Wednesday, September 19, 2018

Copy the Active Directory schema between two forests?


So you have a DEV Active Directory environment and you need the schema from PROD, but you don't know what it is or where it came from?


On the server you want to copy the schema open ADSI edit (this is the lazy way to get the Distinguished name of the schema DN)





Select the schema on the DC













Select properties.

 

Take a copy of the DN



The on the OLD and NEW AD servers export the schema.


ldifde -f newAD.ldf -d "CN=Schema,CN=Configuration,DC=newad,DC=nsw,DC=gov,DC=au”

ldifde -f oldAD.ldf -d "CN=Schema,CN=Configuration,DC= oldAD,DC=nsw,DC=gov,DC=au"
  EG:





On any DC install ADLDS (to get the schema compare tool)

 

 Find the tool










Load the target schema
 



 Load the base schema (the blank schema)









 Mark the non-present elements you want for the new deployment.
 

 There they are, the 157 differences, it is not unusual to have thousands.
 
 Export the file to import.


 

 Not the dc=x in the output file.


The as an Admin import the schema.


ldifde -i -f Difference.ldf -c DC=x "DC=NEWad,DC=nsw,DC=gov,DC=au"
  This error means you are not a schema admin.


 Ad yourself to schema admins, logout, login again.

 

Bingo !
 

 DONE !

Blog Archive