JSI Tip 3310. How can I modify the Active Directory schema in batch?

Jerold Schulman

January 29, 2001

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Microsoft has written a Knowledge Base article on how to use the Ldifde utility to modify the schema. I have made some modification and and include it here for your enlightenment.

NOTE: See tip 2645 Schema Administrator requires new registry value name to enable a write operation to the schema?

WARNING: Use extreme caution when you make any changes to the ActiveDirectory schema. Changes are propagated forest-wide, and objects andattributes that are added to the schema cannot be removed.

NOTE: See tip 2003 Backup/Restore the System State on your Windows 2000 server.
              and tip 2500 Backup the Registry and Sytem State in batch, without a backup device.

When you use the Ldifde utility, the text file that you use must be in a certain format so that Windows 2000 can correctly process the file. To modify attribute values for existing schema classes, use the following general format:

dn: distinguished_name_of_the_object_you_want_to_modify
changetype: modify
replace: attribute_whose_value_you_want_to_replace
attribute_whose_value_you_want_to_replace: newvalue1
attribute_whose_value_you_want_to_replace: newvalue2
-
add: attribute_to_which_you_want_to_add_a_new_value
attribute_whose_value_you_want_to_add_a_new_value_to: newvalue3
-
delete: attribute_from_which_you_want_to_delete_a_value
attribute_from_which_you_want_to_delete_a_value: value_to_be_deleted
-

The text file can contain multiple sections of each operation type (or no section at all for a type of operation, if there is no need to perform an operation of that type), and you can place the sections in any order in the text file. This example replaces the value of one attribute with two values, adds a new value to another attribute, and deletes a specific value from yet another attribute.

NOTE: The hyphen (-) at the end of the file and the hyphens that separate the sections are required.

For example, to add the healthcarerole attribute value as an optional type of property (mayContain) to the companyorgperson schema class, create a text file named Modify.ldf that contains the following information:

dn: CN=companyorgperson,CN=Schema,CN=Configuration,DC=company,DC=com
changetype: modify
add: mayContain
mayContain: healthcarerole
-

To import the information that is in the Modify.ldf file, type the following command at a command prompt:

ldifde -i -f modify.ldf

The Ldifde utility modifies the attributes as specified in the Modify.ldf file.

For additional information about LDAP Data Interchange Format (LDIF), see Request for Comments (RFC) 2849, which defines the grammar for LDIF files.

NOTE: The Ldifde utility does not support the "control:" keyword from RFC 2849.

For additional information about the Active Directory schema and LDIF, see chapter 4 of the Microsoft Windows 2000 Server Distributed Systems Guide, which is part of the Microsoft Windows 2000 Server Resource Kit.

For more information about the Ldifde utility, open a CMD prompt on a computer that is running Windows 2000 Server, and type:

ldifde /?


Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like