You can set permissions for performing tasks in the Active Directory Schema snap-in.
Membership in Schema Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
To apply permissions to perform a schema task |
-
Open the Active Directory Schema snap-in.
-
In the console tree, click Active Directory Schema to connect to the domain.
-
In the console tree, right-click Active Directory Schema, and then click Permissions.
-
In Group or user names, select a user or group, or click Add to add a user or group.
-
In Permissions for <user_name>, select or clear the permission that you want to grant or deny, respectively, and then click OK.
Additional considerations
- Performing this task requires you to have
schema administrator credentials, which are assigned to only the
Schema Admins group. By default, only the Administrator account in
the forest root domain is a member of the Schema Admins group. You
can set permissions for different administrators to manage schema
operations, but it is best to limit the number of schema
administrators to a single highly trusted administrator in the
forest.
- If the Active Directory Schema snap-in
is not installed, see Install the Active
Directory Schema Snap-In.