Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is the purpose of Schema Admins?

Posted on 2008-10-07
4
Medium Priority
?
1,022 Views
Last Modified: 2012-06-27
What is the purpose of Schema Admins in Active Directory Security Groups.
0
Comment
Question by:mlord_garan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 75 total points
ID: 22660132
At the risk of being obvious only users who are schema admins are allowed to make changes to the active directory schema - either via the ADSIEdit and and other tools or with ADprep etc.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 75 total points
ID: 22660135
Schema Admins are the only users capable of modifying the schema in a Windows domain. Since schema additions cannot be removed once added, it's kind of important to limit even administrators from extending the schema without proper authority.
0
 
LVL 26

Expert Comment

by:Pber
ID: 22660165
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 22661137
Just to follow up on what Midnight said, Microsoft released a good white paper a few months ago on how they manage their Schema changes

http://technet.microsoft.com/en-us/library/bb687810.aspx
Structured Active Directory Schema Management at Microsoft

Good info in their, they certainly have very good processes.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question