Article ID: 257218
Article Last Modified on 2/28/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q257218
SUMMARY
The Windows 2000 schema contains a large number of object attributes that administrators can choose for use. The attributes normally required by Active Directory are enabled by default when the first domain controller is installed, and have the Index this attribute in the Active Directory check box selected in their properties.
You can use the Active Directory Schema snap-in in Microsoft Management Console (MMC) to select the number of attributes and the specific attributes you want. In most cases, however, there is no need to modify any of these attributes. Carefully consider any changes to these default settings before making the changes.
NOTE: You should make changes or additions to the schema only after careful consideration and planning. Once added, they cannot be deleted, only disabled. Adding additional attributes increases the time required for their replication. Carefully consider the net results of any changes.
For additional information about the schema, click the article number below to view the article in the Microsoft Knowledge Base:
216060 Registry Modification Required to Allow Writing to Schema
MORE INFORMATION
The following attributes are enabled by default in Active Directory:
| Name | Syntax | Description |
|---|---|---|
| alt-Security-Identities | Unicode String | Alt-Security-Identities |
| Birth-Location | Octet String | Birth-Location |
| cn | Unicode String | Common-Name |
| cOMClassID | Unicode String | COM-ClassID |
| dhcpType | Integer | dhcp-Type |
| display-Name | Unicode String | Display-Name |
| dnsRoot | unicode string | Dns-Root |
| dNSTombstoned | Boolean | DNS-Tombstoned |
| fileExtPriority | unicode string | File-Ext-Priority |
| flatName | Unicode string | Flat-Name |
| fSMORoleOwner | Distinguished Name | FSMO-Role-Owner |
| givenName | Unicode String | Given-Name |
| groupAttributes | Integer | Group-Attributes |
| groupType | Integer | Group-Type |
| implementedCategories | Octet String | Implemented-Categories |
| keywords | Unicode String | Keywords |
| l | Unicode String | Locality-Name |
| lDAPDisplayName | Unicode String | LDAP-Display-Name |
| legacyExchangeDN | Unicode String | Legacy-Exchange-DN |
| location | Unicode String | Location |
| Unicode String | E-mail-Addresses | |
| mS-DS-CreatorSID | SID | MS-DS-Creator-SID |
| mSMQDigests | Octet String | MSMQ-Digests |
| mSMQLabel | Case Insensitive String | MSMQ-Label |
| mSMQLabelEx | Case Insensitive String | MSMQ-Label |
| mSMQOwnerID | Octet String | MSMQ-Owner-ID |
| mSMQQueueType | Octet String | MSMQ-Queue-Type |
| mS-SQL-Alias | Unicode string | MS-SQL-Alias |
| mS-SQL-Database | Unicode string | MS-SQL-Database |
| mS-SQL-Name | Unicode string | MS-SQL-Name |
| mS-SQL-Version | Unicode string | MS-SQL-Version |
| name | Unicode string | RDN |
| nETBIOSName | Unicode string | NETBIOS-Name |
| netbootGUID | Octet string | Netboot-GUID |
| objectCategory | Distinguished Name | Object-Category |
| objectGUID | Octet string | Object-Guid |
| objectSid | SID | Object-Sid |
| oMTIndxGuid | Octet string | OMT-Indx-Guid |
| ou | Unicode string | Organizational-Unit-Name |
| packageFlags | Integer | Package-Flags |
| physicalDeliveryOfficeName | Unicode string | Physical-Delivery-Office-Name |
| physicalLocationObject | Distinguished Name | Physical-Location-Object |
| primaryGroupID | Integer | Primary-Group-ID |
| proxyAddresses | unicode string | Proxy-Addresses |
| requiredCategories | Octet string | Required-Categories |
| rpcNsInterfaceID | Unicode string | rpc-Ns-Interface-ID |
| rpcNsObjectID | Unicode string | rpc-Ns-Object-ID |
| rpcNsTransferSyntax | Unicode string | rpc-Ns-Transfer-Syntax |
| sAMAccountName | Unicode string | SAM-Account-Name |
| sAMAccountType | Integer | SAM-Account-Type |
| serviceClassName | Unicode string | Service-Class-Name |
| servicePrincipalName | Unicode string | Service-Principal-Name |
| showInAdvancedViewOnly | Boolean | Show-In-Advanced-View-Only |
| sIDHistory | SID | SID-History |
| sn | Unicode string | Surname |
| timeVolChange | Large Integer | Time-Vol-Change |
| trustPartner | Unicode string | Trust-Partner |
| uNCName | Unicode string | UNC-Name |
| userAccountControl | Integer | User-Account-Control |
| userPrincipalName | Unicode string | User-Principal-Name |
| uSNChanged | Larger Integer | USN-Changed |
| uSNCreated | Larger Integer | USN-Created |
| USNIntersite | Integer | USN-Intersite |
| volTableIdxGUID | Octet string | Vol-Table-Idx-GUID |
The following attributes also have their flags set for Ambiguous Name Resolution (ANR):
Display-Name
Given-Name
Legacy-Exchange-DN
Physical-Delivery-Office-Name
Proxy-Address
RDN
SAM-Account-Name
Surname
ANR is a search algorithm implemented by Windows 2000 Active Directory for easier searching. Selected attributes are defined by the schema as being indexed for ANR. For additional information about ANR, click the article number below to view the article in the Microsoft Knowledge Base:
243299 Ambiguous Name Resolution for LDAP in Windows 2000
Note that Locality-Name is shown as "l" in the schema attribute list. RDN is shown as "name" in the schema attribute list. E-mail-Address is shown as "mail" in the schema attribute list.
Keywords: kbenv kbinfo kbschema KB257218
