Schema classes and attributes
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Schema classes and attributes
Every directory object you create is an instance of an object class contained in the schema. Each object class contains a list of associated attributes that determine the information the object can contain. Classes and attributes are defined independently, so that a single attribute can be associated with multiple classes. All schema classes and attributes are defined by the classSchema and attributeSchema objects, respectively.
ClassSchema objects are used to define classes in the schema. A classSchema object provides the template for building directory objects of that class. Examples of classSchema include User and Server. A classSchema object contains, among other things, the following information:
Class type (structural, abstract, or auxiliary)
Common name and Lightweight Directory Access Protocol (LDAP) display name
Lists of the "must contain" and "may contain" attributes for instances of the object
Relative distinguished name attribute
A list of possible parent classes
Three different types of classes exist in the schema:
Used to instantiate objects (users, servers and so on) in the directory.
Provides templates for deriving structural classes
Contains predefined lists of attributes that can be included in structural and abstract classes.
- With the Windows Server 2003 family, the inetOrgPerson class is now a part of base schema. This class can be used as a security principal in the same manner as the user class.
AttributeSchema objects are used to define attributes in the schema. An attributeSchema object determines the allowable contents and syntax for instances of that attribute in the directory. Examples of attributeSchema include User-Principal-Name and Telex-Number. An attributeSchema object contains, among other things, the following information:
Common name and LDAP display name
Data constraints (single versus multivalued, minimum, and maximum values)
Whether and how the attribute is indexed
Single and multivalued attributes
Attributes can be single-valued or multivalued. An instance of a single-valued attribute can can only contain a single value. An instance of a multivalued attribute can contain multiple values of uniform syntax. A multivalued attribute stores no information about ordering of the attributes it contains. Each value of a multivalue attribute must be unique.
Both multivalued and single valued attributes can be indexed to help improve the performance of queries on that attribute. (Indexing does not apply to classes.) Attributes are marked for indexing based on their schema definition. Indexing an attribute also allows users to use wildcards (*) as prefixes and suffixes when specifying a search string. When you mark an attribute as indexed, all instances of the attribute are added to the index, not just the instances that are members of a particular class. Indexing attributes, particularly multivalued attributes, can negatively affect replication and object creation time, as well as directory database size. So, it is recommended that you only index commonly used attributes. For more information, see Index an attribute in Active Directory.