Directory Services |
Each Microsoft® Active Directory® object class is defined by a classSchema object in the schema container. The attributes of a classSchema object specify the characteristics of the class, such as:
The following table lists the lDAPDisplayName and description of the key attributes of a classSchema object. For more information, and a complete list of the mandatory and optional attributes of a classSchema object, see classSchema.
lDAPDisplayName | Description |
---|---|
cn (Common-Name) | Every object in Active Directory has a naming attribute from which its Relative Distinguished Name (RDN) is formed. The naming attribute for classSchema objects is cn (Common-Name). The value assigned to cn is the value that the object class will have as its RDN. For example, the cn of the organizationalUnit object class is Organizational-Unit, which would appear in a distinguished name as CN=Organizational-Unit. The cn must be unique in the schema container. |
lDAPDisplayName | The name used by LDAP clients, such as the ADSI LDAP provider, to refer to the class, for example to specify the class in a search filter. A class's lDAPDisplayName must be unique in the schema container, which means it must be unique across all classSchema and attributeSchema objects. For more information about composing a cn and an lDAPDisplayName for a new class, see Naming Attributes and Classes. |
schemaIDGUID | A GUID stored as an octet string. This GUID uniquely identifies
the class. This GUID can be used in access control entries to
control access to objects of this class. For more information, see
Setting
Permissions on Child Object Operations.
On creation of the classSchema object, Active Directory generates this value if it is not specified. If you create a new class, generate your own GUID for each class so that all installations of your extension use the same schemaIDGUID to refer to the class. |
adminDisplayName | A display name of the class for use in administrative tools. If
adminDisplayName is not specified when a class is created,
the system uses the Common-Name value as the display name.
This display name is used only if a mapping does not exist in the classDisplayName property of the display specifier for the class. For more information, see Display Specifiers and Class and Attribute Display Names. |
governsID | The OID of the class. This value must be unique among the governsIDs of all classSchema objects and the attributeIDs of all attributeSchema objects. For more information, see Object Identifiers. |
rDnAttId | Identifies the naming attribute, which is the attribute that
provides the RDN for this class — if different than the default
(cn). Use of a naming attribute other than cn is
discouraged. Naming attributes should be drawn from the well-known
set (OU, CN, O, L, and DC) that
is understood by all LDAP version 3 clients. For more information,
see Object Names and
Identities and Syntaxes for Active
Directory Attributes.
A naming attribute must have the Directory String syntax. For more information, see Syntaxes for Active Directory Attributes. |
mustContain, systemMustContain | A pair of multi-valued properties that specify the attributes
that must be present on instances of this class. These are
mandatory attributes that must be present during creation and
cannot be cleared after creation. After creation of the class,
these properties cannot be changed.
The full set of mandatory attributes for a class is the union of the systemMustContain and mustContain values on this class and all inherited classes. |
mayContain, systemMayContain | A pair of multi-valued properties that specify the attributes
that MAY be present on instances of this class. These are optional
attributes that are not mandatory and, therefore, may or may not be
present on an instance of this class. You can add or remove
mayContain values from an existing category 1 or category 2
classSchema object. Before removing a mayContain
value from a classSchema object, you should search for
instances of the object class and clear any values for the
attribute that you are removing. After creation of the class, the
systemMayContain property cannot be changed
The full set of optional attributes for a class is the union of the systemMayContain and mayContain values on this class and all inherited classes. |
possSuperiors, systemPossSuperiors | A pair of multi-valued properties that specify the structural
classes that can be legal parents of instances of this class. The
full set of possible superiors is the union of the
systemPossSuperiors and possSuperiors values on this
class and any inherited structural or abstract classes.
systemPossSuperiors and possSuperiors values are not
inherited from auxiliary classes.
You can add or remove possSuperiors values from an existing category 1 or category 2 classSchema object. After creation of the class, the systemPossSuperiors property cannot be changed. |
objectClassCategory | An integer value that specifies the category of the class,
which can be one of the following:
For more information, see Structural, Abstract, and Auxiliary Classes. |
subClassOf | An OID for the immediate superclass of this class, that is, the
class from which this class is derived.
For structural classes, subClassOf can be a structural or abstract class. For abstract classes, subClassOf can be an abstract class only. For auxiliary classes, subClassOf can be an abstract or auxiliary class. If you define a new class, ensure that the subClassOf class exists or will exist when the new class is written to the directory. If class does not exist, the classSchema object is not added to the directory. |
auxiliaryClass, systemAuxiliaryClass | A pair of multi-valued properties that specify the auxiliary
classes that this class inherits from. The full set of auxiliary
classes is the union of the systemAuxiliaryClass and
auxiliaryClass values on this class and all inherited
classes.
For an existing classSchema object, values can be added to the auxiliaryClass property but not removed. After creation of the class, the systemAuxiliaryClass property cannot be changed. |
defaultObjectCategory | The distinguished name of this object class or one of its
superclasses. When an instance of this object class is created, the
system sets the objectCategory property of the new instance
to the value specified in the defaultObjectCategory property
of its object class. The objectCategory property is an
indexed property used to increase the efficiency of object class
searches.
If defaultObjectCategory is not specified when a class is created, the system sets it to the distinguished name (DN) of the classSchema object for this class. If this object will be frequently queried by the value of a superclass rather than the object's own class, you can set defaultObjectCategory to the DN of the superclass. For example, if you are subclassing a predefined (category 1) class, the best practice is to set defaultObjectCategory to the same value as the superclass. This enables the standard UI to "find" your subclass. For more information, see Object Class and Object Category. |
defaultHidingValue | A Boolean value that specifies the default setting of the
showInAdvancedViewOnly property of new instances of this
class. Many directory objects are not interesting to end users. To
keep these objects from cluttering the UI, every object has a
Boolean attribute called showInAdvancedViewOnly.
If defaultHidingValue is set to TRUE, new object instances are hidden in the Administrative snap-ins and the Windows shell. A menu item for the object class will not appear in the New context menu of the Administrative snap-ins—even if the appropriate creation wizard properties are set on the object class's displaySpecifier object. If defaultHidingValue is set to FALSE, new instances of the object are displayed in the Administrative snap-ins and the Windows shell. Set this property to FALSE to see instances of the class in the administrative snap-ins and the shell and enable a creation wizard and its menu item in the New menu of the administrative snap-ins. If the defaultHidingValue value is not set, the default is TRUE. |
systemFlags | An integer value that contains flags that define additional properties of the class. The 0x10 bit identifies a category 1 class (a class that is part of the base schema that is included with the system). You cannot set this bit, which means that the bit is not set in category 2 classes (which are extensions to the schema). |
systemOnly | A Boolean value that specifies whether only Active Directory can modify the class. System-only classes can be created or deleted only by the Directory System Agent (DSA). System-only classes are those that the system depends on for normal operations. |
defaultSecurityDescriptor | Specifies the default security descriptor for new objects of this class. For more information, see Default Security Descriptor and How Security Descriptors are Set on New Directory Objects. |
isDefunct | A Boolean value that indicates whether the class is defunct. For more information, see Disabling Existing Classes and Attributes. |
description | A text description of the class for use by administrative applications. |
objectClass | Identifies the object class of which this object is an instance, which is the classSchema object class for all class definitions and the attributeSchema object class for all attribute definitions. |