Finding out Schema changes

  • Thread starter Thread starter Colin Chaplin
  • Start date Start date
C

Colin Chaplin

Since I've just answered a question in this NG I feel I am able to ask one
or two now :-)

Is there any way I can find out what changes have been made to a schema ? I
know exchange and cisco unity have been isntalled (so there's two sets of
changes) but I'd like to know completely.

I had thought about exporting a virgin schema and comparing it against what
I've got, then picking it out from there... but I'm not sure how to do
that....?

Any ideas?
 
You could use LDIFDE to export a "clean" schema and a "used" one, then
compare the two. It seems like there might be an easier way, but I don't
know it off the top of my head. For ldifde, run the /? switch to see the
options, it's pretty straightforward.
 
Here are part of the steps we perform when doing a schema mod

1 Start up the ADSI Editor (This is a part of the Windows 2000 Admin Tools)
2. Connect to the test DC
.. Naming Context = Schema
.. Computer = The test DC
3. Select the Schema folder to get the attributes to display in the right
window
4. Right Click on the Schema folder and select export
5. Close and save this as c:\before.csv, it will be used later to compare
after the Schema has been updated
6. To Enable Schema Updates by Means of the Schema Management Console
.. At a command prompt, typeregsvr32 schmmgmt.dll
NOTE: RegSvr32 has been successfully registered when a DllRegisterServer in
schmmgmt.dll succeeded dialog box is displayed.
.. Open a new management console by clicking Start, click Run, and then type
MMC
.. On the Console menu, click Add/Remove Snap-in
.. Click Add to open the Add Standalone Snap-in dialog box
.. Click Active Directory Schema, and then click Add
.. "Active Directory Schema" is displayed in the Add/Remove snap-in. Click
Close, and then click OK to return to the console
.. Click Active Directory Schema so that the Classes and Attributes sections
are displayed on the right-hand side.
.. Right-click Active Directory Schema and click Operations Master
.. Click to select the Schema may be modified on this Domain Controller check
box. Click OK, and then exit the console
.. The schema may now be updated on the domain controller that holds the
schema operations master role
7. Install the schema extending software
8. Go back to the MMC console under Active Directory Schema and disallow
schema updates on this domain server
.. By default this should never be left to update the schema without manually
going in and selecting this check box
9. Use the new software and test as needed
.. Check any and all options and verify that this software will provide
desired results


Now that the software has been tested and there haven't been any problems,
tests need to be run to validate that the AD has not been corrupted or
damaged in any way that would disrupt the day to day operations of the
network. An after snapshot of the schema will be taken and used to display
the differences to the AD. This information will then need to be cataloged,
dated and saved. Finally AD communications and updating will be tested.


10. Start up the ADSI Editor (This is a part of the Windows 2000 Admin
Tools)
.. Start - Programs - Windows 2000 Support Tools - Tools -ADSI Edit
11. Connect to the test DC
.. Naming Context = Schema
.. Computer = The test DC
12. Select the Schema folder to get the attributes to display in the right
window
13. Right Click on the Schema folder and select export and save as
c:\after.csv
14. Start up WINDIFF
.. Start - Programs - Windows 2000 Support Tools - Tools - WINDIFF
15. Compare c:\before.csv to c:\after.csv
.. Note the differences by doing a file comparison, the lines highlighted in
yellow are the modifications to the schema
.. These two csv files should be saved

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Is there any way I can find out what changes have been made to a schema ?
I
Click to expand...

hi!

just finished this VBS. Looks more complex than it is. starting an ldifde to
temp and makes a dump of the schema partition and compares to a proofed one.
problem is that the first object is holding replication information and so
will always differ. thats where the script comes in, skipping the first
object (while checking that the schema master did not change...).

have fun. ciao, ralf


fsmo=" CN=NTDS Settings,CN=UNI-DC-02,CN=Servers,CN=uni-top"

Set oFS=CreateObject("Scripting.Filesystemobject")
Set WshShell = CreateObject("WScript.Shell")

sCommand="cmd.exe /C ldifde -f c:\temp\schema_now.ldf -d " & Chr(34) &_
"cn=schema,cn=configuration,dc=contoso,dc=msft" & Chr(34)

Set oExec = WshShell.Exec(sCommand)
Do While oExec.Status = 0
wscript.sleep 100
loop

Set oFileTemp = oFs.opentextfile("c:\temp\schema_now.ldf")
Set oFileRef = oFS.opentextfile("c:\temp\schema_ref.ldf")

oFileTemp.readline

Do until oFileTemp.atEndOfStream
nextline = oFileTemp.ReadLine
If passed Then
refline=oFileRef.readline
If nextline <> refline Then
differ=true
End If
Else
If nextline = "fSMORoleOwner: " Then
nextline=oFileTemp.ReadLine
If Left(nextline,Len(fsmo)) <> fsmo Then
fsmomoved=true
fsmomovedto=nextline
Else
fsmomoved=false
End If
ElseIf nextline = "" Then
passed=true
End If
End If
loop

If differ Then
result="Schema modified! "
End If

If fsmomoved Then
result=result & "FSMO role MOVED to " & fsmomovedto
End If
 
Back
Top