|
Yes. You have to mark each attribute you want in the GC to
be part of the PAS. Basically set the attribute isMemberOfPartialAttributeSet to
TRUE.
Ex:
G:\>admod -schema -rb cn=uid
isMemberOfPartialAttributeSet::TRUE
AdMod V01.07.00cpp Joe Richards ([EMAIL PROTECTED])
October 2006
DN Count: 1
Using server: r2dc2.test.loc:389 Directory: Windows Server 2003 Base DN: cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc Modifying specified objects...
DN: cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc... The command completed successfully
To find out which attributes are involved, run
this
adfind -sc s:*posix* -af objectcategory=classschema
maycontain
the output should be something like
G:\>adfind -sc s:*posix* -af objectcategory=classschema
maycontain
AdFind V01.32.00cpp Joe Richards ([EMAIL PROTECTED])
October 2006
Using server: r2dc2.test.loc:389
Directory: Windows Server 2003 Base DN: CN=Schema,CN=Configuration,DC=test,DC=loc dn:CN=PosixAccount,CN=Schema,CN=Configuration,DC=test,DC=loc
>mayContain: description >mayContain: gecos >mayContain: loginShell >mayContain: unixUserPassword >mayContain: userPassword >mayContain: homeDirectory >mayContain: unixHomeDirectory >mayContain: gidNumber >mayContain: uidNumber >mayContain: cn >mayContain: uid dn:CN=PosixGroup,CN=Schema,CN=Configuration,DC=test,DC=loc
>mayContain: memberUid >mayContain: gidNumber >mayContain: description >mayContain: unixUserPassword >mayContain: userPassword >mayContain: cn 2 Objects returned From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Tuesday, October 03, 2006 2:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC I don't think I am making myself clear.
I already have those classes in the schema, I just want to
add the properties that those classes have to the global catalog so they
replicate throughout the forest, I don't need to install those classes in the
AD, I already did that.
Do I have to add attribute by attribute to the
GC?
Thanks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Tuesday, October 03, 2006 1:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Hi
Rezuma,
I suspect you might run into the same issue I had when I did the R2 forestprep
with SFU 3.5 (although you have the earlier SFU 3.0). If so, see the fixup
from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from
8/12/06). Mike
Thommes From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe You get the R2 CD and
do the forestprep, it will install the entire R2 schema which includes all of
those Unix interop classes and attributes. You do not really want to do this
manually or it could be troublesome later.
joe -- O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ramon
Linan We are using windows
2003 servers. But what I need is, to add those 2 classes that already exist in
the AD schema to the global catalog so they replicate through the GCs in
the forest. How do I add 2 whole classes with their attributes? changing
the "replicate this attribute in the global catalog" option attribute by
attribute? Thanks Rezuma From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe Modifying the schema
except for indexing or adding PAS attributes in a forest with Windows 2000
domain controllers is really a non-event when done properly with proper OIDs and
names. Indexing can work your DCs a little as the new indexes have to be created
but it depends on the attribs being indexed and what type of index is being
created on how much that will hit your DC. Usually I would say it is minimal
impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which
generates a considerable amount of replication. Simply, if you are running
Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has
been around for 3 years already and has a ton of AD enhancements. In a small
network like yours, I wouldn't expect even a small burp even in the worst case
unless you have few users and a ton (tens or hundreds of thousands) of
other types of objects. You would mention that though I
expect.
joe -- O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ramon
Linan thanks for the info,
how do I go about adding them to the GC? and, being a small network, do you see
any dramatic effect to doing that? in terms of replication I
mean. Thanks From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe SFU30 is pretty old.
What you really should do is apply the Windows Server 2003 R2 Schema which
has the aux classes: posixAccount
joe -- O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ramon
Linan Hi, I have a Unix application that uses
LDAP queries. The developer is telling me that 2
classes should be available in the GC (they need to query the whole forest
for some information) The classes are msSFU30PosixAccount
and msSFU30PosixGroup. How do I add a whole class to the GC? I know how to add
an attribute, do I have to go attribute by
attribute? We only have 200 users and no many
AD objects, is there a reason while I should not add those 2 classes, in terms
of replication I mean and for small network like
this. Thanks Rezuma |
- RE: [ActiveDir] 200 users network. Adding 2 classes to the GC Ramon Linan
- RE: [ActiveDir] 200 users network. Adding 2 classes to th... joe
