A Microsoft Windows 2000 administrative tool that can be used to modify Active Directory.
Active Directory comes with a default schema that defines various common default object classes such as Users, Groups, Computers, and Domains—plus, it defines their attributes. Using Active Directory Schema, you can modify your organization’s schema by:
Members of the Schema Admins group, of which the default Administrator account is automatically a member, are the only users who can make changes to the schema. A typical use for Active Directory Schema is adding new attributes to an existing User object, for example a SeniorityLevel attribute.
Active Directory Schema is an advanced tool that should be used only by qualified administrators, as an inexperienced user could easily render your Active Directory inoperable. Before you can use this tool to modify the schema, you must add a registry setting to your machine and specify the one domain controller that can be used to modify the schema for your enterprise.
This prevents unauthorized access to the schema and inconsistencies that can occur when the schema is simultaneously modified in more than one place. You must also install the snap-in for this tool in a Microsoft Management Console (MMC) console before you can use it—it is not available from the Start menu’s list of Administrative Tools.
Another way of modifying Active Directory schema is to write a script that uses Active Directory Service Interfaces (ADSI) to make calls that modify the schema. This is the best solution if you want to modify the schema for an entire enterprise or if you want to automate modifications to the schema.