Directory Services

Updating the Schema Cache

All information that is written to Active Directory is validated against the schema. The schema is held in memory on directory servers (domain controllers) for performance reasons. The in-memory version is updated automatically after the on-disk version has been updated. The automatic update occurs five minutes after the last change was applied; applying another change to the schema in the 5-minute window resets the timer for another 5 minutes. This behavior keeps the cache consistent, but can be confusing, since changes do not "appear" in the schema until the cache is updated, even though they were applied on disk.

To update the Active Directory schema cache after a schema update (or if you want to use the schema update for non-schema operations immediately), add the schemaUpdateNow property (it is an operational attribute) to the root DSE (blank DN) with value 1. A schema cache update will start immediately. The call is blocking. If the call returns with no error, the cache is updated and all schema updates are ready to be used. An error return indicates the cache update is not successful. Applications that want to take advantage of this feature should be designed to accommodate the blocking write, particularly in giving the user feedback, if the program or script executes interactively.

Here is a sample LDIFDE script illustrating how to trigger a cache reload:

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

You can also update the schema cache programmatically. See Example Code for Updating the Schema Cache.