Active Directory schema extensions

Hi
We are in a process of implementing SAP LDAP sync to manage users from MS Active Directory. SAP requires schema extension generated by RSLDAPSCHEMAEXT program to be applied to Active Directory so that report RSLDAPSYNC_USER can be identify SAP users in MS AD.
The MS AD team says that any non miscrosoft schema extensions are not supported as OIDs of the schema might conflict with other applications / patches.
Are the MS AD schema extensions generated by SAP program RSLDAPSCHEMAEXT supported / certified by Microsoft.
Harsh

Hi Harsh,
I would like to point you also to SAP Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
It especially states that:
..."The text document generated by RSLDAPSCHEMAEXT was supplied and validate as part of a certification process by the directory vendor."...
that means in this case by Microsoft.
If you decide not to use the schema extension that has been supplied by Microsoft you can use attributes that are already existing in your Active Directory as Juergen already pointed out.
As an example Microsoft Exchange Server creates several additional attributes such as extensionattribute1, ... , extensionattribute15 as part of the installation process. These attributes might be an option for you if you do not want to use the schema extension suggested by RSLDAPSCHEMAEXT.
Please have in mind that the filter attribute that you will use to determine the SAP username should be indexed since this will reduce the synchronization time.
Best Regards,
André

Similar Messages

Active Directory Schema Extension for Directory Synchronization - ADFS 3.0, Office 365

Hi Team,
We are in a situation with extending the schema for one customer so that these additional exchange attributes may be utilized. They have a single data center where the Primary Domain Controller resides and have multiple remote sites each of which have Additional
Domain Controllers installed.
As recommended by Microsoft, I am going to extend the Active Directory Schema with Exchange Setup so that I can leverage targetaddress attribute from Local AD to set primary email address when directory synchronization happens.
My Query: Do I have to extend the AD Schema with Exchange from each of these ADC's? Or the changes I make on any of them will replicate over the others also?
Note: The customer will be using ADFS 3.0 'Single Sign On' with Office 365 and does NOT have any On-Premise Exchange deployment.

My Query: Do I have to extend the AD Schema with Exchange from each of these
ADC's? Or the changes I make on any of them will replicate over the others also?
Schema extension is done against the Schema Master. Once done, it gets replicated to other DCs with the AD forest.
For more details about Schema Extension by Exchange, you can refer to that: http://www.resdevops.com/2013/02/13/extend-ad-schema-to-allow-greater-office-365-management/
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Sccm 2012 extent the active directory schema error

Hello
I am experiecing an issue when attempting to extend my AD Schema for SCCM 2012
<12-10-2014 20:04:33> Modifying Active Directory Schema - with SMS extensions.
<12-10-2014 20:04:33> DS Root:CN=Schema,CN=Configuration,DC=,DC=com
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Site-Code. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Assignment-Site-Code. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Site-Boundaries. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Roaming-Boundaries. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Default-MP. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Device-Management-Point. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-MP-Name. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-MP-Address. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Health-State. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Source-Forest. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Ranged-IP-Low. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Ranged-IP-High. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Version. Error code = 8224.
<12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Capabilities. Error code = 8224.
<12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.
<12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.
<12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Site. Error code = 8202.
<12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.
<12-10-2014 20:04:33> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".
any one help me to fix this issue

Hi,
It is most likley due to a replication Issue in your AD, check the previous thread on the topic:https://social.technet.microsoft.com/Forums/systemcenter/en-US/1d377109-4fa9-4608-8a3a-cefd436e82ee/error-8224-when-extending-active-directory-schema
Make sure that all replication issues are solved and try again.
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

