Microsoft KB Archive/253834

From BetaArchive Wiki

XADM: Syntax of Active Directory Connector Schema Map Files

Q253834



The information in this article applies to:


  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server, version 5.5 SP3
  • Microsoft Windows 2000 Server





SUMMARY

This article provides information about the Active Directory Connector (ADC) schema map and the syntax of ADC schema map files.



MORE INFORMATION

The ADC schema map is stored in the Default ADC Policy entry in the configuration container of the Active Directory. This entry is located in the Active Directory at the following location:

CN=Default ADC Policy,CN=Active Directory Connections,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dcname

The schema map is actually comprised of two attributes: the msExchServer1SchemaMap represents mapping from Active Directory to Exchange Server 5.5, and the msExchServer2SchemaMap represents mapping from Exchange Server 5.5 to Active Directory.

These attributes are populated when you install the first ADC in a forest. Two files named Remote.map and Local.map store the information that is imported to the ADC schema map. These files are located on the Windows 2000 Server CD-ROM in the following folder:

Valueadd\Msft\Mgmt\Adc

The Remote.map file contains the values for the msExchServer1SchemaMap attribute, and the Local.map file contains the values for the msExchServer2SchemaMap attribute in the Default ADC Policy entry.

If you want to edit these files before you install the ADC, copy everything in the Valueadd\Msft\Mgmt\Adc folder on the Windows 2000 Server CD-ROM to a temporary folder, change the Remote.map and Local.map files as necessary, and then install the ADC from the temporary folder.

The ADC Setup program does not replace these attributes if the Default ADC Policy entry already exists. If you have already installed the ADC and you want to make changes to these files, you must delete all of the Connection Agreements, as well as the Default ADC Policy entry, before you run the ADC Setup program.

You can also replace the attributes by using a tool that loads a file into an attribute, such as the Ldifde tool, but first you need to encode the file in a Base64 format. For additional information about how to Base64 encode, click the article number below to view the article in the Microsoft Knowledge Base:

Q191239 Sample Base 64 Encoding and Decoding

For additional information about the ADC schema map, click the article number below to view the article in the Microsoft Knowledge Base:

Q253832 XADM: Description of the Active Directory Connector Schema Map

Syntax of Schema Map Files

The following is the syntax for each line in the schema map files:

comment#src-class#tgt-class#src-attr#tgt-attr#prefix#dn-syntax#flags# 

The following table contains definitions for the fields in the preceding example.


Field Definition
comment This field is ignored and can contain anything
src-class The source object class (optional)
tgt-class The target object class (optional)
src-attr The source attribute name
tgt-attr The target attribute name
prefix SMTP$ or X400$ (special case)
dn-syntax This is a Distinguished Name-linked attribute
flags Set of special flags


The first field in the schema map syntax is a comment and can be ignored.

The second and third fields are the source and target object class. You can omit these fields if you want the rule to apply to all entries, or you can specify both the source and target object class to which the rule applies. You cannot specify only the source object class or only the target object class. The following are three examples of schema map syntax for the source and target object class fields:

  • mycomment###... 

    This example is a rule that applies to all object classes.

  • mycomment#group$top#groupofnames$person$top 

    This example is a rule that applies when you want to replicate a group from Active Directory to a distribution list on the Exchange Server directory. To create the object-class format that the ADC uses, separate all values with a $.

  • mycomment#groupofnames$person$top#group$top#... 

    This example is the reverse of the replication in the second example. In this example the source is an Exchange Server distribution list and the target is an Active Directory group.

The source and target attribute name fields specify the Lightweight Directory Access Protocol (LDAP) name of the attribute. The following are three examples of schema map syntax for the source and target attribute name fields:

  • comment###title#title#... 

    This example is an attribute that applies to all object classes. In this example "title" does not apply to groups, but it also does not apply to distribution lists. In this case, you can add most of the attributes without any object-class specification.

  • comment###otherMailbox#ProxyAddresses#... 

    This example is one attribute that has a different name in the Active Directory and Exchange Server 5.5.

  • commentl#groupofnames$person$top#group$top#member#member#... 

    This example only applies when the ADC replicates a distribution list on Exchange Server to a group in the Active Directory, and this schema map syntax maps the member attribute between them. If you do not want the member attribute to be replicated between distribution lists and groups, remove this line from the file.

The prefix field is used only in one special case; do not use this field except as it is used in the following lines in the Local.map file:

local###mail#ProxyAddresses#SMTP$##120#
local###textEncodedORAddress#ProxyAddresses#X400$##120# 

This schema map syntax indicates that when the mail attribute on Exchange Server is replicated to the proxyAddresses attribute in the Active Directory, the attribute should be added with the "SMTP$" prefix.

The dn-syntax field indicates that the attribute that the ADC is replicating is a Distinguished Name (DN) linked attribute, and therefore the Distinguished Name must be resolved before the attribute is added. For example:

remote#...#...#manager#manager##DN#2# 

The flags field uses a set of flags that indicate how the ADC works in certain situations, or if the Active Directory Connector snap-in does or does not display each attribute. The following table contains these flags and a description of what each flag indicates.


Flag Description
0x0001 Map a multivalued attribute to a single valued attribute
0x0002 Lazy DN conversion
0x0004 Map single valued to multivalued
0x0008 Concatenate multivalued to single valued
0x0010 Disable replication
0x0020 Source attribute is an ADC internal attribute
0x0040 Target attribute is an ADC internal attribute
0x0100 Hide from the user interface (UI)
0x0200 Merge attribute into the target (instead of replace)
0x0400 DN attribute that can only be resolved if Exchange 2000 Server is installed


To combine flags, add the value of the flags and use the hexadecimal number that results (without "0x").

To best use these flags, observe the way that they are used in the Remote.map and Local.map files.

The following list provides explanations of the most important flags:

  • The lazy DN conversion flag (0x0002) causes the ADC to postpone the resolution of the attribute, so that resolution of the attribute is the last operation that the ADC performs before the ADC replicates the entry. This improves performance because all linked DNs are resolved at the end of the process with fewer searches to the directory service.
  • The disable replication flag (0x0010) has the same effect as removing the line from the file. The snap-in sets or resets this attribute every time that you unselect or select this attribute to be replicated.
  • The hide from the UI flag (0x0100) hides the attribute in the Microsoft Management Console (MMC) snap-in so that the attribute cannot be disabled or enabled.

When the ADC evaluates which rule to use to map an attribute, the ADC first tries to find a rule that is complete with object class. If the ADC finds such a rule, it uses that rule. If the ADC does not find such a rule, the ADC tries to find a generic rule (without an object class).


Validating Object-Class Matches

The schema map has a second purpose, which is to validate object-class matches. For example, if the ADC begins to map a distribution list to a user (which is invalid), the ADC searches the schema map to see if at least one rule is specified for that mapping. If a rule is specified, the mapping is considered a valid match; if no rules are specified, the mapping is invalid.

Additional query words:

Keywords : exc55sp3
Issue type : kbinfo
Technology : kbwin2kS kbwin2kSSearch


Last Reviewed: October 21, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.