Active Directory

What is the Active Directory Schema?

What is the Active Directory Schema?

In this section

  • Using Objects to Store Data
  • Building the Schema

The schema is the Active Directory component that defines all the objects and attributes that the directory service uses to store data. Active Directory stores and retrieves information from a wide variety of applications and services. So that it can store and replicate data from a potentially infinite variety of sources, Active Directory standardizes how data is stored in the directory.

By standardizing how data is stored, the directory service can retrieve, update, and replicate data while ensuring that the integrity of the data is maintained. The directory service uses objects as units of storage. All objects are defined in the schema. Each time that the directory handles data, the directory queries the schema for an appropriate object definition.

Based on the object definition in the schema, the directory creates the object and stores the data. Object definitions control the types of data that the objects can store, as well as the syntax of the data. Using this information, the schema ensures that all objects conform to their standard definitions. As a result, Active Directory can store, retrieve, and validate the data that it manages, regardless of the application that is the original source of the data.

Only data that has an existing object definition in the schema can be stored in the directory. If a new type of data needs to be stored, a new object definition for the data must first be created in the schema.

Using Objects to Store Data

Active Directory uses objects to store information. Objects are data structures that consist of multiple attributes that store both data and its related metadata. Metadata is data that describes the properties of other data. For example, an object that stores a user account has many attributes, including attributes that contain the user’s logon name, first name, last name, and password. Each of those attributes has additional attributes that contain metadata about the information that the attribute stores.

The logon name attribute, for example, has multiple attributes of its own. One attribute that is associated with the logon name specifies that the logon name is a required attribute, which means that the user object is not valid unless it contains the logon name attribute.

Another attribute that is associated with the logon name specifies the syntax of the value that is stored in the logon name attribute. This ensures that the value that the logon name attribute contains is in a valid format. Both of these attributes contain metadata for the logon name attribute; that is, they define the characteristics of the logon name attribute.

The object definitions in the schema list all the object attributes and define how these attributes relate to each other. Some objects are simple and contain only a few attributes, while other objects are quite complex and contain hundreds of attributes.

Attributes themselves are objects, and the schema contains a definition for each one. To define new objects, smaller objects are associated with one another to define the necessary attributes of the new objects. For a user object, the user’s logon name attribute is a smaller object that contains a number of attributes of its own.

Among them are attributes that define the syntax of the logon name and specify whether or not the logon name attribute is optional or required. The first name and last name attributes are also smaller objects whose definitions can be found in the schema.

The object definition that defines the user object lists the logon name attribute object, the first name and last name attribute objects, and many other attribute objects, and it defines how these objects relate to each other to store the data that represents a user account.

Defining objects and attributes in this manner gives the schema the ability to efficiently define many different types of objects while retaining the ability to add new types of objects when necessary. Many objects have some attributes in common.

For example, many objects have a security descriptor to define who is allowed to access and change their contents. Rather than create a separate security descriptor definition for each object definition, the schema defines a single security descriptor object, and all other object definitions refer to the single security descriptor definition. This makes it possible for every object that needs a security descriptor to have one security descriptor while keeping only one definition for the security descriptor in the schema.

Installing and Configuring a RODC in Windows Server 2012

Building the Schema

The Active Directory installation process that creates the forest also generates the default schema. Thereafter, the default schema replicates to each new domain controller during the installation of the directory on that new domain controller.

The default schema contains all the standard object definitions that are necessary for Active Directory to function in a standard deployment. Active Directory uses a multimaster replication topology, which means that any domain controller in a forest can write a change to the directory database and then replicate that change to other domain controllers in the same forest.

For a domain controller to create a new object and write it to the directory, the domain controller must have access to the object definition that is needed to create the new object. Every domain controller in a forest maintains a copy of the schema, which makes it possible for domain controllers to have access to the object definitions that they need to store and retrieve information in the directory.

In some situations, the default attributes and object definitions in the schema are insufficient to create new object types that are required by some applications or services that interoperate with the directory. In these situations, it is possible to customize the schema by adding new object definitions to it. The process of adding definitions to the schema is referred to as “extending the schema.” It is important to plan the deployment of schema extensions carefully.

The directory stores the schema and replicates schema changes to every domain controller throughout the forest. Therefore, extending the schema creates replication traffic, which can briefly affect network traffic. For more information about extending the schema, see “How the Active Directory Schema Works.”   So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Recommended contents

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Disabling and enabling replication on schema master domain controller

How to enable strict replication consistency

How to prevent lingering objects replication in active directory

AD replication process overview

How to force active directory replication

Change notification in replication process

How to check replication partner for a specific domain controller

dcdiag test replications

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button