Error when extending Active Directory schema

Hi there,
I am trying to extend my active directory schema in order to store my managed preferences in AD.
I am following this white paper : http://images.apple.com/business/solutions/it/docs/Modifyingthe_Active_DirectorySchema.pdf
When I try to apply the changes on my test domain controller (running W2k3 R2 SP2), I get the following error :
Entry DN: cn=apple-mount,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Add error on line 674: No Such Attribute
The server side error is "The parameter is incorrect."
An error has occurred in the program
The corresponding section in the ldf file is :
# Class: mount
dn: cn=apple-mount,cn=Schema,cn=Configuration,dc=X
changetype: ntdsschemaadd
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.8
ldapDisplayName: mount
objectClassCategory: 1
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-mountDirectory
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.1
# mayContain: apple-mountDumpFrequency
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.4
# mayContain: apple-mountOption
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.3
# mayContain: apple-mountPassNo
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.5
# mayContain: apple-mountType
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.2
possSuperiors: 2.5.6.5
possSuperiors: container
The attributes specified in "mayContain" appears to be correctly created (see log below)
31: cn=apple-mountDirectory,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry DN: cn=apple-mountDirectory,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry modified successfully.
32: cn=apple-mountDumpFrequency,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry DN: cn=apple-mountDumpFrequency,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry modified successfully.
33: cn=apple-mountOption,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry DN: cn=apple-mountOption,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry modified successfully.
34: cn=apple-mountPassNo,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry DN: cn=apple-mountPassNo,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry modified successfully.
35: cn=apple-mountType,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry DN: cn=apple-mountType,cn=Schema,cn=Configuration,DC=TOTO,DC=CHIPS
Entry modified successfully.
Does anyone encountered the same issue ? Any idea ?
Thanks in advance,
Florent

Which is line #674? Looking over your listing, the only thing that stands out to me is that I think possSuperiors takes object class names, not IDs (i.e. "possSuperiors: 2.5.6.5" should be "possSuperiors: organizationalUnit"). Also, if you copy and paste sections from the PDF, you're likely to get leading and trailing spaces on the pasted lines, which all need to be removed for it to function properly. The trailing spaces are especially nasty, since they're invisible in most text editors.

Questions about Extending Active Directory Schema

We have about 24 Macs at the moment in the environment and we are starting to look at Extending the Active Directory Schema. I have been doing a lot of reading over the past few weeks and I think that I am more confused the more I research it. The Windows Servers here are running Server 2008_R2. So here are my questions:
1. If we extend the schema does that mean that we do not need an OS X Server?
2. Is this really the easiest option to go with?
3. We are looking to be able to apply GPOs to the Macs through Active Directory so will this accomplish it?
4. Will this also allow Group Policy Preferences to map printers to the Macs automatically too?
5. Is this the least expensive option?
6. What is the best way to convince the Windows Administrators that this is how we should proceed?
Thanks
Pads

Hi
1. Yes. However OSX Server offers far more than MCX or Mac-Style GPOs. NetBoot, SUS, Wiki are some you should be looking at IMO.
2. Again IMO not really. It takes a lot of work and you really don't want to be doing this on a 'live' server. Set up a lab environment first, thoroughly test it and then go with it when you're happy. The other possible 'gotcha' is you will have no way of knowing if Microsoft decide to change/amend or extend their own proprietary schema in a Revision update sometime in the future. If that does happen then you may be looking at doing it all over again?
3. Yes, but you will still need WorkGroup Manager installed on a mac client. The documentation is clear about what to do once the Schema has been extended.
4. Not done this myself but I would think so.
5. Yes, but is it the 'best' option? Not in my opinion.
6. Offer them the 'easier' but more expensive alternatives (some of them very expensive) and see which way they jump.
HTH?
Tony

