When to Extend the Schema

  • Article

Modifying the schema is a major change, with implications throughout the directory. It is recommended that you modify the schema only when it is absolutely necessary. Many schema modifications cannot be reversed, so you must make sure that changes are planned and well thought out before they are implemented. Inconsistencies in the schema can cause significant problems that impair or disable Active Directory. These problems might or might not be evident immediately.

Planning for schema modification involves examining the default schema that comes with Active Directory to verify that there is no way to use the existing classes or attributes for your needs. It is then necessary to understand the types of modifications that can be made and, conversely, that cannot be changed. The following are the modifications that can be made to the schema:

  • Creating classes.

  • Modifying existing classes.

  • Creating attributes.

  • Modifying existing attributes.

  • Deactivating classes and attributes.

There are three ways to effectively add a new class:

  • Extending an existing class by adding attributes or additional possible parents.

  • Deriving a new subclass from an existing class. The subclass has all the attributes of the original class and any additional attributes that you specify.

  • Creating an entirely new class with any attributes that you want to assign.

You need to extend an existing class when the following conditions apply:

  • The existing class needs additional attributes but otherwise meets your needs. For example, you might want to add a purchasingLimit attribute to the User class and add it to the user object for people who are cost center managers and have purchasing authority.

  • You have no need to identify the extended class as a distinct class from the original class.

  • You want to use the existing Active Directory Users and Computers console in MMC to manage the extended attributes of the objects. This requires the addition of property pages to the set defined for the object you are extending.

Derive a subclass from an existing class when the following conditions apply:

  • The existing class needs additional attributes but otherwise meets your needs.

  • You want to identify the extended class as a distinct class from the original class.

  • You want to use the existing Active Directory Users and Computers console in MMC to manage the extended attributes of the objects.