Personally, I use admod, good interface I think. The worst part is currently you have to manually figure out what the searchflags value needs to be.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 10:36 AM To: [email protected] Subject: RE: [ActiveDir] Schema design best practices Ok, I had that info but thought you were suggesting there was a 'friendly' interface to this :) Thanks again, neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: 27 September 2005 15:25 To: [email protected] Subject: RE: [ActiveDir] Schema design best practices Yep, you can add additional attributes to it. Some of them won't work, say like memberof or other linked attributes and pwdLastSet[1] and possibly some other SAM Account management attributes. You need to set the proper searchflags value, specifically Bit 3, value 0x8. See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/a_searchflags.asp joe [1] More accurately, it would be preserved but gets set to 0 on recovery anyway for some reason even when you mark passwords to be recovered. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 9:06 AM To: [email protected] Subject: RE: [ActiveDir] Schema design best practices Thanks joe - I appreciate the feedback. We're certainly on the same wavelength :) Could you expand a little on the below comment please? I appreciate that w2k3 sp1 added sidhistory to the list of attributes whose data is retained when an object is reanimated but I was not aware that extra attributes could be added to this list(?) "Preserve on tombstone - load this baby up, makes undeletes more useful" neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: 23 September 2005 17:13 To: [email protected] Subject: RE: [ActiveDir] Schema design best practices Additional attibute to index - objectClass and company specific mods Add to the PAS - Usually company specific items Copied when object is copied - none, don't recommend using ADUC for anything other than small orgs Container index - would depend on whether you do a lot of one level searches for something, overall, I don't believe I have seen much call for this. Preserve on tombstone - load this baby up, makes undeletes more useful ManagedBy applied to users, good idea. I think I would consider a whole suite of object lifecycle management additions though as well. Last reviewed, next review (in case of special items not reviewed on normal schedule), where it is in the lifecycle process , etc. For schema mods, drop schema fsmo in isolated site (i.e. not replicating often), make changes. If they look good, move another DC into the site and watch it replicate across and doublecheck for issues again. If that is good, open up replication to site or drag DCs back to main sites. If you have a large environment, drag to different far removed sites so that your updates can start propogating out from multiple locations, puttin a DC in a site that it doesn't have high connectivity to for the short period of time to replicate in schema mods shouldn't be too troublesome. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 23, 2005 9:31 AM To: [email protected] Subject: [ActiveDir] Schema design best practices I'm looking for some schema design best practices, based upon experience. For example: Are there additional attributes which you would suggest be: indexed added to the PAS replicated when a user is duplicated indexed for containerised searches? Are there classes to which you would add other attributes? (e.g. add managedBy to User) I'm also interested to hear views regarding Schema mods and how they should be performed in a controlled fashion (lag sites etc). I have my own views on all of the above but am keen to hear the views of others. Thanks, neil > ___________________________ > Neil Ruston > Global Technical Infrastructure > Nomura International plc > Telephone: +44 (0) 20 7521 3481 > > > PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
