There are two ways to bind to the Active Directory schema:
Bind directly to the schema container or to a
classSchema or attributeSchema object in the schema
container. The classSchema or attributeSchema objects
contain complete, formal definitions of every class and attribute
that can exist in an Active Directory forest. For more information,
attributeSchema and classSchema Objects.
Bind to the abstract schema or to a class or attribute entry in
the abstract schema. The abstract schema contains only a subset of
the data about each class and attribute, but the data is in a
format that is easy to retrieve and use. For more information, see
The Abstract Schema and
Reading the Abstract
To modify or extend the schema, bind directly to the schema
container. To read the class and attribute definitions, it is
usually easier to read from the abstract schema.
It is easier to read from the abstract schema because:
ADSI provides special binding techniques and a set of
interfaces to read the abstract schema.
The ADSI interfaces that work with the abstract schema return
data in a format appropriate for use in other ADSI interfaces. For
example, IADsClass and IADsProperty typically use
lDAPDisplayName strings to report attribute and class names,
even though this data is stored in the directory in the form of
object identifiers (OIDs). The lDAPDisplayName format is
convenient because other ADSI interfaces use it to refer to classes
and attributes in search filters and elsewhere.
The abstract schema entry for an object class contains data
collected from multiple classSchema objects. For example,
the possible parents, mandatory attributes, and optional attributes
for an object class are the union of these attributes from the
class's superclasses and auxiliary classes. If you read from the
actual schema container, you need to collect data from the various
classSchema objects that the class was derived from. If you
read from the abstract schema, the data is in one place.
To determine when to bind directly to the schema container
rather than using the abstract schema:
To get specific properties not exposed in the abstract
schema. For example, oMSyntax, attributeSyntax,
defaultSecurityDescriptor, and other properties are not
exposed in the abstract schema.
To query forattributeSchemaandclassSchemaobjects. To search for classes or
attributes that match a specified filter, bind to the schema
container and perform a one-level search.
To add or modify attributes or classes. The abstract
schema is read-only; you cannot use it to modify or extend the
schema. Be aware that modifications must be made at the domain
controller that is the schema master. For more information, see
for Installing a Schema Extension.