Extended AD’s schema

[treehuger]

Is anyone willing to shed some light on how to actually extend AD’s schema? I have the 38 attributes and classes from a recent white paper (the same that references the impossible to find load_dat. file). I downloaded Microsoft’s ADAM, is this the correct application to enter the new attributes?

This is strictly for a test environment…. any help would be greatly appreciated. Thanks!

[cheizer]

No problem,
One of the easiest ways to extend your schema is to use the ADSchemaAnalyzer which comes with Microsoft ADAM.

Here is how to do it. I just did this as MacWorld hands on lab with my co-worker so these steps are copied our slides.

Steps:
1) Get a copy of “apple.schema” files from a Mac OS X Server in “/etc/openldap/schema”
2) Install Microsoft ADAM on a Windows server (Included with 2003R2)
3) Run “ADSchemaAnalyzer.exe”
4) Choose “File/Load target schema…”, next click the “Load LDIF…” button and select the “apple.schema” file (change the file type to “All files *.*”)
5) Choose “File/Load base schema…” and connect to your AD domain controller.
6) Choose “Schema/Mark all non-present elements as included”
7) Choose “File/Create LDIF file…” and save it as “apple.schema.ldf”
8) Make sure that the domain controller you’re connecting to has schema updates enabled
9) Install the schema extensions via command prompt
Example:
C:\> ldifde /i /f apple.schema.ldif /v /k /c “DC=X” “DC=SF,DC=PRETENDCO,DC=COM”
10) Make sure to disable schema updates on the domain controller you’re connected to

Extra Info:
Microsoft ADAM
http://www.microsoft.com/windowsserver2003/adam/default.mspx
ADSchemaAnalyzer
http://technet.microsoft.com/en-us/library/cc780706.aspx
Enable write schema changes
http://support.microsoft.com/kb/285172
Enable AD schema editor
regsvr32 schmmgmt.dll

I hope this helps.
– Charles

[treehuger]

Thanks, I will give this a try and let you know. I found similar instructions on some other website, however, the author said he was having trouble afterwords (though didn’t go into any examples). Have you tried this and does it work out well?

[cheizer]

I have tried it and it does work, but if I remember right, you do need to add one additional attribute to the apple computer class and that’s the mac address. I would suggest of course to test it all in a test forrest using a VMware environment first 🙂 .

If you want more of what the actual load_apple.bat extensions mentioned in the white paper check out http://www.shukwit.com/index.php. He has the original apple schema extensions available. I compared then to what apple has used and suggested in the white paper and it’s really close. I think he added more.

One more thing to note apple computer lists do not work with a modified schema that was in another thread earlier [url]https://www.afp548.com/forum/viewtopic.php?showtopic=23022[/url].

[twm1010]

I don’t understand this switch in the command line step above…

/c “DC=X” “DC=SF,DC=PRETENDCO,DC=COM”

Can someoene elaborate?

Tom

[twm1010]

Nevermind… not enough caffeine today…

Tom

[twm1010]

Turns out I still need some assistance. I ran the steps above just fine, but when trying to apply MCX to users or groups I get either error -14140 or -14142.

I found this thread here: https://www.afp548.com/forum/viewtopic.php?forum=24&showtopic=21539

I made the same corrections, but when I try the LDIF import again I get the following

The server side error is “A referral was returned from the server.”

I’m sure I’m running this from the AD schema master, my test environment is very simple.

Tom

[Author]

Posts