Recipe 10.18 Finding the Mandatory and Optional Attributes of a Class

10.18.1 Problem

You want to view the mandatory and optional attributes of a class.

10.18.2 Solution

10.18.2.1 Using a graphical user interface
  1. Open the Active Directory Schema snap-in.

  2. In the left pane, click on the Classes folder.

  3. In the right pane, double-click the class you want to view.

  4. Click on the Attributes tab.

10.18.2.2 Using a command-line interface
> dsquery * cn=<ClassCommonName>,cn=schema,cn=configuration,<ForestRootDN> -l[RETURN]
-scope base -attr mayContain mustContain systemMayContain systemMustContain
10.18.2.3 Using VBScript
' This code displays the mandatory and optional attributes for a class.
' ------ SCRIPT CONFIGURATION ------
' Set to common name of class to view 
strClassName = "<ClassCommonName>"   ' e.g. Surname
' ------ END CONFIGURATION ---------

set objRootDSE = GetObject("LDAP://RootDSE")
set objClass = GetObject("LDAP://cn=" & strClassName & "," & _
                         objRootDSE.Get("schemaNamingContext"))

WScript.Echo "Class: " & strClassName & vbCrlf

' Need to enable this so that if an attribute is not set, it won't die
on error resume next

WScript.Echo "mayContain:"
for each strVal in objClass.Get("mayContain")
   WScript.Echo vbTab & strVal
next

WScript.Echo vbCrlf & "systemMayContain:"
for each strVal in objClass.Get("systemMayContain")
   WScript.Echo vbTab & strVal
next

WScript.Echo vbCrlf & "mustContain:"
for each strVal in objClass.Get("mustContain")
   WScript.Echo vbTab & strVal
next

WScript.Echo vbCrlf & "systemMustContain:"
for each strVal in objClass.Get("systemMustContain")
   WScript.Echo vbTab & strVal
next

10.18.3 Discussion

The mayContain and systemMayContain attributes define the optional attributes for a class while the mustContain and systemMustContain attributes contain the mandatory attributes. The systemMayContain and systemMustContain attributes are set by Active Directory and cannot be modified. You need to be careful when adding attributes to the mustContain attribute for existing classes because you can easily cause objects that use those classes to become invalid due to not having the mandatory attribute set.

It is also worth noting that each of the solutions display only the attributes defined directly on the class. It will not show any inherited attributes that are defined by inherited classes.



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List