Last post Aug 07, 2008 11:02 AM by ssg31415926
Jul 28, 2008 02:41 PM|andrewjohn|LINK
Following this article
http://blogs.msdn.com/rakkimk/archive/2008/04/11/enabling-passwordreset-functionality-when-using-activedirectorymembershipprovider.aspx we want to extend our AD schema to include a secret question and answer. The article states we need to get an Object
ID from Microsoft. Microsoft provide a script to obtain a root Object ID here
http://go.microsoft.com/fwlink/?LinkId=100725. Is it a case of running the script on our server and that's it?
Any help appreciated.
Aug 07, 2008 11:02 AM|ssg31415926|LINK
I don't want to sound like your dad talking to you about beer or girls or dismantling your motorbike or anything but if you can't understand what that script's doing then you probably shouldn't be mucking about with your schema. Mistakes can be impossible
to rectify short of rebuilding your forest. My boss isn't keen on that, for some reason.
But anyway the answer is: it is and that's it. The numbers it generates are unwieldy but you don't need them once the mods are done so...
I would strongly recommend that you use a virtual machine with snapshots/backups to test your changes as
you can't back them out. And save the LDIF files you use to put the changes live. Then, when Server 2016 comes along with a bunch of changes, you can rebuild your VM, reapply your own changes before testing MS's.