Active Directory Schema

Previous Topic Next Topic

Deactivating Schema Objects

You cannot deactivate schema objects that are part of the default schema that ships with Active Directory. You can only deactivate schema objects that have been added to the default schema.

You might want to delete schema classes or attributes that are not needed in your organization. However, deleting schema objects raises some serious issues. For instance, what would happen to any other schema objects that use the class or attribute that you have deleted? Because doing an enterprise-wide check and cleanup might prove very time-consuming and costly, Active Directory does not support the actual deletion of schema objects. Rather it provides a mechanism for deactivating schema objects, also referred to as making them defunct. When you deactivate a schema object, you make it unusable for most purposes, and you get most of the benefits of deletion.

A class or an attribute can be deactivated by setting the Boolean attribute isDefunct to TRUE on the schema object. At any point in time, there are a number of ways to identify the defunct schema objects in the system. Programmatically, the user can search for all schema objects that have the attribute isDefunct set to TRUE (or if a particular schema object has isDefunct set to TRUE, to check whether the object is defunct). You can also use the Search function of the Ldp tool to search the schema with a filter set to (isDefunct=TRUE). For more information about the Ldp tool, see "Active Directory Diagnostics, Troubleshooting, and Recovery" in this book.


note-icon

Note

There is currently no method in the user interface for viewing defunct schema objects. To do this, you can use only one of the methods described in the preceding paragraph.

As with additions or modifications of classes or attributes, there are some special validation checks performed when a class or an attribute is made defunct. This is to ensure the consistency of the schema. In particular, on an attempt to make a class defunct, Active Directory verifies that the class is not used in the subClassOf, auxiliaryClass, or possSuperiors list of any existing nondefunct class. Similarly, on an attempt to make an attribute defunct, Active Directory checks that the attribute is not used in the mustContain or mayContain of any existing nondefunct class.

A defunct schema object can be resurrected, that is, made nondefunct again, by either removing the isDefunct attribute from the object or by setting the value of the isDefunct attribute to FALSE. This can also be done easily by using the Active Directory Schema console. Because making a defunct schema object nondefunct is similar to adding a new schema object as far as subsequent schema updates go, Active Directory performs the same validation checks here as it does on the addition of a new schema object.

To reactivate a class or attribute by using the Active Directory Schema console

  1. Open the Active Directory Schema console.
  2. Double-click the Classes folder or Attributes folder to display the schema classes or attributes.
  3. Right-click the class or attribute that you want, and then click Properties.
  4. Click the Deactivate this class (attribute) check box to clear it, and then click OK.

To reactivate a class or attribute by using the ADSI Edit console

  1. Open ADSI Edit.
  2. Right-click ADSI Edit, and then click Connect to.

    The Connection dialog box is displayed, as shown in Figure 4.3.

    3. Figure 4.3 Connection Dialog Box
    Enlarge figure

    Figure 4.3 Connection Dialog Box

  3. In the Connection Point box, make sure that Naming Context is selected.
  4. In the Naming Context box, select Schema, and then click OK.
  5. In the console tree, double-click My Connection.

    The Schema folder is displayed.

  6. Double-click the Schema folder to display a list of attributes and classes in the navigation pane. This might take a few moments.
  7. Right-click the class or attribute that you want, and then click Properties.
  8. In the Select which properties to view box, select Optional, and then select isDefunct in the Select a property to view box.
  9. In the Test Attribute Properties dialog box (shown in Figure 4.4), type:

    FALSE

  10. Click Set, and then click OK.
    11. Figure 4.4 Test Attribute Properties Dialog Box
    Enlarge figure

    Figure 4.4 Test Attribute Properties Dialog Box

A schema object can be reactivated at any time. The only restriction imposed is that in any such modification, the isDefunct attribute is the only attribute present in the modify call. This is done to achieve clean semantics.

The only modification that is allowed on a defunct class or attribute is to modify the isDefunct attribute on it to make the class or attribute active again if this is necessary. No other modifications are allowed on a defunct class or attribute. The assumption is that because the object has been deactivated, it is not going to be used for any new modifications; so there is no need to modify it.

© 1985-2000 Microsoft Corporation. All rights reserved.