Schema Management Tasks
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
| Task | Permissions Required to Perform Task |
|---|---|
Enable Schema modification on a DC in the enterprise |
This permission is not needed in Windows Server 2003. In the Microsoft® Windows® 2000 operating system, WP is needed on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters to modify the Schema Update Allowed entry |
Change the current Schema Master |
Extended Right Change-Schema-Master on cn=Schema, cn=Configuration, dc=<ForestRootDomain> |
Add a Class definition in the Schema |
CC on cn=Schema, cn=Configuration, dc=<ForestRootDomain> (to create objects of class Class-Schema) |
Add an Attribute definition in the Schema |
CC on cn=Schema, cn=Configuration, dc=<ForestRootDomain> (to create objects of class Attribute-Schema) |
Modify a Class definition in the Schema |
WP on the corresponding classSchema object under cn=Schema, cn=Configuration, dc=<ForestRootDomain> |
Modify an Attribute definition in the Schema |
The corresponding attributeSchema object under cn=Schema, cn=Configuration, dc=<ForestRootDomain> is modified |
Update the Schema cache on demand |
WP on the rootDSE object to add and modify the schemaUpdateNow attribute to the object (and set its value equal to 1) Extended Right Update-Schema-Cache on cn=Schema, cn=Configuration, dc=<ForestRootDomain> or on the NTDS-Settings object cn=NTDSSettings, cn =<ServerName>, cn=Servers, cn=<SiteName>, cn=Sites, cn=Configuration, dc=<ForestRootDomain> where <ServerName> is the name of the Domain Controller where the operation is being performed |
Deactivate a Schema Class object / Resurrect a deactivated Schema Class object |
WP on cn=<Class>, cn=Schema, cn=Configuration, dc=<ForestRootDomain> where <Class> is the classSchema object for the class being deactivated/resurrected to modify the isdefunct attribute |
Deactivate an Attribute Class object / Resurrect a deactivated Schema Attribute object |
WP on cn=<Attribute>, cn=Schema, cn=Configuration, dc=<ForestRootDomain> where <Attribute> is the attributeSchema object for the attribute being deactivated/resurrected to modify the isdefunct attribute |
Make an attribute indexed |
WP on the corresponding attributeSchema object cn=<Attribute>, cn=Schema, cn=Configuration, dc=<ForestRootDomain> to modify the searchFlags attribute |
Add attributes to the ANR Set |
WP on the corresponding attributeSchema object cn=<attributeSchema>,cn=Schema, cn=Configuration, dc=<ForestRootDomain> to modify the searchFlags attribute |
Designate an attribute as a member of the partial attribute-set that is replicated to the Global Catalog |
WP on the corresponding attributeSchema object cn=<Attribute>, cn=Schema, cn=Configuration, dc=<ForestRootDomain> to modify the isMemberOfPartialAttributeSet attribute |
Remove an attribute from the partial attribute-set that is replicated to the Global Catalog |
WP on the corresponding attributeSchema object cn=<Attribute>, cn=Schema, cn=Configuration, dc=<ForestRootDomain> to modify the isMemberOfPartialAttributeSet attribute |