To update an extended AD LDS repository to support changes to Enterprise Server configuration objects

If you have previously extended an AD LDS repository to support Enterprise Server configuration objects, you will need to update the schema to include later changes. The steps involved are described below. If you have not previously extended the repository, simply follow the instructions in

  1. Create a delta LDIF file file containing the latest schema extensions by using the mfds -L command. For example, at the command line, enter:
    mfds -l DC=X 1 AD_MF_schema_delta.ldf 0 1

    This creates an LDIF file mfds_schema.ldf. The DC=X specifies distinguished name for the schema partition string assigned to each entry in the LDIF file. You could specify the actual destination here, but typically you will want to create a portable file. In this example, we use DC=X and replace it with the appropriate value when we import.

    The 1 following DC=X indicates that the generated file is to be in Active Directory/AD LDS format. The 0 following the file name indicates that a delta containing the most recent definitions should be generated. The 1 at the end of the command indicates that the delta is to include definitions since version 1 of the schema (version 1 was released with Net Express WS02).

  2. Use the LDIFDE command to import the generated LDF file into AD LDS. For example,
    ldifde -i -v -k -c "DC=X" CN=Schema,CN=Configuration,
    DC=customer_dom,DC=com -f mfds_deleta.ldf

    The -c option replaces the schema partition string specified when creating the LDIF file with the schema partition into which the objects are to be imported. In this example, the container is CN=Schema,CN=Configuration, DC=customer_dom,DC=com but it will vary depending on your particular circumstances. If using AD LDS, the schema partition root can be extracted using the schemaNamingContext RootDSE attribute value e.g.

    ldifde -i -f mfds-delta.ldf -s -k -v -j . -c "DC=X" #schemaNamingContext
Important: You must have sufficient rights to modify the LDAP schema and the schema must be writable.