Guidelines for Binding to the Schema
There are two ways to bind to the Active Directory™ schema.
- Bind directly to the schema container or to a classSchema or attributeSchema object in the schema container. The classSchema or attributeSchema objects contain complete, formal definitions of every class and attribute that can exist in an Active Directory forest. See Reading attributeSchema and classSchema Objects.
- Bind to the abstract schema or to a class or attribute entry in the abstract schema. The abstract schema contains only a subset of the information about each class and attribute, but the information is in a format that's easy to retrieve and use. See The Abstract Schema and Reading the Abstract Schema.
If you want to modify or extend the schema, you must bind directly to the schema container. If you just want to read the class and attribute definitions, it's usually easier to read from the abstract schema.
Here's why it's easier to read from the abstract schema:
- ADSI provides special binding techniques and a set of interfaces that make it easy to read the abstract schema.
- The ADSI interfaces that work with the abstract schema return information in a format appropriate for use in other ADSI interfaces. For example, IADsClass and IADsProperty typically use lDAPDisplayName strings to report attribute and class names, even though this information is actually stored in the directory in the form of object identifiers (OIDs). The lDAPDisplayName format is convenient because other ADSI interfaces use it to refer to classes and attributes in search filters and elsewhere.
- The abstract schema entry for an object class contains information collected from multiple classSchema objects. For example, the possible parents, mandatory attributes, and optional attributes for an object class are the union of these attributes from the class's superclasses and auxiliary classes. If you read from the actual schema container, you need to collect the information from the various classSchema objects that the class was derived from. If you read from the abstract schema, the information is all in one place.
When should you bind directly to the schema container rather than using the abstract schema?
- To get specific properties that are not exposed in the abstract schema. For example, oMSyntax, attributeSyntax, defaultSecurityDescriptor, and other properties are not exposed in the abstract schema.
- To query for attributeSchema and classSchema objects. To search for classes or attributes that match a specified filter, bind to the schema container and perform a one-level search.
- To add or modify attributes or classes. The abstract schema is read-only; you cannot use it to modify or extend the schema. Note that modifications must be made at the domain controller that is the schema master (see Prerequisites for Installing a Schema Extension).