locked
AD Schema - Create Attribute - Option is grayed out RRS feed

  • Question

  • Hi,

    I tested on my dev machine (VM) the creation of new Schema atributes. It all went just fine.

    Now, on my client test environment, I can start the mmc AD Schema snap-in but the "Create Attribute" option is grayed out.

    I'm using an account that is AD Admin, schema Admin and also Enterprise Admin ....

    What can be the issue here?

    Help is really appreciated.

    Thanks,

    JD


    Note: I don´t know the importance of this but the test machine is a clone of the real DC 
    • Edited by junidev Thursday, January 26, 2017 1:17 PM
    Thursday, January 26, 2017 12:58 PM

Answers

All replies

  • Hi,

    I suggest you try to install RSAT (Remote Server Administration Tool) on the client. Then configuring the attribute with the AD Schema.

    For more information about RSAT, you could refer to the article below.

    Remote Server Administration Tools Overview

    https://technet.microsoft.com/en-us/library/cc731209(v=ws.11).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 26, 2017 5:02 PM
  • Schema updates can only be performed on the DC with the Schema Master FSMO role, per this link:

    https://msdn.microsoft.com/en-us/library/ff634482.aspx

    Does your cloned DC have this role?


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by Jay Gu Friday, January 27, 2017 12:06 AM
    • Marked as answer by junidev Friday, January 27, 2017 5:45 PM
    Thursday, January 26, 2017 6:29 PM
  • Hi Richard,

    Thanks. You explained my enigma.

    I issued the command: NetDOM /query FSMO and I got this:

    Schema master            --> serverA
    Domain naming master --> serverB
    PDC                             --> myClone
    RID pool manager         --> myClone
    Infrastructure master    --> myClone

    When I issued the same command on my dev VM every thing points to my DC.

    Now, I'm facing two other issues:

    1- How do I know if the myClone server is (or is not) independent of the other servers?

    2- How can I change the "Domain naming master" and "Schema master " on myClone (assuming I'm allowed to do that)?

    Note: I'm a developer not a sysadmin, so I might not understand some jargon or systech ops. 

    I really appreciate your advice.

    Thank you so much,

    JD

     

    Thursday, January 26, 2017 10:01 PM
  • Assuming the clone will never connect to your production domain, you can seize the roles. This Wiki article shows how with PowerShell:

    https://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx

    Or, use the Ntdsutil.exe command-line tool:

    https://technet.microsoft.com/en-us/library/cc816779(v=ws.10).aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by Jay Gu Friday, January 27, 2017 12:06 AM
    • Marked as answer by junidev Friday, January 27, 2017 5:45 PM
    Thursday, January 26, 2017 10:19 PM