Error extending Active Directory schema

  • Document ID:7013176
  • Creation Date:28-Aug-2013
  • Modified Date:28-Aug-2013
    • Micro Focus Products:
      Access Manager (NAM)
      SecureLogin

Environment

NetIQ Advanced Authentication 4.8

Situation

Error occurs while extending AD schema, or returns “Unsuccessfulâ€.

Resolution

Please check the following:

  1. For Windows Server 2003 before extending schema domain functional level should be raised to Windows Server 2003.
  2. Before extending schema please ensure that you have Remote Server Administration Tools installed on the server. Otherwise you may have a problem with ldifde.exe
  3. Ensure that you are running the schema updates on the Schema Master and that the logged in user is a member of the Schema Admins Group.

To identify the Schema Master

  1. Run the Active Directory Schema MMC Snap-In. Please note you may need to add this snap-in manually if it does not appear in Administration Tools program folder.
  2. Right-Click on “Active Directory Schema†directly under Console Root.
  3. Select “Operations Master…â€from the menu
  4. The current Schema Master will be displayed in the window.
  5. Connect to the server identified, and re-run the schema extension tools.

If these steps are unsuccessful, you may need to extend the schema manually from a command line using the ldifde.exe command.

Example:

Open a command prompt in the Tools\Schema\AD folder located in the distributives.

ldifde -i -f ExtendSchema.ldf -s DomainController.Domain.Com -c DC=X DC=Domain,DC=Com -k -v

repeat command for ExtendSchema_2.ldf, ExtendSchema_3.ldf, ExtendSchema_4.ldf and RegisterMMC.ldf files using the same parameters above.

Additional Information

Formerly known as 0031.