Are you struggling with efficiently managing your organization’s directory service? Understanding the essential concept of the Active Directory schema is key to success.
Though it is often seen as a complex concept, it is the foundation of the entire directory system. To delve into the details of this crucial component, keep reading below.
- What is the Active Directory Schema?
- Active Directory Schema Version
- Active Directory Schema Types
- Active Directory Schema Attributes List
- Active Directory Schema Location
- Active Directory Schema Components
What is the Active Directory Schema?
Active directory schema is like a blueprint for defining the structure, organization, and characteristics of objects and their associated data within the active directory.
It essentially determines what kinds of objects can be made and managed within the directory, as well as what kind of information can be stored within those objects. All the objects you can create in the Active directory and all their properties are defined.
Active Directory Schema Version
The following information provides a list of operating system versions along with their related schema versions:
| Windows Server Version | Directory Schema Version |
|---|---|
| Windows Server 2000 | 13 |
| Windows Server 2003 | 30 |
| Windows Server 2003R2 | 31 |
| Windows Server 2008 | 44 |
| Windows Server 3008R2 | 47 |
| Windows Server 2012 | 56 |
| Windows Server 2012R2 | 69 |
| Windows Server 2016 | 87 |
| Windows Server 2019 | 88 |
| Windows Server 2022 | 88 |
Active Directory Schema Types
It is a blueprint that defines the rules for the types of objects and attributes that can be stored within it. The schema is made up of two types of objects: Classes and attributes.
Classes : Classes can be considered as templates used to create objects within the active directory such as users, groups, computers, etc. These, classes themselves do not contain any specific information about the user or object but provide a framework for creating them.
Attributes: The attributes define the characteristics and properties of a class. They determine the specific data that can be stored within an object. Attributes are defined once in the schema and can be shared among multiple classes.
One common attribute found in every object class includes the attribute cn, which holds the object’s common name in the Lightweight Directory Access Protocol (LDAP) naming convention.
Active Directory Schema Attributes List
Here is a list of some used attributes in the Active Directory:
| Name in Active Directory | LDAP Name |
|---|---|
| First Name | givenName |
| Middle Name/Initials | Initials |
| Last Name | sn |
| Logon Name | userPrincipalName |
| Display Name | displayName |
| Full Name | name/cn |
| Description | description |
| Office | physicalDeliveryofficeName |
| Telephone Number | telephoneNumber |
| E-mail-Addresses | |
| Web Page | wWWHomePage |
| Password | password |
| PO Box | postOfficeBox |
| City | I |
| Country | co |
| Country code | countryCode |
| Add to Groups | memberOf |
| Account Expires | accountExpires |
| Login Script | scriptPath |
| Home Drive | homeDrive |
| Title | title |
| Company | company |
| Lockout-Time | lockoutTime |
| Account-Name-History | accountNameHistory |
| Do not permanently delete messages until the store has been backed up | deletedItemFlags |
| Start the following program at logon | tsInheritinitialProgram |
| Connect client printer at logon | tsDeviceClientDefaultPrinter |
| When the session limit is reached, or the connection broken | tsBrokenTimeOutSettings |
| Exchange Server Name | msExchHomeServerName |
| Managed By | managedBy |
| Remove Proxy Addresses | removeproxyAddresses |
These are just a few of the attributes available in the active directory.
Active Directory Schema Location
This helps in defining the structure and attributes of objects in the directory. It is located in the schema partition of the active directory, and the schema objects are physically stored there.
However, the schema container’s logical location is actually under the configuration container . To see the content of the schema container, administrators can use tools like AD schema MMC snap-in or ADSI Edit.
Active Directory Schema Components
In the active directory, objects, classes, and attributes are components of the directory and play a crucial role in defining the structure of the active directory.
- Objects are where data is stored in an active directory.
- Classes are a group of definitions used to create this object within the active directory.
- Attributes are data items that determine the information contained in an object.
Within the schema, the active directory schema contains two objects to store information. The classSchema object stores information about the class, while the attributeSchema object stores information about the attribute. By utilizing these schema objects, administrators can define classes and attributes based on their organization’s requirements.
