Version for print

The schema is extensible, which means that you can change it. However, modifying the schema is dangerous because doing so affects the entire domain forest. Microsoft doesn’t recommend schema modification.

If you insist on modifying the schema, you can use the GUI or edit the registry. To use the GUI, you must first register the .dll file for the Microsoft Management Console (MMC) snap-in. Go to a command prompt, and enter

Then, use the Microsoft Windows 2000 Resource Kit’s Tools console to start the Schema Manager. Alternatively, create a custom MMC to start the Schema Manager. Next, add the Active Directory Schema snap-in to the Schema Manager. (From the Start menu, select Run, and enter

From the Console menu, select Add/Remove Snap-in. Click Add, and select Active Directory Schema. Finally, click Add, Close, OK.)

1. Start the MMC Active Directory Schema snap-in on the domain controller (DC).
2. In the leftmost pane, right-click Active Directory Schema, and select Operations Master from the context menu.
3. You’ll see the name of the machine that holds the domain name operations Flexible Single-Master Operation (FSMO) role, as the Screen shows.
   
   
   
4. Select the checkbox labeled The Schema may be modified on this server.
5. Click OK in the confirmation dialog box.

Another way to modify the schema is to edit the registry.

1. Start regedit.
2. Go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters registry entry.
3. Double-click Schema Update Allowed (of type REG_DWORD).
4. Set the value to 1.
5. Click OK.
6. Close the registry editor.

Security FAQ

Windows Privacy Tools - http//www.privacywindows.com