The Active Directory schema is the set of definitions that defines the kinds of objects, and the types of information about those objects, that can be stored in Active Directory. The definitions are themselves stored as objects so that Active Directory can manage the schema objects with the same object management operations used for managing the rest of the objects in the directory.
There are two types of definitions in the schema: attributes and classes. Attributes and classes are also referred to as schema objects or metadata
Attributes are defined separately from classes. Each attribute is defined only once and can be used in multiple classes. For example, the Description attribute is used in many classes, but is defined once in the schema, assuring consistency.
Classes, also referred to as object classes, describe the possible directory objects that can be created. Each class is a collection of attributes. When you create an object, the attributes store the information that describes the object. The User class, for example, is composed of many attributes, including Network Address, Home Directory, and so on. Every object in Active Directory is an instance of an object class.
A set of basic classes and attributes are supplied with Windows 2000 Server. Experienced developers and network administrators can dynamically extend the schema by defining new classes and new attributes for existing classes. Active Directory does not support deletion of schema objects; however, objects can be marked as deactivated, providing many of the benefits of deletion. Extending the schema is an advanced operation with the potential for adverse consequences. Before extending the schema in any way, see Checklist: Before extending the schema
The structure and content of the schema is controlled by the domain controller that holds the schema operations master role. A copy of the schema is replicated to all domain controllers in the forest. The use of this common schema ensures data integrity and consistency throughout the forest. For more information about the schema master, see Single master operations
The recommended way to extend the Active Directory schema is programmatically, through the Active Directory Service Interfaces (ADSI) described in the Windows 2000 Software Developer's Kit. For detailed information about extending the schema programmatically, see The Active Directory Programmer's Guide at the Microsoft Web site and The Internet Engineering Task Force Web site. Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.
For development and testing purposes, you can also view and modify the Active Directory schema with the Active Directory Schema snap-in, included with the Windows 2000 Administration Tools on the Windows 2000 Server compact disc. For more information, see Managing servers remotely