AD Schema Registration

1. In some versions of Windows 2000/2003 we need to modify a variable in order to have permission to update the AD schema. To do this you must use the registry editor (Start ->Run -> regedt32 );

   Figure 1.23: Run: 'regedt32'

   

2. Find the following key:

     HKEY_LOCAL_MACHINE
       SYSTEM
         CurrentControlSet
           Services
             NTDS
               Parameters
                 - Schema Update Allowed
   

   Figure 1.24: Schema Update Allowed key location

   

3. If present, edit the variable named (Schema Update Allowed)
4. Click at Binary and change its value to 1.

Note: If 'Schema Update Allowed' isn't listed at the Registry, it means that it is already active and you won't need to do any change.

Now, that the schema update is allowed, we can proceed:

1. If you got a Windows 2003 Release 1 download the auto_r1.ldif file on the Documentation section at the IPBrick's site:
   

   http://eshop.ipbrick.com/
   

   Downloads » Documentation » Other documentation
   

   Note: Please bear in mind that you need to register at our site in order to access the Downloads page.

2. At the same location, please download the auto_r2.ldif file if it's a Windows 2003 Release 2.
3. Open the file in a text editor, such as Wordpad and do a Replace All of <DOMAIN_BASE_DN> to the domain you're using. As an example, if you are using a domain named domain.com you should have: DC=domain,DC=com. You can use the ADSI Edit tool to know the base DN.

   Figure 1.25: .ldif file opened in Wordpad - Replace All

   

4. Go to Start - Run and hit cmd. At command line you must execute the following command to add these attributes to AD (change the DC=domain, DC=com to your domain and the LDIF file path):
   

   ldifde -i -k -c CN=Schema,CN=Configuration,DC=domain,DC=com CN=Schema,
CN=Configuration,DC=domain,DC=com -s localhost -f auto_r2.ldif

   Figure 1.26: Command line input