3.2.14 Example 14: Extend the Schema to Support an Application by Adding a New Attribute

In this example, an administrator extends the schema by adding an attribute that is required by an application. This is accomplished by using LDAP. To perform this task, an administrator runs a client application on a client computer. The application client targets a directory server that owns the Schema Master FSMO role in the Active Directory system. The client application uses LDAP to add an attribute and set its properties.

This example uses LDAP.

This example covers the use case in section 2.7.3.2, Add a New Attribute to the Schema - Client Application.

Prerequisites

The general requirements described in section 2.6, Assumptions and Preconditions.

The Active Directory system meets all preconditions described in section 2.7.3.2.

Initial System State

None.

Final System State

A new attribute has been added to the schema.

Sequence of Events

The diagram that follows illustrates the messages that are exchanged between a client application and a directory server when an attribute is successfully added to the schema.

Message flow for extending the schema by adding an attribute

Figure 59: Message flow for extending the schema by adding an attribute

The sequence of events is described in the following steps.

  1. The client application establishes an LDAP connection to the directory server. An LDAP bind request ([RFC2251] section 4.2) is sent to the directory server with the credentials of the administrator.

  2. The directory server verifies the credentials ([MS-AUTHSOD] section 2) and sends an LDAP bind response ([RFC2251] section 4.2.3) to the client application.

  3. The client application sends an LDAP add request ([RFC2251] section 4.7) to the server. The request contains the values of the mandatory attributes ([MS-ADTS] section 3.1.1.2.3) for the new object of class attributeSchema.

  4. The server verifies all the processing rules and constraints ([MS-ADTS] section 3.1.1.2.5, 3.1.1.5.1, and 3.1.1.5.2). On success, an instance of an object of class attributeSchema is added to the schema, and the server sends an LDAP add response ([RFC2252] section 4.7) that indicates that the object creation was successful.

  5. The client application closes the LDAP connection by sending an LDAP unbind request ([RFC2251] section 4.3) to the directory server.