Solved

Extend Active Directory Schema

Posted on 2011-02-25
8
1,411 Views
Last Modified: 2013-11-21
I am trying to extend my AD schema using ldifde. My domain name is josimars.com. I made a copy of the ConfigMgr_AD_Schema.ldf file on my c:\drive and ran the command
ldifde –i –f ConfigMgr_ad_schema.ldf –v –j  c:\Logs.
The c:\logs file iis the folder I created for the log file. after disconnectiing the AD Schema sever from the network  I removed all instances of DC=X in the file and replaced
 it DC=josimars,DC=COM however I am legging the error message. A referral was returned from the server..

Here is the contents of the log file as an attachment Ldifde-error.txt
0
Comment
Question by:Josimars
8 Comments
 

Author Comment

by:Josimars
ID: 34987441
Ok
0
 
LVL 8

Assisted Solution

by:Toxacon
Toxacon earned 500 total points
ID: 34988303
It means that the replacement string is wrong. Take a look at the log row

Entry DN: CN=mS-SMS-Capabilities,CN=Schema,CN=Configuration,DC=josimars

Open in new window


it's missing the ,DC=com.

And, as I'm also expert on SMS/SCCM, I have to wonder why aren't you using the extadsch.exe to extend the Schema for SCCM?
0
 

Author Comment

by:Josimars
ID: 34988820
IThats weird I reran the ldifde command and made the changes and  it is  still failing.  CONFIGMGR-AD-SCHEMA.txt ldif.log. By the way  I forgot to tell you that I started with the ExtADSch.exe and that failed also. I am wondering if its because I have a  domain controller running windows 2003. My Schema master DC run Windows 2008  Standard. Is that the problem ?? ldif.txt. I  shut down the Windows 2008 server when I  am trying to extend the Schema. However I leave the Windows 2003 server. I also made sure I am using my Enterprise admin account and also ensured that it is a member of schema admins group
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:Josimars
ID: 34989841
You know what I reattached the Schema master back to the domain and it worked. Interesting
0
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34990367
Ummm, well, the Schema Master Role is responsible for the Schema so it must be available when making schema-related operations. It's the only machine available in the domain to listen to your Schema extension request. If it is down during the extension attempt, there is nothing listening your request and it will fail.
0
 

Expert Comment

by:IdontKnow
ID: 35086915
The schema master should be online and you need to run the ExtADSch.exe on the schema master and you need to be a member of the Domain admin group and Schema admins group. When the program is done, check the logs and everything should be fine.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37433038
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Viewers will learn the different options available in the Backstage view in Excel 2013.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now