Active directory schema error

Dear all,
We have an issue regarding active directory user registry. Our application wants to retrieve the user registry from active directory,
So after we type the domain name, username and password for the domain admin, the apps add a schema in the AD, usually we directly can get the respons from the active directory server.
Below is the log from the configuration
< 3/17/2013 - 8:26:43 PM
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<
3/17/2013-8:27:03 PM: Configuring Access Manager Policy Server....
C:\PROGRA~2\Tivoli\POLICY~1\sbin\ivmgrd_setup.exe -y no -m "********" -
r 7135 -l 1460 -t 7200 -D no -f no
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
hostname
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
useEncryption
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
dnforpd
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
Multi-domain
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-id
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf uraf-registry
bind-pwd
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\activedir.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
OpenConfFile: "C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf"
getentry: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf pdrte user-reg-type
CloseConfFile: C:\PROGRA~2\Tivoli\POLICY~1\etc\pd.conf
C:\PROGRA~2\Tivoli\POLICY~1\sbin\mgrsslcfg.exe -config -f no -t 7200 -l
1460 -D no
Creating the SSL certificate. This might take several minutes.
The SSL configuration of the Tivoli Access Manager policy server
has completed successfully.
The policy server's signed SSL certificate is base-64 encoded and
saved in text file "C:\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64."
This file is required by the configuration program on each machine
in your secure domain.
C:\PROGRA~2\Tivoli\POLICY~1\sbin\bassslcfg.exe -config -f no -c "C:
\PROGRA~2\Tivoli\POLICY~1\keytab\pdcacert.b64" -p 7135 -h TAMEB1
The SSL configuration of Access Control Runtime has completed
successfully.
Tivoli Access Manager policy server domain name: Default
Tivoli Access Manager policy server host name: TAMEB1
Tivoli Access Manager policy server listening port: 7135
2013-03-17-20:27:13.770-07:00I----- 0x16B48064 PID#2848 ERROR rgy ad E:
\build\am611\src\uraf\ad\schema\adschema_update.cpp 550 0x00000ad0
HPDRG0100E The operation in the Active Directory registry for
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed with return
error 8000500d.
adschema_update: result 1, retcode -2147463155
HPDBG0938E Configuration failed.
3/17/2013-8:29:13 PM: HPDBG0938E Configuration failed.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
> 3/17/2013 - 8:29:15 PM
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>
Please your advice,
Thanks,
Best Regards,
Achmad

Hi you log states:
adschema_update.exe: ADSCHEMA_CHECK_SCHEMA_RIGHTS failed
with return
error 8000500d.
The error code is documented in
this kbTo go short i think the running user does not have the required privilegs to edit the AD schema. You need to be member of 'Schema Admins' in the forest root domain to edit the AD schema.
MCP/MCSA/MCTS/MCITP

Active directory Schema - Multiple password policies

Hi All,
I am new to AD and would need some suggestion to configure AD. I want to set up AD(2008 R2) for three categories of users: individual, dealers and organisations. Each dealer and each organisation will have further sub-categories based
on their location. I want to set up separate password policies for the above three categories using AD. I wanted to create them as separate OUs. So I would have multiple OUs for each dealer per location (e.g. individual, dealer1loc1, dealer1loc2,
dealer2loc3 and so on)
I know the concept of PSO(Password Settings Object) and that it can only be applied to OU using shadow groups and batch file (to copy users from OU to Shadow Groups). The issue is that the OUs would keep getting added as per requirement (would
be creating new OUs using C#) and then the management of PSO or shadow groups or batch file would be very complicated, not sure if it can be automated.
Also, I have budet constraints to add new servers for each domain and separate password policies.
What could be the possible solution to separate password policies and set up this user structure in Active Directory. I am using W2k8 R2.
Thanks.

Thanks Mahdi. In this case, the OUs would get created at run time, so the script needs to get updated at run time as well. I guess this will be not easy to automate.
Also, can you confirm if I can set up separate password policies by creating sub domain(e.g. example.com will be divided into sales.example.com and admin.example.com and this would further be divided as melourne.sales.example.com and sydney.sales.example.com)
and I can set separate password policies for sales.example.com and admin.example.com.
By adding child domains,it is like you are killing a mosquito with a rocket launcher, if you know what I mean. adding child domains increase the cost and administration and also adds complexity to your environment.
From technical perspective it is OK to have child domains, but if I were you I would not add that much complexity to my environment because of a script. I would spend enough time or get help form a skilled script writer to edit the script. Also I am saying
that editing your script to a fully automated script is not impossible, it just needs enough time and skills.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?

