Posted on September 8, 2009 by gpedersen

NSD1009 Extending Active Directory 2000,2003, 2008 and ADAM schema

Fact

NordicEdge Identity Manager, Microsoft Active Directory, Microsoft ADAM 


Situation

To be able to save NordicEdge Identity Manager tabs, policies, predifined searches and themes in your Active Directory or ADAM database instead of just saving to file system you need to extend the database schema. 

Saving to the database instead of the filesystem makes it possible to manage Identity Manager from any workstation.

 

Solution

You will find the schema files for AD and ADAM in NordicEdgeIDMgrSchemafilesActive Directory 

Note, the schema changes must take place at the Schema Master machine.

An account with rights to modify the schema must be logged in.

1. Open the "NE-Schema-AD2003-ADAM.ldif" or "NE-Schema-AD2000-2003MixedMode.ldif" in a text editor

2. Change ALL occurences of "<CHANGE_THIS_BEFORE_IMPORT>" to the DC of the current Active Direcory/ADAM

   This can be looked up with ADSIEdit or by Identity Manager by selecting "Well-Known naming context": Schema

   or in Identity Manager in the Login/Show Advanced/Naming Context.

   Copy the text after the line "CN=Schema,CN=Configuration," 

   

   Example:

    If your DC was named DC=nordicedge,DC=local

   CN=Schema,CN=Configuration,DC=nordicedge,DC=local

   Copy: DC=nordicedge,DC=local. Replace all "<CHANGE_THIS_BEFORE_IMPORT>" in the "NE-ADSchema.ldif" file with

   "DC=nordicedge,DC=local"

    

    Save the file.

3. For Active Directory 2000 a registry parameter needs to be set to allow schema modifications

    To enable a schema administrator to write to the schema, use Regedt32 to navigate to:

    HKEY LOCAL MACHINESystemCurrent Control SetServicesNTDSParameters

    On the Edit menu, Add Value name: "Schema Update Allowed" (without quotes), as a REG_DWORD data type. 

    Set the data value to 1. 

    It is not necessary to restart your server.

    NOTE: To disable the schema updates, set the Schema Update Allowed data value to 0.

4. *** For Active Directory 2003 Native Mode,  For Active Directory 2008 in 2003 or 2008 forrestmode and ADAM ***

   Run the ldifde tool with the parameters: -i -f NE-Schema-AD2003-ADAM.ldif

   Example: ldifde -i -f NE-Schema-AD2003-ADAM.ldif

   With ADAM a serveradress and portnumber may be required:

   Example: ldifde -i -s localhost -t 389 -f NE-Schema-AD2003-ADAM.ldif

   *** For Active Directory 2000, 2003  and 2008 in Mixed Mode or Windows 2000 mode ***

   Run the ldifde tool with the parameters: -i -f NE-Schema-AD2000-2003MixedMode.ldif

   Example: ldifde -i -f NE-Schema-AD2000-2003MixedMode.ldif

   NOTE: AD-2000 and 2003 Mixed Mode, make sure the Policy: (System/LDAP) "AUTO_ADD_POLICY_AUXILIARY_CLASS" is 

   set to false for all Admin users

 


Disclaimer

The origin of this information may be internal or external to Nordic Edge™. Nordic Edge™ makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Nordic Edge™ makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

Nordic Edge Support – www.nordicedge.se

Download article as PDF

Comments are closed.