Directory Services

Disabling Existing Classes and Attributes

Schema additions are permanent. You cannot delete attributeSchema and classSchema objects. In a distributed system, it is difficult to guarantee that there are no instances of a given class or attribute. Removing the definition of a class or attribute damages existing instances of that class or attribute.

You can disable an existing class or attribute by marking it as "defunct". This does not affect existing instances of the class or attribute so marked, but it prevents the creation of new instances.

The following restrictions apply when disabling schema classes and attributes:

To disable an attribute, set the isDefunct attribute of its attributeSchema object to TRUE. When an attribute is disabled, new instances of the attribute cannot be created. To reenable the attribute set the isDefunct attribute to FALSE.

To disable a class, set the isDefunct attribute of its classSchema object to TRUE. When a class is disabled, new instances of the class cannot be created. To reenable the class set the isDefunct attribute to FALSE.

Setting schema objects as defunct can be useful in production environments. When a test version of a schema extension is no longer required, mark it as defunct. You can restore it by removing the isDefunct attribute or setting the attribute value to FALSE. This also protects against an unintended removal of a schema object by setting it to defunct because the operation can be easily reversed.

Be aware that Active Directory® does not clean up existing instances of an attribute or class when you make a schema object defunct. If you remove the isDefunct property, any instances become valid, normal objects again.

The following list includes other consequences of marking an attributeSchema or classSchema object defunct:

The following list includes additional options in a production environment for reducing the impact of defunct schema extensions:

Other options for removing unwanted schema changes in a production environment are for developers to use a private domain controller for testing. In this case, you can:

For Windows Server 2003 family operating systems, when you set a class or attribute to defunct, you can immediately reuse the ldapDisplayName, schemaIdGuid, OID and mapiID values of the defunct schema element when you create a new class or attribute to replace it. The defunct version of the class or attribute is maintained in the Schema container, but it is hidden in the MMC snap-in. To reactivate the old schema element, set isDefunct to FALSE.

The following LDIF code example shows how to modify the isDefunct attribute and change the RDN so that it is not confused with the new class that you create to replace it.

 dn: CN=MyClass,CN=Schema,CN=Configuration,DC=X
   changetype: modify
   replace: isDefunct
   isDefunct: TRUE
   -

   dn: CN=MyClass,CN=Schema,CN=Configuration,DC=X
   changetype: modrdn
   newrdn: cn=MyClassOld
   deleteoldrdn: 1

   dn:
   changetype: modify
   add: schemaUpdateNow
   schemaUpdateNow: 1
   -

Use the following command to run the LDIF code example against a forest for a computer running on Windows Server 2003 family operating systems.

ldifde /i /f rdn.ldf /c "DC=X" "dc=mydomain,dc=com"
(Where "DC=X" is a constant)