In spite of its flexibility, many administrators tend to think of the Active Directory as a generic operating system database. Although it’s true that the Active Directory’s primary purpose is servicing the operating system, it has real-world uses as well. As you probably know, the Active Directory contains (or can contain) a wealth of information about all the hardware on your network. This information is searchable, and these searches can come in handy if your network is so big that you can’t remember all the hardware you have.
For example, suppose a user needs to produce a large print job on a color printer. You can search the Active Directory for printers that support color, and then search those printers for the one that prints the highest number of pages per minute, thus helping the user to get his or her job done as efficiently as possible.
Modifying the Active Directory
You can add custom attributes to the Active Directory in order to take full advantage of its search capabilities. For example, you might add an attribute for the floor a printer is located on, or the name of the department that owns the printer.
As you can imagine, tampering with the Active Directory can be a dangerous process. Because of this risk, Microsoft makes it difficult to gain access to the Active Directory’s schema. The procedure I’ll outline in this article can have adverse effects on your system if performed incorrectly: Making a mistake can destroy Windows and/or your data. Therefore, make sure that you have a good backup of your entire system before continuing.
Begin the process by opening the Registry Editor on a domain controller and navigating to HKEY_Local_MachineSYSTEMCurrentControlSetServicesNTDSParameters. The Registry is set up to block any attempts to modify the Active Directory schema. To get around this block, create a new Dword at the location specified called Schema Update Allowed. Once you’ve created this entry, set its value to 1 and close the Registry Editor. Creating this Registry entry will allow you to modify the schema.
Now, you must install the tools for modifying the schema. You’re probably familiar with Windows 2000’s Administrative Tools. However, only a few of these tools are installed by default. To install the rest, insert your Windows 2000 CD and double-click on the ADMINPAK.MSI file located in the I386 directory. This launches the Windows 2000 Administration Tools Setup Wizard. Follow the prompts to install all the Administrative Tools.
When the installation process is complete, you’re ready to begin using an MMC snap-in–which doesn’t appear on any of the menus–to begin modifying the schema. I’ll show you how to do this in Part 2. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it’s impossible for him to respond to every message, although he does read them all.