Active Directory Schema Update
Applies To: Windows Server 2003 R2
Updating the Active Directory schema is an irreversible operation that must be performed on the schema master. The adprep /forestprep command adds Windows Server 2003 R2 object classes and attributes to Active Directory so that they can be used by the operating system, server roles, and applications.
You must update the schema before you upgrade an existing domain controller to Windows Server 2003 R2 (using Winnt32.exe) or before you add the Active Directory domain controller role on a computer running Windows Server 2003 R2 by using the Active Directory Installation Wizard (Dcpromo.exe). You must extend the schema before you perform either of these actions for the first time in an existing forest.
Typically, schema updates are approached cautiously because they can only be reversed by a forest recovery. However, Windows Server 2003 R2 schema updates have been designed and tested for compatibility with Windows client, server, and domain controller roles. Adding the Windows Server 2003 R2 schema updates does not affect the compatibility of client or server operating systems that are deployed inside or outside the forest.
You should test the Windows Server 2003 R2 schema updates in a lab environment to ensure they will not conflict with any applications that run in your environment. There should not be any conflicts if your applications use RFC-compliant object and attribute definitions.
Adprep skips redundant updates. Conflicting updates, such as the introduction of duplicate object identifiers, cause Adprep to stop until the conflicts are reconciled by an administrator.
In Windows Server 2003 R2, three new features, and the domain controller server role if you are adding a Windows Server 2003 R2 domain controller to an existing forest, require that you extend the existing schema before you attempt to deploy them. The following table explains why each of these features requires a schema extension.
Note
Microsoft recommends that you add the Windows Server 2003 R2 schema updates to your existing Active Directory installation before you deploy computers running Windows Server 2003 R2, regardless of whether you plan to use these new Windows Server 2003 R2 features or not.
DFS Replication Service |
Requires that new object classes be added to the domain directory partition to contain replication groups and content sets. Also requires that new object classes be added to the computer object class in the domain directory partition to contain computer-specific settings to support Distributed File System (DFS) replication. |
Domain controller server role |
Requires new object classes be added to support objects that are defined for new features in Windows Server 2003 R2. |
Identity Management for UNIX |
Requires new object classes to represent items in a Network Information Service (NIS) map. |
The Deployed Printers functionality of the Print Management console |
Requires a new object class to contain information about printers so that their connections can be deployed through Group Policy. |
When you run adprep /forestprep to add the Windows Server 2003 R2 schema updates, you do not have to upgrade your existing domain controllers to Windows Server 2003 R2; they can continue to run Windows NT® Server 4.0, Windows® 2000 Server, or Windows Server 2003. Note, however, that Identity Management for UNIX must be installed on a Windows Server 2003 R2 domain controller. DFS Replication Service and Print Management Console can run on any computer that runs Windows Server 2003 R2.
The new object classes and attributes for the Windows Server 2003 R2 schema update are defined in a file named Sch31.ldf, which is located in the \cmpnents\R2\adprep folder on the Windows Server 2003 R2 Disc 2 (not in the \I386 folder of the Windows Server 2003 R2 Disc 1). You can view Windows Server 2003 R2 .ldf files in a text editor, but under no circumstances should their contents be modified. Modification of the .ldf files can cause irreversible changes and forest-wide failure. Use the Adprep command to make all schema updates. Do not use import tools such as LDIFDE to import the Windows Server 2003 R2 .ldf files.