Microsoft KB Archive/248717

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 13:51, 21 July 2020 by X010 (talk | contribs) (Text replacement - """ to """)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

How to Modify Attributes That Replicate to the Global Catalog

Q248717


The information in this article applies to:


  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Active Directory Service Interfaces, versions 2.0, 2.5




SUMMARY

The Global Catalog (GC) contains a partial replica of every object in the enterprise. This article discusses how to manipulate the attributes which make up the set values replicated to the GC. Deciding which attributes will replicate (in addition to the default attributes) requires careful planning with consideration for network traffic and necessary disk space.



MORE INFORMATION

Before describing how to set an attribute to replicate in the GC, it is important to note the effects this has on network replication traffic.

After an attributeSchema object is created, marking an additional attribute to replicate to the GC causes a full replication (also known as a "full sync") of all objects to the GC as described below. This behavior occurs on the versions of Windows 2000 listed in this article.

Every server has a full and write-able copy of its own domain. If that server is also a GC, the remaining domains in the forest are held as read-only, partial copies. "Partial" means that only a subset of the attributes is kept.

When an attribute is added to the GC, it is added to the partial copy subset (partial attribute set). This causes the GC to perform a "full sync" of all the read-only copies again to repopulate itself with only the partial attributes that it needs to hold. This full sync occurs even if the attribute property isMemberOfPartialAttributeSet is set to "True." Thus, it only does a full sync on the read-only partial copy domains and not its own write-able domain, the configuration directory partition or schema directory partition.

Notes:

"Directory partition" has been previous referred to as "naming context." Removals from the GC are handled locally without replication.

In order to modify the attributes that replicate to the Active Directory GC, you must modify the schema. To modify the schema, an administrator must be made a member of the "Schema Admins" group. In addition to being a member of this group, a registry key must be set on the Schema master. For additional information about this process, click the article number below to view the article in the Microsoft Knowledge Base:

Q216060 Registry Modification Required to Allow Writing to Schema

This article also describes steps that are preformed in the Active Directory Schema Microsoft Management Console (MMC). You can acquire this snap-in through a full installation of the Windows 2000 Administration Tools or by registering Schmmgmt.dll in the system root on a Windows 2000 server.

To activate the Schema MMC snap-in follow these steps:

  1. Click Start, click Run, type mmc, and then click OK.
  2. On the MMC Console menu, click Add/Remove Snap-in....
  3. Click Add, and then click Active Directory Schema.
  4. Click Add, click Close, and then click OK.

You can also follow these steps to set the registry key discussed in the article mentioned above by way of the Schema MMC snap-in:

  1. Highlight Active Directory Schema
  2. Choose Action | Operations Master....
  3. Click to select the box titled The Schema may be modified on this Domain Controller.
  4. Click OK.

At this point, a Schema Administrator can add additional attributes to the GC. There are several methods to add additional attributes to the GC including the Schema MMC snap-in and ADSI scripts.

To Make Modifications Using Active Directory Schema MMC Snap-In

  1. Click the Attributes folder in the snap-in.
  2. In the right pane, scroll down to the desired attribute, right-click it, and then click Properties.
  3. Click to select the Replicate this attribute to the Global Catalog check box.
  4. Click OK.

If the above registry change is not made, the following error occurs when attempting to change the status of the replication to the GC:

Could not change whether this attribute should be replicated to the global catalog servers.

To Make Modifications Using ADSI Scripts

Active Directory Services Interfaces (ADSI) can make modifications to the schema through its Lightweight Directory Access Protocol (LDAP) provider. The code below determines the location of the schema, bind to the attribute in the schema, and make the necessary changes to force it to replicate to the GC. 

Const ADS_PROPERTY_CLEAR = 1
' Declarations are commented for use with VBScript
Dim oRootDSE 'As IADs
Dim oConn 'As ADODB.Connection
Dim oRecordset 'As ADODB.Recordset
Dim strAttribute 'As String
Dim strADsPath 'As String
Dim oAttribute 'As IADs
Dim bReplicate 'As Boolean

strAttribute = "Department"  'Replace with the name of the attribute to change replication
bReplicate = True            'Replicate to GC True/False

Set oConn = CreateObject("ADODB.Connection")
Set oRootDSE = GetObject("LDAP://RootDSE")

oConn.Provider = "ADsDSOObject"
oConn.Open "ADs Provider"

strQuery = "<LDAP://" & oRootDSE.Get("schemaNamingContext") & ">;(&(objectClass=attributeSchema)(cn=" & strAttribute & "));cn,adspath;subtree"
Set oRecordset = oConn.Execute(strQuery)
oRecordset.MoveFirst
strADsPath = oRecordset.Fields("ADsPath")  'store the path of the object in the schema

Set oAttribute = GetObject(strADsPath) 'Get the object in the schema
If bReplicate Then
  oAttribute.Put "isMemberOfPartialAttributeSet", True    'Set the property to true
Else
  oAttribute.PutEx ADS_PROPERTY_CLEAR, "isMemberOfPartialAttributeSet", 0   'Clear the property
End If

'Write to schema
oAttribute.SetInfo

'Clean Up
Set oAttribute = Nothing
Set oRootDSE = Nothing
oRecordset.Close
oConn.Close
Set oConn = Nothing
Set oRecordset = Nothing

If the above registry change is not made, the following error occurs when attempting to run the script:

Error -2147016651 (80072035): Automation error. The server is unwilling to process the request.



REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q232517 Global Catalog Attributes and Replication Properties

Q230663 How to Enumerate Attributes Replicated to the Global Catalog

For additional information about ADSI, see the following Microsoft Web site:

http://www.microsoft.com/adsi

Additional query words: "active directory", "global catalog", adsi, ldap

Keywords : kbADSI kbMsg kbVBp w2000gc
Issue type : kbhowto
Technology : kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Serv kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbAudDeveloper kbADSISearch kbWinAdvServSearch kbADSI200 kbADSI250


Last Reviewed: June 13, 2001
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.

Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/248717&oldid=376683
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki