Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
System Center TechCenter
Click to Rate and Give Feedback
How to Extend the Active Directory Schema Using an LDIF File

Updated: December 1, 2008

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

You can use the LDIFDE command-line utility to import directory objects into Active Directory® Domain Services using LDAP Data Interchange Format (LDIF) files.

For greater visibility of the changes being made to the Active Directory schema than the ExtAdSch.exe utility provides, you can use the LDIFDE utility to import schema extension information using the ConfigMgr_ad_schema.ldf file is included on the Configuration Manager installation media in the .\SMSSETUP\BIN\i386 directory.

Extending the Active Directory Schema for Configuration Manager Using the LDIFDE Command Line Utility

The following procedure can be used to extend the Active Directory schema for Configuration Manager by importing schema extension information stored in the ConfigMgr_ad_schema.ldf file using the LDIFDE command line utility.

ImportantImportant
If the Active Directory schema has been previously extended for SMS 2003, use the second procedure in this topic before importing schema extension information using the LDIFDE command line utility.

To extend the Active Directory schema using the ConfigMgr_ad_schema.ldf file

  1. Create a backup of the schema master domain controller’s system state using the NTBACKUP utility.

  2. Disconnect the schema master domain controller from the network.

  3. Open the ConfigMgr_ad_schema.ldf file, located in the \SMSSETUP\BIN\I386 directory of the Configuration Manager 2007 installation files, and edit the file to define the Active Directory root domain to extend. All instances of the text DC=x in the file must be replaced with the full name of the domain to extend.

    For example, if the full name of the domain to extend is named widgets.microsoft.com, all instances of DC=x in the file should be changed to DC=widgets, DC=microsoft, DC=com.

  4. Use the LDIFDE command-line utility to import the contents of the ConfigMgr_ad_schema.ldf file into Active Directory Domain Services.

    For example, this command line will import the schema extensions into Active Directory Domain Services, turn on verbose logging, and create a log file during the import process:
    ldifde –i –f ConfigMgr_ad_schema.ldf –v –j <location to store log file>.

  5. To verify that the schema extension was successful, you can review the log file created by the command line used in step 3.

  6. If the extension procedure was successful, reconnect the schema master domain controller to the network and allow it to replicate the schema extensions to the global catalog servers throughout the Active Directory forest.

  7. If the schema extension procedure was not successful, restore the previous system state using the NTBACKUP utility to reverse the schema extension actions before reconnecting the schema master domain controller to the network.

    noteNote
    To restore the system state on a Microsoft Windows domain controller, the system must be restarted in Directory Services Restore Mode. For more information about Directory Services Restore Mode, see "Restart the domain controller in Directory Services Restore Mode locally" at http://go.microsoft.com/fwlink/?LinkId=75622.

Updating Previously Extended Active Directory Schema Extension Information

If the Active Directory schema was previously extended for SMS 2003 sites, you must modify the ConfigMgr_ad_schema.ldf file shipped with the Configuration Manager installation source files.

The modifications provided in this procedure will allow the following Configuration Manager management point object attributes to be added to the Active Directory schema successfully:

  • mSSMSCapabilities

  • mSSMSVersion

  • mSSMSSourceForest

noteNote
If the Active Directory schema was previously extended for SMS 2003, and the default ConfigMgr_ad_schema.ldf file was used to extend the Active Directory schema for Configuration Manager without these modifications, Configuration Manager 2007 client site assignment will fail. The Active Directory schema can be re-extended after modifying the ConfigMgr_ad_schema.ldf file to ensure all management point object attributes are added.

To upgrade existing SMS 2003 schema extensions using the ConfigMgr_ad_schema.ldf file

  1. In the ConfigMgr_ad_schema.ldf file supplied in the Configuration Manager installation source files, locate the section in the file beginning with the following text:

    # ---------------------------------------------------------------------
# This section updates an existing MS-SMS-Management-Point class
# by adding four new attributes to the class.  This section
# should always succeed whether the Schema is already extended for SMS 
# 2003 or if it is updated using this file.
# ---------------------------------------------------------------------

  2. Replace the following text from that section with the text provided in step 3 of this procedure.

    dn: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=x
changetype: modify
add: mayContain
mayContain: mSSMSCapabilities
mayContain: mSSMSVersion
mayContain: mSSMSSourceForest
mayContain: dNSHostName
-

dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-

  3. To allow the existing management point object information stored in the Active Directory schema to be extended for Configuration Manager, the following text should be used to overwrite the existing text in the ConfigMgr_ad_schema.ldf file that was shipped with the Configuration Manager installation source files and displayed in step 2 of this procedure:

    dn: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=x
changetype: modify
add: mayContain
mayContain: dNSHostName
-

dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-

dn: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=x
changetype: modify
add: mayContain
mayContain: mSSMSCapabilities
mayContain: mSSMSVersion
mayContain: mSSMSSourceForest
-

dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-

  4. Save the modified LDIF file and use it to update the existing SMS 2003 schema extensions using the LDIFDE utility.

    When you are using the modified LDIF file to extend the Active Directory schema, the –k command-line switch can be used to suppress Display Constraint Violation and Object Already Exists errors.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Community Content   What is Community Content?
Add new content RSS  Annotations
Other changes needed if schema has already been extended for SMS 2003      skippychop   |   Edit   |   Show History
If you've already extended the schema for SMS 2003, you also need to delete the whole "SMS Schema Attributes - Additions for SMS 2003 or SMS V4" section of the LDF file. There are 10 attributes there that all say "This attribute will fail to be added if the AD schema has already been extended for SMS 2003." in their comments. When ldifde processes any of these, it errors and stops.
Tags What's this?: Add a tag
Flag as ContentBug
© 2012 Microsoft. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker