Finding out Schema changes

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Since I've just answered a question in this NG I feel I am able to ask one
or two now :-)

Is there any way I can find out what changes have been made to a schema ? I
know exchange and cisco unity have been isntalled (so there's two sets of
changes) but I'd like to know completely.

I had thought about exporting a virgin schema and comparing it against what
I've got, then picking it out from there... but I'm not sure how to do
that....?

Any ideas?
3 answers Last reply
More about finding schema changes
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    You could use LDIFDE to export a "clean" schema and a "used" one, then
    compare the two. It seems like there might be an easier way, but I don't
    know it off the top of my head. For ldifde, run the /? switch to see the
    options, it's pretty straightforward.

    --
    Mike Shepperd
    MCSE NT4, 2000, 2003
    NewFuture Consulting
    Seattle, Washington


    "Colin Chaplin" <Colin@chaplin.me.uk> wrote in message
    news:dcarhv$6lm$1$8302bc10@news.demon.co.uk...
    > Since I've just answered a question in this NG I feel I am able to ask one
    > or two now :-)
    >
    > Is there any way I can find out what changes have been made to a schema ?
    > I know exchange and cisco unity have been isntalled (so there's two sets
    > of changes) but I'd like to know completely.
    >
    > I had thought about exporting a virgin schema and comparing it against
    > what I've got, then picking it out from there... but I'm not sure how to
    > do that....?
    >
    > Any ideas?
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Here are part of the steps we perform when doing a schema mod

    1 Start up the ADSI Editor (This is a part of the Windows 2000 Admin Tools)
    2. Connect to the test DC
    .. Naming Context = Schema
    .. Computer = The test DC
    3. Select the Schema folder to get the attributes to display in the right
    window
    4. Right Click on the Schema folder and select export
    5. Close and save this as c:\before.csv, it will be used later to compare
    after the Schema has been updated
    6. To Enable Schema Updates by Means of the Schema Management Console
    .. At a command prompt, typeregsvr32 schmmgmt.dll
    NOTE: RegSvr32 has been successfully registered when a DllRegisterServer in
    schmmgmt.dll succeeded dialog box is displayed.
    .. Open a new management console by clicking Start, click Run, and then type
    MMC
    .. On the Console menu, click Add/Remove Snap-in
    .. Click Add to open the Add Standalone Snap-in dialog box
    .. Click Active Directory Schema, and then click Add
    .. "Active Directory Schema" is displayed in the Add/Remove snap-in. Click
    Close, and then click OK to return to the console
    .. Click Active Directory Schema so that the Classes and Attributes sections
    are displayed on the right-hand side.
    .. Right-click Active Directory Schema and click Operations Master
    .. Click to select the Schema may be modified on this Domain Controller check
    box. Click OK, and then exit the console
    .. The schema may now be updated on the domain controller that holds the
    schema operations master role
    7. Install the schema extending software
    8. Go back to the MMC console under Active Directory Schema and disallow
    schema updates on this domain server
    .. By default this should never be left to update the schema without manually
    going in and selecting this check box
    9. Use the new software and test as needed
    .. Check any and all options and verify that this software will provide
    desired results


    Now that the software has been tested and there haven't been any problems,
    tests need to be run to validate that the AD has not been corrupted or
    damaged in any way that would disrupt the day to day operations of the
    network. An after snapshot of the schema will be taken and used to display
    the differences to the AD. This information will then need to be cataloged,
    dated and saved. Finally AD communications and updating will be tested.


    10. Start up the ADSI Editor (This is a part of the Windows 2000 Admin
    Tools)
    .. Start - Programs - Windows 2000 Support Tools - Tools -ADSI Edit
    11. Connect to the test DC
    .. Naming Context = Schema
    .. Computer = The test DC
    12. Select the Schema folder to get the attributes to display in the right
    window
    13. Right Click on the Schema folder and select export and save as
    c:\after.csv
    14. Start up WINDIFF
    .. Start - Programs - Windows 2000 Support Tools - Tools - WINDIFF
    15. Compare c:\before.csv to c:\after.csv
    .. Note the differences by doing a file comparison, the lines highlighted in
    yellow are the modifications to the schema
    .. These two csv files should be saved

    --


    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "Colin Chaplin" <Colin@chaplin.me.uk> wrote in message
    news:dcarhv$6lm$1$8302bc10@news.demon.co.uk...
    > Since I've just answered a question in this NG I feel I am able to ask one
    > or two now :-)
    >
    > Is there any way I can find out what changes have been made to a schema ?
    > I know exchange and cisco unity have been isntalled (so there's two sets
    > of changes) but I'd like to know completely.
    >
    > I had thought about exporting a virgin schema and comparing it against
    > what I've got, then picking it out from there... but I'm not sure how to
    > do that....?
    >
    > Any ideas?
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > Is there any way I can find out what changes have been made to a schema ?
    > I

    hi!

    just finished this VBS. Looks more complex than it is. starting an ldifde to
    temp and makes a dump of the schema partition and compares to a proofed one.
    problem is that the first object is holding replication information and so
    will always differ. thats where the script comes in, skipping the first
    object (while checking that the schema master did not change...).

    have fun. ciao, ralf


    fsmo=" CN=NTDS Settings,CN=UNI-DC-02,CN=Servers,CN=uni-top"

    Set oFS=CreateObject("Scripting.Filesystemobject")
    Set WshShell = CreateObject("WScript.Shell")

    sCommand="cmd.exe /C ldifde -f c:\temp\schema_now.ldf -d " & Chr(34) &_
    "cn=schema,cn=configuration,dc=contoso,dc=msft" & Chr(34)

    Set oExec = WshShell.Exec(sCommand)
    Do While oExec.Status = 0
    wscript.sleep 100
    loop

    Set oFileTemp = oFs.opentextfile("c:\temp\schema_now.ldf")
    Set oFileRef = oFS.opentextfile("c:\temp\schema_ref.ldf")

    oFileTemp.readline

    Do until oFileTemp.atEndOfStream
    nextline = oFileTemp.ReadLine
    If passed Then
    refline=oFileRef.readline
    If nextline <> refline Then
    differ=true
    End If
    Else
    If nextline = "fSMORoleOwner: " Then
    nextline=oFileTemp.ReadLine
    If Left(nextline,Len(fsmo)) <> fsmo Then
    fsmomoved=true
    fsmomovedto=nextline
    Else
    fsmomoved=false
    End If
    ElseIf nextline = "" Then
    passed=true
    End If
    End If
    loop

    If differ Then
    result="Schema modified! "
    End If

    If fsmomoved Then
    result=result & "FSMO role MOVED to " & fsmomovedto
    End If
Ask a new question

Read More

Microsoft Active Directory Windows