go to  ForumEasy.com   
LdapPro  
 
 
   Home  |  MyForum  |  FAQ  |  Archive    You are not logged in. [Login] or [Register]  
Forum Home » Native LDAP Servers -- AD, OpenLdap, etc. » How to extend or modify Active Directory (AD) schema -- from LDIF
Email To Friend  |   Set Alert To This Topic Rewarding Points Availabe: 0 (What's this) New Topic  |   Post Reply
Author Topic: How to extend or modify Active Directory (AD) schema -- from LDIF
eLDAP
member
offline   
 
posts: 107
joined: 08/02/2006
from: Austin, TX
  posted on: 09/28/2012 09:16:01 PM    Edit  |   Quote  |   Report 
How to extend or modify Active Directory (AD) schema -- from LDIF
In many cases, it is far better to import the schema extensions with a LDIF file. You can use Microsoft's ldifde.exe or SunOne's ldapmodify.exe tool to apply the following LDIF file:
dn: CN=hr-Salary-Level,CN=Schema,CN=Configuration,DC=example,dc=com
changetype: add
adminDescription: Human Resources Salary Level
adminDisplayName: hr-Salary-Level
attributeID: 1.2.840.113556.1.4.7000.141
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
lDAPDisplayName: hrSalaryLevel
oMSyntax: 2
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,dc=com
objectClass: attributeSchema
searchFlags: 0
 
dn: CN=hr-Social-Security-Number,CN=Schema,CN=Configuration,DC=example,dc=com
changetype: add
adminDescription: Human Resources Social Security Number
adminDisplayName: hr-Social-Security-Number
attributeID: 1.2.840.113556.1.4.7000.142
attributeSyntax: 2.5.5.12
isSingleValued: FALSE
lDAPDisplayName: hrSocialSecurityNumber
oMSyntax: 64
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,dc=com
objectClass: attributeSchema
searchFlags: 0
rangeLower: 0
rangeUpper: 128
 
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-
 
dn: CN=hr-Human-Resources,CN=Schema,CN=Configuration,DC=example,dc=com
changetype: add
adminDescription: Human Resources Auxilliary Class
adminDisplayName: hr-Human-Resources
governsID: 1.2.840.113556.1.4.7000.17
lDAPDisplayName: hrHumanResources
objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=example,dc=com
objectClass: classSchema
objectClassCategory: 3
rDNAttID: cn
possSuperiors: organizationalUnit
possSuperiors: container
subClassOf: top
mayContain: hrSocialSecurityNumber
mayContain: hrSalaryLevel
 
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-
 
dn: CN=User,CN=Schema,CN=Configuration,DC=example,dc=com
changetype: modify
add: auxiliaryClass
auxiliaryClass: hrHumanResources
-
 
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-

 Profile | Reply Points Earned: 0
JNDI
member
offline   
 
posts: 19
joined: 05/18/2007
from: GA
  posted on: 10/19/2012 05:27:40 AM    Edit  |   Quote  |   Report 
How to extend Active Directory (AD) schema Using LDIFDE.exe
As an example, you can use Microsoft utility tool LDIFDE.exe to import the LDIF file shown above.

First of all, Login into your domain controller with an account which should have both Administrator rights and the Schema Admins Group rights.
C:\temp>ldifde.exe -i -f import.ldif -s 10.11.12.13:389

Connecting to "10.11.12.13:389"
Logging in as current user using SSPI
Importing directory from file "import.ldif"
Loading entries...
7 entries modified successfully.

The command has completed successfully


For ADAM/ADLDS, you just need the Administrator rights.
C:\temp>ldifde.exe -i -f import.ldif -s 10.11.12.13:50001 -b Administrator DOMAIN password

Connecting to "10.11.12.13:50001"
Logging in as current user using SSPI
Importing directory from file "import.ldif"
Loading entries...
7 entries modified successfully.

The command has completed successfully

 Profile | Reply Points Earned: 0

 
Powered by ForumEasy © 2003-2005, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.