2.7.3 Schema Management

When the set of classes and attributes in the base Active Directory schema does not meet the requirements of the applications, the administrator can extend the schema by adding a new class to the schema, by adding a new attribute to the schema, or by adding an attribute to an existing class. Schema classes and attributes are objects that are stored in Active Directory. Adding a new class to the schema is equivalent to creating a new object of the classSchema class ([MS-ADTS] section 3.1.1.2.4.8); adding a new attribute to the schema is equivalent to creating a new object of the attributeSchema class ([MS-ADTS] section 3.1.1.2.3); adding an attribute to an existing class is done by modifying the corresponding classSchema object, which modifies the class definition to contain the attribute. After a new class or attribute is successfully added to the schema, users can create the objects of the newly defined or extended schema class.

The following diagram illustrates the use cases of schema management.

Use cases for schema management

Figure 25: Use cases for schema management