Making changes to the schema is one-way, that's why there are so many
levels of protection to prevent users from accessing the schema. Once a
change is made you cannot undo it. To get rid of that attribute, you have
the following not-so-pretty options:
1. Rebuild the forest.
2. Perform a System State restore of every DC in the forest to a time
prior to this change occurring. The schema is copied to every DC in the
forest and you cannot authoritatively restore the schema. If you leave
even one DC in the forest in place that has this schema change, it will
replicate its schema information to all the remaining DCs and you'll
continue to have the schema problem you encountered. The following kb
article documents that you cannot authoritatively restore the schema:
241594 HOW TO: Perform an Authoritative Restore to a Domain Controller in
http://support.microsoft.com/?id=241594
David Pharr, (e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Paul" <
[email protected]>
| Sender: "Paul" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
<
[email protected]>
| Subject: Re: Editing the schema
| Date: Wed, 19 Nov 2003 17:00:22 -0800
| Lines: 106
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcOvAazgG8PG5fIhSzOFhzHX+JjVVg==
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:56487
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hmm... didn't realise you already tried ADSI Edit. Sorry.
|
| Some bad news from
|
http://www.microsoft.com/technet/prodtechnol/windows2000ser
| v/reskit/distsys/part1/dsgch04.asp
|
| Modifying an Attribute
| To modify an attribute, modify the existing attribute-
| definition object that represents the class. For reasons
| of consistency and security, some attributes of each
| attribute-definition object are designated as system-only.
| You cannot modify system-only attributes of an attribute
| object, not even for new classes that you originally
| created. System-only attributes are designated by having
| the systemOnly attribute of the attribute set to TRUE.
|
| The following attributes of an attribute-definition object
| are systemOnly and, thus, cannot be modified:
|
| attributeID
| schemaIDGUID
| attributeSyntax
| oMSyntax
| isSingleValued
| extendedCharsAllowed
| systemOnly
| objectClass
| instanceType
|
| I was able to replicate the error you saw... this may just
| not be possible to change.
|
| Sorry I don't have better news,
|
| Paul
|
| >-----Original Message-----
| >I have tried both ADSI edit and ldifde already and they
| both say the
| >attribute is owned by the system and cannot be modified.
| Any other
| >suggestions?
| >
| >Thanks.
| >
| message
| >| >> You may want to try using adsiedit.msc (part of the
| >> Support Tools). Once in ADSI Edit, you can open the
| >> Schema partition, navigate to the attribute in question,
| >> and change the IsSingleValued attribute of your
| >> attribute's definition from TRUE to FALSE. You would
| need
| >> to allow editing of the schema on the DC in question.
| Not
| >> sure if this is officially supported by Microsoft but
| the
| >> interface seems to allow it.
| >>
| >> Use extreme caution with adsiedit as it is a low level
| >> editor that could do a lot of damage if misused. Also,
| >> try this in a lab first and make sure you have a backout
| >> plan before you try it in production.
| >>
| >> If you are more comfortable with ldifde, you might be
| able
| >> to change the IsSingleValued attriubute of your
| >> attribute's definition with an ldif script. Again, use
| >> extreme caution, try in a lab first, and make sure you
| >> have a backout plan.
| >>
| >> I can't offer any warranty or guarantee on this
| >> suggestion. Sorry.
| >>
| >>
| >>
| >> >-----Original Message-----
| >> >I have a custom schema extension that managed to find
| its
| >> way into a
| >> >production schema before we determined there was an
| issue
| >> with it. It is
| >> >flagged as a single valued attribute and it should be a
| >> multi valued
| >> >attribute. I have tried to use ldifde to delete the
| >> isSingleValued
| >> >attribute from the schema definition but, I get an
| error
| >> that says that
| >> >attribute is owned by the system and can't be modified.
| >> >
| >> >Is there a way to change this to a mutli valued
| attribute?
| >> >
| >> >Thanks.
| >> >Tony
| >> >
| >> >
| >> >.
| >> >
| >
| >
| >.
| >
|
