Microsoft KB Archive/216060

From BetaArchive Wiki
Knowledge Base


Registry modification required to allow write operations to schema

Article ID: 216060

Article Last Modified on 10/26/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server



This article was previously published under Q216060

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SUMMARY

By default, Microsoft Windows 2000 domain controllers permit only read access to the schema. This article describes how to edit the registry on a Windows 2000 domain controller to permit write operations to the schema.

If you attempt to add attributes to the schema before you make the registry change that is described in this article, you may receive the following error message:

The change was rejected by the directory service.

Note Even though the Active Directory is based on a multi-master administrative model, some operations allow only a single master. Schema management is one of these operations. Only one domain controller at a time is permitted to write to the schema. This role is known as Schema Flexible Single Master Operations (FSMO). You must ensure that the Active Directory Schema Manager snap-in is pointed at the schema FSMO. If you have only a single Windows 2000 domain controller in your network, it is always the schema FSMO.

MORE INFORMATION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Management of the Active Directory schema is not expected to be a frequently performed task and care must be exercised when modifying the schema. Microsoft Windows 2000 has a new administrative group called Schema Administrators. Management of the schema is restricted to members of the Schema Administrators group.

A registry modification to allow write operations to the schema is necessary before a Schema Administrator can create and modify classes and attributes using the Active Directory Schema Manager snap-in.

To modify the registry to allow write operations to the schema, create a new REG_DWORD value named "Schema Update Allowed" with a data value of "1" in the following registry key:

HKEY LOCAL MACHINE\System\CurrentControlSet\Services\NTDS\Parameters


It is not necessary to reboot the computer. The Active Directory service automatically detects the change. To disable schema updates on this domain controller, change the data value to "0".

Keywords: kbproductlink kbenv kbhowto KB216060