Add new attribute in active directory schema

Hi
I need to add two new attribute in Schema in my forest for the user class.
Attribute name is jobclasscode and jobclass.
How can I achieve it ? and where can I get X.500 OID.
we are running on below AD forest:
DFL and FFL : windows server 2003
DCs: AD 2008 R2.

Hi,
You can use LDIFDE command from to export the schema attributes to <filename>.ldf (can be edited using notepad) as given below,
ldifde -f c:\<filenmae>.ldf -d "cn=schema,cn=configuration,dc=<mydomain>,dc=<com>"
Checkout the below thread on similar discussion,
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6789d4c2-1027-4a64-9f04-eaf7996893c5/ldifde-command-to-export-everything
Regards,
Gopi
JiJi
Technologies

SCCM 2012 AD schema extension

Hi all,
we were in the process of installing SCCM 2012 R2 in our lab, we have extended the schema & schema extension creates classes & attributes we just wanted to know where we can find these Classes & attributes in AD. where we can see it being created
in AD.
We have seen the successful schema extension in the log files but we also wanted to get the details from AD side.
Please suggest.
Thanks,
Pranay.

This has all the details
But in summary:
Attributes and Classes Added by the Configuration Manager Schema Extensions
When you extend the Active Directory schema for ConfigMgr 2012, the following attributes and classes are added to Active Directory Domain Services:
Attributes:
cn=mS-SMS-Assignment-Site-Code
cn=mS-SMS-Capabilities
cn=MS-SMS-Default-MP
cn=mS-SMS-Device-Management-Point
cn=mS-SMS-Health-State
cn=MS-SMS-MP-Address
cn=MS-SMS-MP-Name
cn=MS-SMS-Ranged-IP-High
cn=MS-SMS-Ranged-IP-Low
cn=MS-SMS-Roaming-Boundaries
cn=MS-SMS-Site-Boundaries
cn=MS-SMS-Site-Code
cn=mS-SMS-Source-Forest
cn=mS-SMS-Version
Classes:
cn=MS-SMS-Management-Point
cn=MS-SMS-Roaming-Boundary-Range
cn=MS-SMS-Server-Locator-Point
cn=MS-SMS-Site
The Active Directory schema extensions might include attributes and classes that are carried forward from previous versions of the product but not used by ConfigMgr 2012. For example:
o Attribute: cn=MS-SMS-Site-Boundaries
o Class: cn=MS-SMS-Server-Locator-Point

How to add a new schema in active directory by jndi?

I can add new objectclass schema and new attribute into eDirectory from JNDI. But I failed doing the same to active directory. I search all topic in this forums and seems like there is no such answer. So for active directory, the only way to add new schema is by using MS MMC + AD schema snap-in?

