HowTo: Find what Schema updates have been performed

The AD schema can be extended by installing additional schema extensions, which add additional classes and\or attributes to the AD.  There is no builtin method to determine what schema extensions have been installed.  NetTools, however, does have an option to display the schema updates that have been added to the AD.  

The Schema History option uses the WhenCreated attribute to determine when changes were made to the AD, and then using it's internal database to try and retrieve the name update based on what attributes or classes have been added.

See Schema History List

LDAP Search – Populate

The LDAP Search Populate button is used to load a number of configuration options from the server, these details are then used to enable a number of other features in LDAP Search, this article provides the details of the features that are enabled.  The Populate button is shown below.

Server Bar

When the button is pressed the RootDSE for the server is retrieved and the following details are populated.

  • Sets the ##default, ##config, and ##schema variables with the corresponding naming contexts. See LDAP Search Favorites
  • Set the server field to the server that provided the RootDSE
  • Sets the BaseDN field to the default naming context in the RootDSE, if the server is not AD, this will be set to the first non Configration based NC
  • Instantiates the LDAP API so filter validation is enabled
  • If the Auto Complete option is enabled, the complete list of attributes is also downloaded from the server and the Attribute List button is enabled
  • The complete list of Attributes and classes are available in the LDAP Filter Wizard

Schema Versions

The Schema Version option will display the current schema, domain, and forest level for a number of updates completed in the domain. This option can be used to support two scenarios, firstly to confirm the AD, Exchange, OCS schema version and functional levels, and secondly, to confirm a schema update has replicated to all the domain controllers in the forest by using the Include attribute and class counts option.  With the Include attribute and class counts options selected, the  total number of attributes and classes in the schema are returned.  When the scan is run with the Decode Value option deselected, only the values are returned.

These are the column definitions:

FFL - Forest Functional Level
DFL - Domain Functional Level
DCFL - Domain Controller Functional Level
Forest - Forest Update level
Domain - Domain Update level
RODC - The Read-Only Domain Controller update level
Schema - Active Directory schema version 
Exch Sch - Exchange schema version
Exch Forest - Exchange forest update level
Exch Dom - Exchange domain update level
OCS - Office Communication Server\Lync schema version
User Attributes - The number of attributes in the User class
Group Attributes - The number of attributes in the group class
Computer Attributes - The number of attributes in the computer class
Attributes - The number of attributes in the schema
Classes - The number of classes in the schema

The tables below show the schema update for the corresponding values stored in the AD.

Domain & Forest Functional Level

0 2000
1 2003 Mixed
2 2003
3 2008
4 2008R2
5 2012
6 2012R2
7 2016

Schema Versions

13 2000
30 2003
31 2003R2
44 2008
47 2008R2
56 2012
69 2012R2
82 2016 TP3
85 2016 TP4
87 2016 RTM
88 2019

OCS\Lync Schema Version

1006 2005
1007 2007R1
1008 2007R2
1100 2010
1150 2012

Exchange Schema, Forest, and Domain Versions

Exchange Forest schema Forest Domain
2019 CU2 17001 16754 13237
2019 CU1 17000 16752 13236
2019 RTM 17000 16751 13236
2016 CU13 15332 16217 13237
2016 CU12 15332 16215 13236
2016 CU11 15332 16214 13236
2016 CU7-CU10 15332 16213 13236
2016 CU6 15330 16213 13236
2016 CU4-CU5 15326 16213 13236
2016 CU3 15326 16212 13236
2016 CU2 15325 16212 13236
2016 CU1 15323 16211 13236
2016 RTM 15317 16210 13236
2016 Preview 15317 16041 13236
2013 CU23 15312 16133 13237
2013 CU22 15312 16131 13236
2013 CU10-CU21 15312 16130 13236
2013 CU7-CU9 15312 15965 13236
2013 CU6 15303 15965 13236
2013 CU5 15300 15870 13236
2013 SP1 15292 15844 13236
2013 CU3 15283 15763 13236
2013 CU2 15281 15688 13236
2013 CU1 15254 15614 13236
2013 RTM 15137 15449 13236
2010 SP3 14734 14322 13040
2010 SP2 14732 14247 13040
2010 SP1 14726 13214 13040
2010 RTM 14622 12640 12639
2007 SP3 14625 11222 11221
2007 SP2 14622 11222 11221
2007 SP1 11116 11221 11221
2007 RTM 10637 10666 10628
2003 SP2 6870 6903 6936
2003 RTM 6870 6903 6936
2000 SP3 4406 4406
2000 RTM 4397 4406

Schema History List

Schema History displays the list of updates that have been installed in the schema for the selected directory.  If known, this includes displaying the name associated to the update.  To do this NetTools has a list of predefined names for common schema updates.  This post provides the names of the updates that are predefined in NetTools and how to configure NetTools with user defined names.

Cisco Call Manager
Cisco CM v3
Cisco Unity 4
Cisco Unity Bridge 5.0
Cisco Unity Contact Center
Cisco Unity v3
Cisco Unity v4
Cisco Unity v5
Cisco Unity VPIM 5.0
Exchange
Exchange 2000
Exchange 2003
Exchange 2007SP2
Exchange 2007SP3
Exchange 2010SP1
Exchange 2010SP1
Exchange 2010SP2
Exchange 2013
Exchange 2013 CU2
Exchange 2013 CU3
Exchange 2013 CU5
Exchange 2013 CU6
Exchange 2013 CU7
Exchange 2013 RTM
Exchange 2013 SP1
Exchange 2016
Exchange 2016 CU1
Exchange 2016 CU2
Exchange 2016 CU3
Exchange 2016 CU7
Exchange CU1
Exchange Unified Messaging
FIM 2010 R2 PCNS
HP OVCM
IBM Tivoli Storage Manager
LCS 2003
LCS 2005
LCS 2007
Lync 2010
Lync 2013
MS ISA 2000
MS Mobile Info 2001
OCS 2007R2
Oracle ESSO-LM
Oracle ESSO-PM
Quest ActiveRoles
Quest Migration Manager
RightFax
SCCM 2007
Server For Unix
Server For Unix v3.0
SMS 2003
Solgenia Facsys Fax/Routing Suite
Vista Bitlocker TPM
Windows 2000
Windows 2003
Windows 2003R2
Windows 2008
Windows 2008R2
Windows 2008R2 TPM
Windows 2012
Windows 2012
Windows 2016
Windows 2019
Windows LAPS

To configure NetTools to display a user defined name the NetTools.ini file must be manually updated with the name of schema attribute or class that was added by the update. The details of the manual updating the configuration files are provided below.

[SchemaUpdates]
<ldapdisplayname> = <Schema update Name>

ldapdisplayname is the name of the attribute or class which will be added by the update schema update is the name that NetTools will display if the attribute or class is found