22.214.171.124.1 Schema NC
The contents of the schema NC is established when a forest is created. To enable a DC of a forest to be upgraded to a newer version of Windows Server operating system, a schema upgrade process is first performed. This process updates the portion of the schema that Windows Server depends upon.
The attribute objectVersion on the schema container object stores the schema version of the forest. This attribute is set during the creation of the first domain in a forest and is changed during schema upgrade after the schema is successfully upgraded to a newer version. In AD DS, to add a DC running a particular Windows Server version to an existing forest, the objectVersion of the forest's schema container must be greater than or equal to the value for that Windows Server version. In AD LDS, this is not a requirement. In AD LDS, to add a DC running a particular Windows Server version to an existing forest, the objectVersion of the forest's schema container can be less than the value for that Windows Server version. The correspondence between Windows Server versions and values of the schema container objectVersion is:
Windows 2000 Server operating system: 13
Windows Server 2003 operating system: 30
Windows Server 2003 R2 operating system: 31
Windows Server 2008 operating system (AD DS): 44
Windows Server 2008 R2 operating system (AD DS): 47
Windows Server 2012 operating system (AD DS): 56
Windows Server 2012 R2 operating system (AD DS): 69
Windows Server 2016 operating system (AD DS): 87
Active Directory Application Mode (ADAM): 30
Windows Server 2008 (AD LDS): 30
Windows Server 2008 R2 (AD LDS): 31
Windows Server 2012 (AD LDS): 31
Windows Server 2012 R2 (AD LDS): 31
Windows Server 2016 (AD LDS): 31
Attribute schemaInfo on the schema container stores a String(Octet) value of length 21 bytes. This attribute is updated on every original schema Add or Modify in the same transaction, and it is replicated to all the domain controllers in the forest upon completion of schema NC replication. The first byte of schemaInfo is 0xFF. The next 4 bytes are a 32-bit integer in big-endian byte order, used as the version of the update. The last 16 bytes are the invocationId of the DC where the schema change is made. The version starts from 1 for a new forest. Once a schema change is done, the version is incremented by one, and the invocationId of the DC where the schema change is done is written into the GUID part of the string. The invocationId attribute is specified in section 126.96.36.199.9.
For example, here is a value of schemaInfo:
0xFF 0x00 0x00 0x07 0xC7 0x20 0x79 0x92 0xE6 0x84 0xB6 0xF6 0x40 0x99 0x47 0x21 0x8B 0xC9 0xE0 0xF1 0xF3
After a schema change is done on the schema master, the following is the new value:
0xFF 0x00 0x00 0x07 0xC8 0x20 0x79 0x92 0xE6 0x84 0xB6 0xF6 0x40 0x99 0x47 0x21 0x8B 0xC9 0xE0 0xF1 0xF3
There is a child of the schema container with RDN cn=Aggregate and class subSchema. This object has several constructed attributes that are compliant with [RFC2251] section 4.5.2, through which the client can retrieve the forest's current schema. See constructed attributes in section 188.8.131.52.5. This object cannot be modified.