You can update the schema via LDAP. Any tool that uses LDAP, such as Active Directory Services Interface (ADSI), Java/JNDI, LDAP Data Interchange Format (LDIF) can be used. You are not restricted to the Active Directory Schema Management snap-in.
I strongly recomend that you read the following article http://windowssdk.msdn.microsoft.com/en-us/library/ms677995.aspx as schema extensions are not to be undertaken lightly.
Also, if you are extending the schema, DO NOT use other organization's schema OID's. Imagine how directories would become inoperable because you defined hat size as an integer value with an OID of 1.2.3 and someone else defined Social Security Number as a string with an OID of 1.2.3 ! You can obtain your own OID branch from either Microsoft (http://msdn.microsoft.com/certification/ad-registration.asp) or from a standards organization such as ANSI.
I'm kind of hoping that seeing as though you have mentioned that you have extended the schema for e-Directory, that you understand LDAP schemas and that you have your own valid OID. Do not use my shoe size OID !
The following snippet illustrates how to extend the schema using JNDI.....
String attrName = "cn=ms-ShoeSize,cn=Schema,cn=Configuration,dc=antipodes,dc=com";
LdapContext ctx = new InitialLdapContext(env,null);
Attributes attr = new BasicAttributes(true);
attr.put("cn","ms-ShoeSize");
attr.put("objectClass","attributeSchema");
attr.put("ldapDisplayName","msShoeSize");
attr.put("isSingleValued","TRUE");
attr.put("attributeID","1.2.840.113556.1.4.7000.141");
attr.put("attributeSyntax","2.5.5.9");
Context newattr = ctx.createSubcontext(attrName,attr);Having created a new attribute, you could then either add it to an existing class, or create another abstract class, add it to the new abstract class, and add the the new abstract class as an auxilliary class to an existing structural class. For example create a new auxilliary class called "clothes Sizes", add the attribute "Shoe Size" as a mayContain attribute, and then add "Clothes Sizes" as an auxilliary class to inetOrgPerson.
Note that you need to wait for the schema cache to refresh, before adding attribute or class definitions to one another, and before instantianting new objects with the new classes & attribute definitions. You can either wait for teh schema cache to refresh itself, or you can force a refresh by writing the value of 1, to the attribute "schemaUpdateNow" on the RootDSE.
As I mentioned at the start of this response, I personally prefer to use LDIF, simply because it enables end-users/customers to review the schema extensions and understand their potential impact before applying them. A sample that accomplishes the above would look something like:dn: CN=ms-ShoeSize,CN=Schema,CN=Configuration,DC=Antipodes,dc=com
changetype: add
objectClass: attributeSchema
cn: ms-ShoeSize
ldapDisplayName: msShoeSize
attributeID: 1.2.840.113556.1.4.7000.141
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
dn: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=Antipodes,dc=com
changetype: modify
add: mayContain
mayContain: mSShoeSize
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-

Creation of a second Exchange 2013 server on a different site (with the roles of MBX and CAS) fails on prepare active directory and prepare schema.

Hello everyone
I have a network infrastructure consisting of 3 sites, site A, site B, and site C. i have 2 domain controllers on every site, and the AD roles are on the primary domain controller on site A. On site A I have an Exchange 2013sp1 CU6.
I want to create a second Exchange on Site B, with the roles of mailbox (the exchange on Site A will be first DAG member and the Exchange on Site B will be the second member of the DAG) and CAS.
First question: Is my thought correct about installaing on the same server mailbox and CAS server?
Second question: how many DAG witnesses I need for the DAG? One per site, or one in general (for example located on site A)
Third question: When I am trying to perform “Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” I receive the error
“ Setup encountered a problem while validating the state of Active Directory:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema can't be executed. See the Exchange setup log for more information on this error. For more information, visit:
http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
I tried to run the PrepareSchema from the ISO of Exchange 2013 SP1 and form the extracted content of Exchange 2013SP1 CU6 archive, but still receive the same error. Any ideas?
Thanks in advance.

Thank you for your answer,
I have tried to run "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” from
Exchange 2013 CU6 media, but I still receive the error:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema
can't be executed. See the Exchange setup log for more information on this error. For more information, visit:http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
any ideas?

Problem Creating Oracle Schema in Active Directory

Hi,
I am trying to integrate oracle 9i in an Microsoft Active directory domain
I tried to integrate the db in the domain using net configuration assistant on the Oracle Client but
I get always the same error after inserting the fully name of domain controller and confirm to create the oracle schema. The error I get is:
“The Assistant is unable to create or update
the schema for the following reason:
ConfigException: Could not create Oracle schema oracle.net.config.ConfigException
You must update the schema from a computer which directly supports
your type of directory."
Also I checked every requirement to install:
-Log on as an Administrative account in the domain
-Enable active directory schema changes
-ping the whole dns domain, the fqdn of my domain controller is dc.ecm.com, I can:
ping dc.ecm.oracle
At this point I don’t know anymore what I can do.
Please help me
Thank you in advance
Fahim Ghauri

Take a look at metalink Note:361192.1
Bug 3975572 - "...Netca 10g can successfully create a schema and context in W2k but does not in W2003. This reproduces on both the domain server and a client..."

