| Author | Messages | |
kbatkbslpcom
Posts:194
 | | 02/09/2010 8:30 PM |
| I am looking to add a number of new attributes to the forest - pretty
much modeled after the exchange extension attributes.
In the Exchange LDF files, it adds the attributes, then later in the LDF
file, it modifies it to be in the global catalog. Can that be done in
the same step, by changing the FALSE to TRUE on the
'isMemberOfPartialAttributeSet' statement and have the 'searchFlags' set
to 1? Or is it done that way for some other reason? (the exchange
extension attributes are not indexed, but we want them indexed for
searching - hence it has the searchflags=0 whereas we need them set to
1).
Perhaps 2000 level forests could not do those operations in the same
step?
When doing it manually (via the schema MMC) you have to create/save the
attribute, then go back and edit it to allow it to be indexed, stored in
the GC, etc.
On a 2003 level forest (test) - I'm able to add it and mark it to be
indexed and stored in the GC all in one step - and the Schema MMC
reflects that.
I'm just wondering if I'm going to shoot myself in the foot, later by
doing it in that one step.
Thanks!
What I'm doing is this (BASEOID and DC=x will be replaced with
appropriate values)
dn: CN=cust-Attribute1,CN=Schema,CN=Configuration,DC=x
changetype: add
attributeID: BASEOID.2.2001
adminDisplayname: cust-Attribute1
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: cust-Attribute1
name: cust-Attribute1
oMSyntax: 64
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=x
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 1
>From the Exchange LDF files:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: add
adminDescription: ms-Exch-Extension-Attribute-8
adminDisplayName: ms-Exch-Extension-Attribute-8
attributeID: 1.2.840.113556.1.2.430
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: extensionAttribute8
mapiId: 32820
name: ms-Exch-Extension-Attribute-8
oMSyntax: 64
objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 0
Then later, it changes the attribute to have it be in the global
catalog:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
-
| | | |
| dgavrilov
Posts:59
| | 02/12/2010 4:51 PM |
| What Exchange does is unfortunate. Please do it in one step.
Dmitri
-----Original Message-----
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F.
Sent: Tuesday, February 09, 2010 12:28 PM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Schema extension LDF syntax/order
I am looking to add a number of new attributes to the forest - pretty
much modeled after the exchange extension attributes.
In the Exchange LDF files, it adds the attributes, then later in the LDF
file, it modifies it to be in the global catalog. Can that be done in
the same step, by changing the FALSE to TRUE on the
'isMemberOfPartialAttributeSet' statement and have the 'searchFlags' set
to 1? Or is it done that way for some other reason? (the exchange
extension attributes are not indexed, but we want them indexed for
searching - hence it has the searchflags=0 whereas we need them set to
1).
Perhaps 2000 level forests could not do those operations in the same
step?
When doing it manually (via the schema MMC) you have to create/save the
attribute, then go back and edit it to allow it to be indexed, stored in
the GC, etc.
On a 2003 level forest (test) - I'm able to add it and mark it to be
indexed and stored in the GC all in one step - and the Schema MMC
reflects that.
I'm just wondering if I'm going to shoot myself in the foot, later by
doing it in that one step.
Thanks!
What I'm doing is this (BASEOID and DC=x will be replaced with
appropriate values)
dn: CN=cust-Attribute1,CN=Schema,CN=Configuration,DC=x
changetype: add
attributeID: BASEOID.2.2001
adminDisplayname: cust-Attribute1
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: cust-Attribute1
name: cust-Attribute1
oMSyntax: 64
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=x
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 1
>From the Exchange LDF files:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: add
adminDescription: ms-Exch-Extension-Attribute-8
adminDisplayName: ms-Exch-Extension-Attribute-8
attributeID: 1.2.840.113556.1.2.430
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: extensionAttribute8
mapiId: 32820
name: ms-Exch-Extension-Attribute-8
oMSyntax: 64
objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 0
Then later, it changes the attribute to have it be in the global
catalog:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
-
| | | |
| kbatkbslpcom
Posts:194
| | 02/12/2010 4:51 PM |
| Thanks - that puts my mind at rest.
