What is Schema?
Schema is a collection of Objects , Object classes and their attributes. If you see in the image above Administrator is a user object in Active Directory, and the properties of that user object are called as Attributes. Here Remote control is an attribute, COM+ is an attribute. Further every attribute again has more attributes like Dial-in attribute has Allow Access, Deny Access and so on…. This is simply what we call it as Schema.
This is good enough about Schema, and this schema is embedded with Active Directory. Whenever an object created in Active Directory, its all attribute information is stored in AD it self. Now the question is…
Where this information Stored?
It is stored in DIT(Data Information Tree) file only, where as it is sub divided into partitions internally and Schema Partition is one of them. Active Directory database contains 3 Partitions as follows..
Schema partition – Defines rules for object creation and modification for all objects in the forest. Replicated to all domain controllers in the forest. Replicated to all domain controllers in the forest, it is known as an enterprise partition.
Configuration partition – Information about the forest directory structure is defined including trees, domains, domain trust relationships, and sites (TCP/IP subnet group). Replicated to all domain controllers in the forest, it is known as an enterprise partition.
Domain partition – Has complete information about all domain objects (Objects that are part of the domain including OUs, groups, users and others). Replicated only to domain controllers in the same domain. Partial domain directory partition – Has a list of all objects in the directory with a partial list of attributes for each object.
Well very nice another question is…..
What happens to schema whenever i install a new application like Exchange or SQL into my Active Directory?
If you read the documentation for respective application, they will describe about extending the schema before installing the specific application. That means, objects and their attributes related to that specific application will be added to DIT file Schema Partition before going to install the application itself. So that there is a chance of reducing functional errors of that application. This can be done simply using some switches like “Setup.exe /ADprep” “Setup.exe /Forestprep” etc.
Super, Fantastic… one more last question is…..
How this Schema will be replicated ?
As mentioned above it is replicated to all DC’s in the forest. We can replicate only Schema Partition using replmon tool. So that we can confirm each and every object and its attribute is replicated to all the DC’s. If we get any errors in the replication, then we will look into it to troubleshoot.
In the image beside notice there is a partion named CN=Schema,CN=Configuration. It is Schema Partition and the others are Domain, Configuration and DNS partitions. You can individually replicate them if you want by right clicking on each partition to London and New York Sites.
How to Manage Schema?
By default there is no management console added in the Administrative tools. If you want to have a look at Schema, you need to register a dll first using ” regsvr32 schmmgmt.dll “, and then open a blank microsoft management console from run prompt using “mmc” command. In the mmc, click on file menu, select Add/Remove Snap-in. There you will find Schema Management option, select it and click on Add. Save the console as Schema Management to your Administrative Tools folder or Desktop. That is your AD schema.
wintual 