Microsoft KB Archive/285172

= Schema Updates Require Write Access to Schema in Active Directory =

Article ID: 285172

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q285172



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
This article discusses schema updates.

IMPORTANT: This article contains information about modifying the Active Directory schema. If problems occur, a system backup, or reinstallation of your system, may be the only way to recover data.

CAUTION: You should use extreme caution when you make any changes to the Active Directory schema because the changes occur forest-wide, and you cannot remove objects and attributes that are added to the schema.

The extension or the modification of the Active Directory schema requires write access to the schema. This is enabled by means of the &quot;Schema Update Allowed&quot; registry key. Schema updates may be enabled by means of the Schema Management Console, or directly in the registry. The schema updates can only be enabled on the domain controller that holds the schema master role.



MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Schema updates may be enabled by means of the Schema Management Console or by editing the registry.

To Enable Schema Updates by Means of the Schema Management Console:
 At a command prompt, type:

regsvr32 schmmgmt.dll

NOTE: RegSvr32 has been successfully registered when a DllRegisterServer in schmmgmt.dll succeeded dialog box is displayed. Open a new management console by clicking Start, click Run, and then type:

MMC

 On the Console menu, click Add/Remove Snap-in. Click Add to open the Add Standalone Snap-in dialog box. Click Active Directory Schema, and then click Add. &quot;Active Directory Schema&quot; is displayed in the Add/Remove snap-in. Click Close, and then click OK to return to the console.</li> Click Active Directory Schema so that the Classes and Attributes sections are displayed on the right-hand side.</li> Right-click Active Directory Schema and click Operations Master.</li> Click to select the Schema may be modified on this Domain Controller check box. Click OK, and then exit the console.</li></ol>

The schema may now be updated on the domain controller that holds the schema operations master role.

To Enable Schema Updates by Means of the Registry:
It is not recommended to enable schema updates by directly editing the &quot;Schema Update Allowed&quot; registry key. Schema updates should be enabled through the console method, whenever possible. If for some reason the console method cannot be used, the following registry key may be edited directly:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

To directly edit this registry key, perform the following steps: <ol> Click Start, click Run, and then in the Open box, type:

regedit

Then press ENTER.</li> Locate and click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

</li> On the Edit menu, click New, and then click DWORD Value.</li> Enter the value data when the following registry value is displayed:

Value Name: Schema Update Allowed

Data Type: REG_DWORD

Base: Binary

Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.

</li> Quit Registry Editor.</li></ol>

The schema may now be updated on the domain controller that holds the schema operations master role.

More Information:
Clicking to select the Schema may be modified on this Domain Controller check box in the console adds the &quot;Schema Update Allowed&quot; registry value if it is not present.

Clicking to clear the Schema may be modified on this Domain Controller check box sets the &quot;Schema Update Allowed&quot; registry value to zero, but it does not delete the value.

Further information about the Active Directory schema may be found in Chapter 4 of the Windows 2000 Server Distributed Systems Guide, which is part of the Windows 2000 Server Resource Kit.

Keywords: kbenv kbinfo kbregistry kbschema KB285172

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.