none
Question about LDIFDE and AD schema RRS feed

  • Question

  • I am working with LDIFDE and find that when adding groups, the schema expression (objectclass) is simply group (which is correct according to AD schema...Top-Group); though I do not know why it doesn't include objectclass Top (when adding a computer does). However, when adding users, it is STILL expressed as a single object class (user) and NOT according to schema (Top-Person-OrgazationalPerson-User). When adding computers, it seems to stick with schema (Top-Person-OrgazationalPerson-User-Computer). Please, help as I wish to understand the inconsistency. Thank you. 
    Friday, July 12, 2019 10:45 PM

All replies

  • Hi,
    I would apologize for the delayed reply.

    >>when adding groups, the schema expression (objectclass) is simply group (which is correct according to AD schema...Top-Group); though I do not know why it doesn't include objectclass Top (when adding a computer does). However, when adding users, it is STILL expressed as a single object class (user) and NOT according to schema (Top-Person-OrgazationalPerson-User).

    According to my understanding, the scenario may occur due to only one object class specified in *.ldf file.
    https://support.microsoft.com/en-us/help/555636



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 16, 2019 9:30 AM
  • Hi Daisy,

          It is ok for the delay. As to the response, I don't understand. I have read through your link and don't see the answer to my question. In each ldf file creation (regardless of objecttype...i.e. user, group, computer), ONLY computer uses multiple objectclass expressions; even though user should have the same number of objectclass expressions..minus 1 (computer). Why is this if only 1 computer or 1 user or 1 group is created? Why is it ONLY in creation of 1 computer that multiple objectclasses are expressed (following schema) and NOT the user or group (each ONLY having 1 objectclass expression; though, in truth, group should have 2...top-group and user should have more, as stated earlier)? Help, please?  

    Tuesday, July 16, 2019 4:20 PM

  • Hi,
    Please check the following screenshots, I mean this might because you only specify one objectclass attribute when create user, so only one objectclass listed when check via ADUC. We also can specify more objectclass attribute when we create user.













    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 19, 2019 10:30 AM
  • Hi Daisy,

               Thank you! I do have a continuing question, though. I do understand we can add or delete additional objectclasses in creating user, but why can't we do that in creating a computer? Why is user the only one we can do that with? (or why is it NOT needed in user, but NEEDED in computer creations?)

    ex. objectclass:user is fine for creating 1 user. why can't we say objectclass: computer for creating 1 computer? Why must it be the following:

    objectclass:top

    objectclass:Person

    objectclass:OrganizationalPerson

    objectclass:User

    objetclass:Computer

    For a user, you can do both...multiple object classes expressing scheme (as above, but minus computer) or a single objectclass of the following

    objectclass:user

    (which creates a user; no problems; BUT if you do that with adding a computer...problems; or why is it FORCED to do multiple objectclasses in adding a computer, but NOT in user creation?)


    Friday, July 19, 2019 11:04 PM
  • Hi,
    (which creates a user; no problems; BUT if you do that with adding a computer...problems; or why is it FORCED to do multiple objectclasses in adding a computer, but NOT in user creation?)

    I would apologize that I couldn't give you an explanation about the your concern. It's beyond my knowledge.
    If there is anything else we can do for you, please feel free to post in our forum.
     
    Have a nice day.



    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 22, 2019 10:12 AM
  • Hi Daisy,

       It's ok. Do you know of anyone who could help? Is it just the way it is (users can do BOTH one objectclass as well as mulitple; and computers MUST ONLY do multiple objectclasses)? 

    Monday, July 22, 2019 3:14 PM
  • Hi,
    If someone else is researching the same "question", maybe he/she  will reply you/help you.

    Meanwhile, if we must know why, I suggest you submit a service request to MS Professional tech support service so that a dedicated support professional can further assist you with this request.


    The following web site for more detail of Professional Support Options and incident submission methods is for your reference:

    https://support.microsoft.com/en-in/gp/contactus81?forceorigin=esmc&Audience=Commercial

    https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers


    Thank you for your update and support.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 24, 2019 11:43 AM