As an FYI...as I was looking around more for examples, I saw an LDF file
for SCCM that does it in one step...so I went forward in the "big" test
forest (as opposed to the small single DC forest/domain - that I
promoted/demoted about 5 times as I was building the LDF file!).
Testing in the big test forest (multi domain forest/multiple DC's per
domain, which is as close to production as I can make it) - everything
worked fine including extracting the GC indexed data from a different
DC.
But confirmation is always appreciated!
Thanks again!
-----Original Message-----
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Dmitri Gavrilov
Sent: Wednesday, February 10, 2010 11:05 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] Schema extension LDF syntax/order
What Exchange does is unfortunate. Please do it in one step.
Dmitri
-----Original Message-----
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Brown, Ken F.
Sent: Tuesday, February 09, 2010 12:28 PM
To: activedir@mail.activedir.org
Subject: [ActiveDir] Schema extension LDF syntax/order
I am looking to add a number of new attributes to the forest - pretty
much modeled after the exchange extension attributes.
In the Exchange LDF files, it adds the attributes, then later in the LDF
file, it modifies it to be in the global catalog. Can that be done in
the same step, by changing the FALSE to TRUE on the
'isMemberOfPartialAttributeSet' statement and have the 'searchFlags' set
to 1? Or is it done that way for some other reason? (the exchange
extension attributes are not indexed, but we want them indexed for
searching - hence it has the searchflags=0 whereas we need them set to
1).
Perhaps 2000 level forests could not do those operations in the same
step?
When doing it manually (via the schema MMC) you have to create/save the
attribute, then go back and edit it to allow it to be indexed, stored in
the GC, etc.
On a 2003 level forest (test) - I'm able to add it and mark it to be
indexed and stored in the GC all in one step - and the Schema MMC
reflects that.
I'm just wondering if I'm going to shoot myself in the foot, later by
doing it in that one step.
Thanks!
What I'm doing is this (BASEOID and DC=x will be replaced with
appropriate values)
dn: CN=cust-Attribute1,CN=Schema,CN=Configuration,DC=x
changetype: add
attributeID: BASEOID.2.2001
adminDisplayname: cust-Attribute1
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: cust-Attribute1
name: cust-Attribute1
oMSyntax: 64
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=x
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 1
>From the Exchange LDF files:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: add
adminDescription: ms-Exch-Extension-Attribute-8
adminDisplayName: ms-Exch-Extension-Attribute-8
attributeID: 1.2.840.113556.1.2.430
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: extensionAttribute8
mapiId: 32820
name: ms-Exch-Extension-Attribute-8
oMSyntax: 64
objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 0
Then later, it changes the attribute to have it be in the global
catalog:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
-
| | | |
| lef
Posts:42
| | 02/12/2010 4:51 PM |
|
Perhaps it was a separate step in WS2k as adding an attribute to PAS
caused a full sync of all PAS attributes across the GCs in the forest.
I'm not aware of any problem in combining the steps.
Lee Flight
On Tue, 9 Feb 2010, Brown, Ken F. wrote:
> I am looking to add a number of new attributes to the forest - pretty
> much modeled after the exchange extension attributes.
>
> In the Exchange LDF files, it adds the attributes, then later in the LDF
> file, it modifies it to be in the global catalog. Can that be done in
> the same step, by changing the FALSE to TRUE on the
> 'isMemberOfPartialAttributeSet' statement and have the 'searchFlags' set
> to 1? Or is it done that way for some other reason? (the exchange
> extension attributes are not indexed, but we want them indexed for
> searching - hence it has the searchflags=0 whereas we need them set to
> 1).
>
> Perhaps 2000 level forests could not do those operations in the same
> step?
>
> When doing it manually (via the schema MMC) you have to create/save the
> attribute, then go back and edit it to allow it to be indexed, stored in
> the GC, etc.
>
> On a 2003 level forest (test) - I'm able to add it and mark it to be
> indexed and stored in the GC all in one step - and the Schema MMC
> reflects that.
>
> I'm just wondering if I'm going to shoot myself in the foot, later by
> doing it in that one step.
>
> Thanks!