SAP R/3 Enterprise 4.7 Sync with Active Directory on Win2k3 server

All,
I'm having a nightmare with this and I'm hoping someone can either confirm my problem or solve it for me.
We are running R/3 Enterprise 4.7 (Web AS 6.20) and would like to sync the users with Micsoroft Active Directory 2003.
We are exploring the option of using full Active Directory schema expansion for the SAP sync. i.e. so we have all SAP related fields in AD.
According to the SAP notes, I need the WEB AS 6.10 installation CD so that I can run R3SETUP to perform the Active Directory schema modifications.
I have tried to download this from the SWDC with no luck.
So I guess my questions are:
1, Do I really need the 6.10 install cd (it seems it's only the ADSINIT.R3S file).
2, If I do, where can I get it from?, do I need to order it through our SAP contract manager?
In the meantime, I have tried performing the manual schema extension using the RSLDAPSCHEMAEXT report, uploading this to the AD server and running "ldifde" command.
This has extended the schema (or so it says), but I can't see any SAP icon in the AD tree. Have I missed something?
Any help appreciated.
Thanks,
Darryl

Rainer,
Thanks for that.
I have been re-reading note 793191 and question 14 says exactly that.
I will checkout JXplorer.
I have found a couple of MS technet articles on how to add your own context menus to the snap-in but it seems like a lot of effort for no real gain.
Thanks again.
ps. awarded points

Open Directory, Active Directory, Both????

Good morning from Paris,
My company will migrate its Macintosh to Mac OSX 10.5 and I'm wondering what's best for Authentification and SSO.
I did investigate a bit and finally choosed to add an Open Directory among our existing Active Directory. In order to have pretty managed Macs, I also intend to use MCX, ARD and of course Netboot among Mac OSX Server OD to manage Workstations and deployments. We don't for now intend to use solutions like Centrify's direct control or Likewise solutions...
So here's my question. If we do use two discussing directories, is it required or simply usefull to extend the Active Directory schema? I have read several discussions about the extension and the Active Directory Domain we use is quite ready for it.

Hi There,
Have just read your post and wondered how you have decided to manage your Mac's.
I am looking at extending our active directory schema and manage our Mac's via mcx via the AD.
Im really looking for if anyone else has done this and how you got the schema extensions, i have read all about it, in getting an OD up and running looking at what extensions there is and editing the file e.t.c. but surely apple can provide this information?
Thanks for any advice?

Schema extension problem

Hi,
I have installed a new domain with NSM. The 'NSM Schema Utility' is showing:
Screenshot.png
But in the NSM Admin I have the message: "Schema Not Extended"
Can I verify with for ex. the mmc 'Active Directory Schema' if the all required extensions are done? Or is it only a problem with the NSMA which doesn't detect correctly the extension?
Best regards,
Christian

Christian,
What's the domain and forest functional level in this domain?
-- NFMS Support Team
On 3/7/2014 5:36 AM, goebelch wrote:
>
> Hi,
> I have installed a new domain with NSM. The 'NSM Schema Utility' is
> showing:
>
> 5042
>
> But in the NSM Admin I have the message: "Schema Not Extended"
>
> Can I verify with for ex. the mmc 'Active Directory Schema' if the all
> required extensions are done? Or is it only a problem with the NSMA
> which doesn't detect correctly the extension?
>
> Best regards,
>
> Christian
>
>
> +----------------------------------------------------------------------+
> |Filename: Screenshot.png |
> |Download: https://forums.novell.com/attachment...achmentid=5042 |
> +----------------------------------------------------------------------+
>

Active Directory schema extensions

Similar Messages

Maybe you are looking for