Testing for Active Directory Schema Extension Conflicts

Updated: March 27, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2

Perform Schema Conflict Analysis Using Windows PowerShell

You can use ADSchemaExtensionConflictAnalyzer.ps1 (https://go.microsoft.com/fwlink/?LinkId=191133), a Windows PowerShell script, to analyze application schema extension .ldf files against a production schema and generate a report on errors, conflicts, and other warnings. For example, if an application schema extension is adding an attribute with incorrect attribute syntax, the script reports that error on screen and in a results file.

Note

Do not run ADSchemaExtensionConflictAnalyzer.ps1 against schema extensions that are performed by the AD DS upgrade by using Adprep.exe. Adprep uses privileged execution, and it makes changes that general schema applications are not allowed to do.

ADSchemaExtensionConflictAnalyzer.ps1 reports the results on the screen and in an output file. You can use multiple .ldf files as the input by using a comma delimiter between each file. The report is always returned in a single output file, with demarcations between the results of multiple input files.

You can run ADSchemaExtensionConflictAnalyzer.ps1 on a test or production domain controller because it does not make any changes to your existing schema. If you run it on the production domain controller, it will read the production Active Directory schema by default. If you run it on a test domain controller, then you need to export your production schema to a file and specify that file with the –CurrentSchema parameter. You need to be a member of the Domain Admins group to log on to a domain controller.

To run ADSchemaExtensionConflictAnalyzer.ps1

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell object, and then click Run as administrator.

  2. Type:

    set-executionpolicy unrestricted
    

    This command allows you to run all scripts, including those that are not signed by a trusted publisher.

  3. Use the following syntax to run ADSchemaExtensionConflictAnalyzer:

    .\ADSchemaExtensionConflictAnalyzer.ps1 –inputfile NewSchemaExtension1.ldf, [NewSchemaExtension2.ldf, NewSchemaExtension3.ldf] –outputfile results.ldf [-CurrentSchema ProductionSchema.ldf]
    

Note

If the ADSchemaExtensionConflictAnalyzer.ps1 script is saved in a different directory then where you are running the command, then specify the path to the script. For example if you are running the command from PS C:\Users\Administrator and the script is saved in C:\Scripts, then type C:\Scripts\ADSchemaExtensionConflictAnalyzer.ps1.

  1. Review the output file for errors and warnings. The output file is a copy of the input file that is annotated with errors and warnings.

Change History

Date Revision

March 2011

Information about using AD DS/LDS Schema Analyzer was removed because the AD DS/LDS Schema Analyzer fails silently when comparing a customized schema, such as one extended for Microsoft Exchange Server.

See Also

Other Resources

Ldifde
ADSchemaExtensionConflictAnalyzer.ps1