>
>
> What I'm doing is this (BASEOID and DC=x will be replaced with
> appropriate values)
>
> dn: CN=cust-Attribute1,CN=Schema,CN=Configuration,DC=x
> changetype: add
> attributeID: BASEOID.2.2001
> adminDisplayname: cust-Attribute1
> attributeSyntax: 2.5.5.12
> isMemberOfPartialAttributeSet: TRUE
> isSingleValued: TRUE
> lDAPDisplayName: cust-Attribute1
> name: cust-Attribute1
> oMSyntax: 64
> objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=x
> objectClass: attributeSchema
> rangeUpper: 512
> searchFlags: 1
>
>
>
>> From the Exchange LDF files:
>
> dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
> changetype: add
> adminDescription: ms-Exch-Extension-Attribute-8
> adminDisplayName: ms-Exch-Extension-Attribute-8
> attributeID: 1.2.840.113556.1.2.430
> attributeSyntax: 2.5.5.12
> isMemberOfPartialAttributeSet: FALSE
> isSingleValued: TRUE
> lDAPDisplayName: extensionAttribute8
> mapiId: 32820
> name: ms-Exch-Extension-Attribute-8
> oMSyntax: 64
> objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
> objectClass: attributeSchema
> rangeUpper: 512
> searchFlags: 0
>
>
>
> Then later, it changes the attribute to have it be in the global
> catalog:
>
> dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
> changetype: modify
> replace: isMemberOfPartialAttributeSet
> isMemberOfPartialAttributeSet: TRUE
> -
>
>
>
>
>
| | | |
| dloder
Posts:131
| | 02/12/2010 4:51 PM |
| That behavior comes from the failures one would encounter on an add step in the schema object already existed. To ensure it is in the GC, regardless of the current schema status, that is done as a separate, sometimes redundant, step.
If you know the current state of the schema, you know exactly what changes to make. Exchange does not have that luxury.
-- http://dloder.blogspot.com --
--- On Tue, 2/9/10, Brown, Ken F. <Ken.Brown@kbslp.com> wrote:
From: Brown, Ken F. <Ken.Brown@kbslp.com>
Subject: [ActiveDir] Schema extension LDF syntax/order
To: activedir@mail.activedir.org
Date: Tuesday, February 9, 2010, 3:27 PM
I am looking to add a number of new attributes to the forest - pretty
much modeled after the exchange extension attributes.
In the Exchange LDF files, it adds the attributes, then later in the LDF
file, it modifies it to be in the global catalog. Can that be done in
the same step, by changing the FALSE to TRUE on the
'isMemberOfPartialAttributeSet' statement and have the 'searchFlags' set
to 1? Or is it done that way for some other reason? (the exchange
extension attributes are not indexed, but we want them indexed for
searching - hence it has the searchflags=0 whereas we need them set to
1).
Perhaps 2000 level forests could not do those operations in the same
step?
When doing it manually (via the schema MMC) you have to create/save the
attribute, then go back and edit it to allow it to be indexed, stored in
the GC, etc.
On a 2003 level forest (test) - I'm able to add it and mark it to be
indexed and stored in the GC all in one step - and the Schema MMC
reflects that.
I'm just wondering if I'm going to shoot myself in the foot, later by
doing it in that one step.
Thanks!
What I'm doing is this (BASEOID and DC=x will be replaced with
appropriate values)
dn: CN=cust-Attribute1,CN=Schema,CN=Configuration,DC=x
changetype: add
attributeID: BASEOID.2.2001
adminDisplayname: cust-Attribute1
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: cust-Attribute1
name: cust-Attribute1
oMSyntax: 64
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=x
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 1
>From the Exchange LDF files:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: add
adminDescription: ms-Exch-Extension-Attribute-8
adminDisplayName: ms-Exch-Extension-Attribute-8
attributeID: 1.2.840.113556.1.2.430
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: extensionAttribute8
mapiId: 32820
name: ms-Exch-Extension-Attribute-8
oMSyntax: 64
objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 0
Then later, it changes the attribute to have it be in the global
catalog:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
-
| | | |
| dloder
Posts:131
| | 02/12/2010 5:00 PM |
| My intent was to state, at RTM time, the Exchange team does not have the luxury of knowing what your schema looks like, where the local schema admin does. Sure there are ways to make that dynamic, or break it into more atomic steps to help ensure you reach the desired end-state. When the LDIF authors just assume they know what the current state of the schema looks like, you end up with problems like this http://technet.microsoft.com/en-us/library/bb632388.aspx.
