It’s been a while since I had much to do with the techie side of looking after an AD, but a few bits of work we have on at the moment have had me thinking about AD and Schema updates in particular.
It was quite a coincidence then that Jane Lewis over at MS posted up some good info on MSIT’s process for evaluating and implementing extensions to MS’s own AD Schema.
Whilst I’ve pasted some of the process below, its well worth heading over to Janes blog as she has some really good info over there.
I’ve added a few bit and pieces to the the high level process she describes below:
- Validate the justification for the Update – it is after all a one time procedure affecting the entire Forest.
- Fully define the type of change (Update, Modification, Depreciation)
- If the proposed change is a customized update from a third party, make sure that they provide a valid set of .LDIF files to analyze and that they have complete documentation
- Check whether base schema already has attributes or objects in it. They may be affected by a change.
- Evaluate the risk of making the change
- Make sure that a Schema update is this the only way to effect your change
- Make sure you have a complete explanation of the update written and approved
- Define the list of roles and responsibilities for the Schema Update and make sure everyone knows what they are needed to do
- Stage the implementation of any Schema Change, test any change out in a non-production forest and thoroughly test it before implementing in a production environment.
Jane also provides a link to some docs and webcasts at MS that might be useful if you’re thinking about schema changes to your AD.