Adding items to the Schema, also called "extending the Schema", or even modifying existing objects can be a tricky business, and if done without proper knowledge, can be very destructive to your existing Active Directory infrastructure. This is because the Schema is a forest-wide setting, and any additions or changes to the Schema will be immediately replicated to each and every Domain Controller in each and every domain in your AD Forest. You cannot make any changes to the Schema and yet keep it within your domain's boundaries. Furthermore, changing existing attributes (such as configuring an attribute to replicate itself to the Global Catalog) will cause a forest-wide replication of all the attributes and objects, even if your change was just made on one attribute. Note that this behavior was changed in Windows Server 2003, but even so, you might unintentionally cause a major network load and a lot of overhead by simply clicking one one small checkbox on one small attribute.
1.Open the Run command and type:regsvr32 schmmgmt.dll
You should get a confirmation message.
2.Next, open Run and type mmc.exe. Press Enter.
3.In the new MMC window, click File > Add/Remove Snap-in.
4.Click Add, then, in the Add Standalone Snap-in window, select the Active Directory Schema snap-in from the list. Next click Add again.
5.Click Ok.
Windows 2000 only - Enable write operations to the Schema
If you're running Windows 2000-based AD, you'll probably need to allow the Schema to be written. To do so follow these guidelines (only required for W2K-based DC):
1.In the MC window from the previous procedure, under the Console Root, double-click on the Active Directory Schema snap-in and let it load (you'll know when it has loaded when you will see 2 nodes under the root - Classes and Attributes)
2.Right-click Active Directory Schema (your domain controller name) and
Adding 3 new attributes to the Schema
One method of creating new attributes in the Schema is by using the Active Directory Schema snap-in from an MMC.
In order to use this snap-in you must first register it with the command:regsvr32 schmmgmt.dll
Connecting the new attributes to the User Object Class
One method of creating new attributes in the Schema is by using the Active Directory Schema snap-in from an MMC.
In order to use this snap-in you must first register it with the command:regsvr32 schmmgmt.dll
The results
After adding the new attributes we now need to verify their existence and functionality.
What now?
After the new attributes were successfully added to the Schema and we've verified their functionality, we would now like to begin working with these attributes and begin populating their values.
A very simple way to avoid damaging or costly schema mistakes in your production forest is to first test your schema extensions on a test forest. By using a test environment, you can identify any potential problems in your plan before they affect your users and your production environment.
Copyright © 2026 eLLeNow.com All Rights Reserved.