I feel the Exchange implementation is a good compromise between coding effort and reaching the desired end-state from an unknown starting point.
-- http://dloder.blogspot.com --
--- On Wed, 2/10/10, Brian Arkills <barkills@washington.edu> wrote:
From: Brian Arkills <barkills@washington.edu>
Subject: RE: [ActiveDir] Schema extension LDF syntax/order
To: "activedir@mail.activedir.org" <activedir@mail.activedir.org>
Date: Wednesday, February 10, 2010, 4:49 PM
I don't see this as a luxury kind of thing; Exchange could know the current state of the schema if it queried it, rather than doing twice the amount of work in some cases. Of course, querying the schema would require analysis and then auto-generation of the "custom" appropriate schema for *this* forest.
That said, there's a subjective balance point here--you want a simple but accurate process.
The approach Exchange uses is one way to get there. Another example might be Apple's where you use the ADAM schema analysis tools to generate the "custom" appropriate schema needed. And still another approach is the one-off non-automated analysis when manually crafting your own schema mods.
The trouble enters in when folks assume that what Microsoft does for one of its products is somehow the only way (or the right way) to do it. 
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of David Loder
Sent: Wednesday, February 10, 2010 5:46 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] Schema extension LDF syntax/order
That behavior comes from the failures one would encounter on an add step in the schema object already existed. To ensure it is in the GC, regardless of the current schema status, that is done as a separate, sometimes redundant, step.
If you know the current state of the schema, you know exactly what changes to make. Exchange does not have that luxury.
-- http://dloder.blogspot.com --
--- On Tue, 2/9/10, Brown, Ken F. <Ken.Brown@kbslp.com> wrote:
From: Brown, Ken F. <Ken.Brown@kbslp.com>
Subject: [ActiveDir] Schema extension LDF syntax/order
To: activedir@mail.activedir.org
Date: Tuesday, February 9, 2010, 3:27 PM
I am looking to add a number of new attributes to the forest - pretty
much modeled after the exchange extension attributes.
In the Exchange LDF files, it adds the attributes, then later in the LDF
file, it modifies it to be in the global catalog. Can that be done in
the same step, by changing the FALSE to TRUE on the
'isMemberOfPartialAttributeSet' statement and have the 'searchFlags' set
to 1? Or is it done that way for some other reason? (the exchange
extension attributes are not indexed, but we want them indexed for
searching - hence it has the searchflags=0 whereas we need them set to
1).
Perhaps 2000 level forests could not do those operations in the same
step?
When doing it manually (via the schema MMC) you have to create/save the
attribute, then go back and edit it to allow it to be indexed, stored in
the GC, etc.
On a 2003 level forest (test) - I'm able to add it and mark it to be
indexed and stored in the GC all in one step - and the Schema MMC
reflects that.
I'm just wondering if I'm going to shoot myself in the foot, later by
doing it in that one step.
Thanks!
What I'm doing is this (BASEOID and DC=x will be replaced with
appropriate values)
dn: CN=cust-Attribute1,CN=Schema,CN=Configuration,DC=x
changetype: add
attributeID: BASEOID.2.2001
adminDisplayname: cust-Attribute1
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: TRUE
isSingleValued: TRUE
lDAPDisplayName: cust-Attribute1
name: cust-Attribute1
oMSyntax: 64
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=x
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 1
>From the Exchange LDF files:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: add
adminDescription: ms-Exch-Extension-Attribute-8
adminDisplayName: ms-Exch-Extension-Attribute-8
attributeID: 1.2.840.113556.1.2.430
attributeSyntax: 2.5.5.12
isMemberOfPartialAttributeSet: FALSE
isSingleValued: TRUE
lDAPDisplayName: extensionAttribute8
mapiId: 32820
name: ms-Exch-Extension-Attribute-8
oMSyntax: 64
objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
objectClass: attributeSchema
rangeUpper: 512
searchFlags: 0
Then later, it changes the attribute to have it be in the global
catalog:
dn: CN=ms-Exch-Extension-Attribute-8,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
-
| | | |
|
|