A server which masters entries and permits clients to modify these entries
MUST implement and provide access to these subschema entries,
so that
its clients may discover the attributes and object classes
which are
permitted to be present. It is strongly recommended that
all other
servers implement this as well.
Similar language is used for the root DSE, and it is anonymously readable in ActiveDirectory.
Rob
Rob Weltman wrote:
I was looking at the schema published in ActiveDirectory (Windows 2000 Beta 3) and was a little puzzled. It looks like the objectclass "top" has been considerably extended:top
OID
2.5.6.0
Required
objectClass
instanceType
nTSecurityDescriptor
objectCategory
Optional
cn
description
distinguishedName
whenCreated
whenChanged
subRefs
displayName
uSNCreated
isDeleted
dSASignature
objectVersion
repsTo
repsFrom
memberOf
uSNChanged
uSNLastObjRem
showInAdvancedViewOnly
adminDisplayName
proxyAddresses
adminDescription
extensionName
uSNDSALastObjRemoved
displayNamePrintable
directReports
wWWHomePage
USNIntersite
name
objectGUID
replPropertyMetaData
replUpToDateVector
flags
revision
wbemPath
fSMORoleOwner
systemFlags
siteObjectBL
serverReferenceBL
nonSecurityMemberBL
queryPolicyBL
wellKnownObjects
isPrivilegeHolder
partialAttributeSet
managedObjects
partialAttributeDeletionList
url
lastKnownParent
bridgeheadServerListBL
netbootSCPBL
isCriticalSystemObject
frsComputerReferenceBL
fRSMemberReferenceBL
uSNSource
fromEntry
allowedChildClasses
allowedChildClassesEffective
allowedAttributes
allowedAttributesEffective
possibleInferiors
canonicalName
proxiedObjectName
sDRightsEffective
dSCorePropagationData
otherWellKnownObjects
mS-DS-ConsistencyGuid
mS-DS-ConsistencyChildCount
createTimeStamp
modifyTimeStamp
subSchemaSubEntrySome of the new attributes are operational. But is it really okay to redefine "top"?
There is also a minor bug in that there is a missing space after the left parenthesis for the MAY and MUST lists:
objectClasses: ( 1.2.840.113556.1.5.74 NAME 'categoryRegistration' SUP leaf S
TRUCTURAL MAY (localeID $ categoryId $ managedBy $ localizedDescription ) )
Rob