RE: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object?

[Fugleberg, David A]

zhaohu -   Here's an example: ------------------------------------------------ dn: cn=nwa-test-attribute,cn=schema,cn=configuration,ddddd changetype: add objectClass: attributeSchema cn: nwa-test-attribute attributeID: 1.3.6.1.4.1.11802.2.1.1.1 attributeSyntax: 2.5.5.12 oMSyntax: 64 isSingleValued: TRUE lDAPDisplayName: nwaTestAttribute description: attribute added for test - please ignore rangeLower: 1 rangeUpper: 10 schemaIDGUID:: DPzmI4k/WUqX0IqM1HQiJA==   dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 - -------------------------------------------------------------   I put everything between the lines above into a LDIF file called test.ldf I then invoked the following command line (replacing the yourdomain portion with the real domain name, of course):   ldifde -i -f test.ldf -c ddddd dc=yourdomain,dc=com -v   You should get an attribute with a schemaIDGUID value of {23E6FC0C-3F89-4A59-97D0-8A8CD4742224}.   A couple of notes- the extra colon after schemaIDGUID and the dash (-) afterthe schemaUpdateNow element seem to be important - don't ask me why.   Of course, for real extensions you can place several attribute and class definitions in the same LDIF file and do them all at once.  Just remember to put the schemaUpdateNow section after anything that's required by other parts of the file.  For example, I recently did one with two new attributes, and a new auxiliary class that was connected to the User class.  The LDIF file had the add attribute sections, an update, the add class section, another update, a modify section to add the auxiliary class to the user class, and then a final update.   Hope that helps. Dave -----Original Message----- From: zhaohu [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 7:46 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object? yeah, i wanna specify a value for schemaIDGUID in order to create extended rights for some objects, and i get the Base64-encoded format value by the utility uuidgen.exe. then  how do you extend the schema using LDIF files? could you show me an example, because i had failed to do that, so i have to program it by C++ , thanks very much~ ----- Original Message ----- From: Fugleberg, David A To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 3:43 AM Subject: RE: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object? I'm not the expert either, but I do have some experience with this.  Normally, like Rick said, GUIDs are simply assigned by the system upon object creation.  SchemaIDGUID is kind of a special case, though - it's the GUID of the classSchema or attributeSchema object itself.  If you ever want to define some extended rights that apply to instances of your new class or attribute, you'll need to know the SchemaIDGUID of the classSchema or attributeSchema object in the forest.   Let's say you write a program that extends the schema, and it does NOT specify the schemaIDGUID.  The system will generate one for you when the program is run.  If you run it again in a different forest, those objects will have a different value of schemaIDGUID in that forest.  On the other hand, if your program DOES specify a value for schemaIDGUID, then it will have that value in every forest where your extension is installed.  That way, you can document what it should be, and can programatically create extended rights for those objects in any of those forests.   The value must be in the Base64-encoded format.  There are a couple of ways to generate a value to use: 1. Install the extension on a test forest WITHOUT specifying the schemaIDGUID, copy the value that gets automatically generated, and put in it your program for future use on other forests   OR   2. Use the utility uuidgen.exe and convert the output (format XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) to Base64.   I have done this successfully using LDIF files to extend the schema, but have not tried it programmatically, although I see no reason why it would not work the same.   Robbie, Gil, if I've misrepresented something here please correct me !   Dave    -----Original Message----- From: zhaohu [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 7:50 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object? Today i think that maybe the SchemaIDGUID can only accept Base64, so i replaced the {BCE8B3C4-9A94-4C34-8E76-AA4A682CBA2C} with Base64 xLPovJSaNEyOdqpKaCy6LA== , but the program still failed:( Maybe Rick Kingslan is right, i can't assign a GUID to an object when i create the object, then what about modifying the Value of SchemaIDGUID after i create the object? i will test it after i send this mail:)         ----- Original Message ----- From: Rick Kingslan To: [EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 8:46 PM Subject: RE: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object? I am FAR from the expert on this subject, but I do know a thing or two.  (Gil, where are you when we need you???  ;-)  )   The one thing that I see is that you're trying to force a GUID.  I don't think that you can do this.  You can't assign a GUID to an object - it's assigned when created.  You're assigning an OID, which is good - as long as it is unique and created via, say OIDGEN.    Everything else looks fine.  This probably explains why the program runs without the statement in question, but won't when you have it in.  It's not supposed to be there.   Anyone else know schema manipulation with C++?  ;-)   Rick Kingslan  MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of zhaohu Sent: Wednesday, May 28, 2003 2:29 AM To: [EMAIL PROTECTED] this is some code in my program, i create the schema object it:   ---------------------------------------------------------------- hr = piSchema->Create( L"classSchema", L"CN=TestClass", &piDisp );    .    .    .         hr = piDisp->QueryInterface( IID_IADs, ( void** )&piIADsClass );     if( SUCCEEDED( hr ) )     {      hr = piIADsClass->Put( L"objectClass", _variant_t( L"classSchema" ) );      hr = piIADsClass->Put( L"lDAPDisplayName", _variant_t( L"TestClass" ) );      hr = piIADsClass->Put( L"governsID", _variant_t( L"1.3.6.1.4.1.1593.4.2.1.1.2.43" ) );      hr = piIADsClass->Put( L"subClassOf", _variant_t( L"top" ) );      hr = piIADsClass->Put( L"possSuperiors",_variant_t( L"organizationalUnit") );      hr = piIADsClass->Put( L"schemaIDGUID",_variant_t(L"{BCE8B3C4-9A94-4C34-8E76-AA4A682CBA2C}"));      hr = piIADsClass->PutEx(ADS_PROPERTY_APPEND, L"mayContain", varNames3);            .      .      . ----------------------------------------------------------------------   but it failed when i run the program, then if i comment or delete  " hr = piIADsClass->Put( L"schemaIDGUID",_variant_t(L"{BCE8B3C4-9A94-4C34-8E76-AA4A682CBA2C}"));"  it runs well, who could tell me what is the matter with my promgram, thanks very very much:)