opened for update, the schema databases on the all the other domain controllers are set to read-only.
The biggest difficulty with Active DIrectory schema is that changes can not be undone. Microsoft in its Windows 2002 Server is supposed to introduce the ability to delete objects and attributes in the directory schema. The feature, Schema Delete, should be included in Windows 2002 when it ships early next year. Novell's eDirectory and IPlanet's Directory Server 5.0 already lets you delete schema.
|
|
|
|
Keywords: Windows NT 2000 Registry Tip, Windows NT 2000 Registry Tip, Schema Update Allowed, Schema Administrators, floating single-master active directory schema, ad, blueprint, objects, schema db, attributes, read-only, schema customization