Re: AD Schema extension and ACLing
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Mon, 11 Sep 2006 20:08:27 +0100
LDIFDE in export mode (default) will produce an LDIF file for you. It's a
bit stupid and dumps a couple of constructed or system-only attributes that
need to be excluded, e.g. whenChanged, but otherwise works fine.
If you have some schema extensions and want an LDIF file of those, there's
also the schema analyser tool that ships with ADAM SP1 (R2).
An example can be found here:
--
http://www.microsoft.com/technet/itsolutions/network/wifi/vista_ad_ext.mspx
Basically, you have something like this:
dn: cn=new-attr,cn=schema,cn=configuration,dc=domain-name,dc=com
changeType: ntdsSchemaAdd
objectClass: attributeSchema
ldapDisplayName: newAttribute
attributeId: <ID goes here>
attributeSyntax: 2.5.5.3
omSyntax: 27
isSingleValued: TRUE
# reload the cache
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
# class
dn: cn=new-class,cn=schema,cn=configuration,dc=domain-name,dc=com
changeType: ntdsSchemaAdd
objectClass: attributeSchema
ldapDisplayName: newClass
governsId: <ID goes here>
objectClassCategory: 3
rDNAttID: cn
mayContain: newAttribute
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Follow-Ups:
- Re: AD Schema extension and ACLing
- From: Brad Turner [MIIS MVP]
- Re: AD Schema extension and ACLing
- References:
- AD Schema extension and ACLing
- From: Brad Turner [MIIS MVP]
- AD Schema extension and ACLing
- Prev by Date: UPN Suffix & Bad Password Logons
- Next by Date: Re: AD Design
- Previous by thread: AD Schema extension and ACLing
- Next by thread: Re: AD Schema extension and ACLing
- Index(es):
Relevant Pages
|
Loading
