Active Directory Schema |
The rootDSE also carries a mandatory attribute called the subSchemaSubEntry. Its value is the distinguished name of a subSchema object in the directory in which the server makes available the attributes (in attributeTypes) and classes (in objectClasses) of which the Active Directory schema is comprised. This special object, an instance of the unique subSchema class, is used for administering information about the schema, in particular the object classes and attribute types that are supported. This enables client applications to retrieve the information by querying the subSchema entry. Clients must only retrieve attributes from a subSchema entry by requesting a base object search of the entry, where the LDAP search filter is "(objectClass=subSchema)." The location of the subSchemaSubEntry container is as follows:
CN=Aggregate,CN=Schema,CN=Configuration,DC=<DomainName>,DC=<DomainRoot>