When extending the Active Directory (AD) schema, for example, by adding new attributes or classes, it’s easy to overlook a critical detail: the schema cache doesn’t update instantly. This can cause frustrating errors, especially if your schema extensions depend on each other.
In this article, we’ll explain what the schema cache is, why reloading it is sometimes necessary, and how to force a refresh using PowerShell, LDIF files, or the graphical interface.
What Is the Active Directory Schema Cache?
Each domain controller (DC) in an Active Directory forest keeps a copy of the schema in memory, called the schema cache. This design allows schema queries to perform quickly.
When schema modifications are made (such as adding a new attribute or class):
- They are written to the domain controller that holds the Schema Master FSMO role.
- They are loaded into memory (the cache).
- They are committed to disk after a few minutes, if changes are detected.
If you try to reference a newly created attribute in a class definition without updating the cache, the system may return an error indicating that the attribute does not exist, even though it has just been created.
When Should You Reload the Schema Cache?
Reloading the schema cache is necessary when:
- A newly created attribute or class must be referenced immediately.
- Automation or scripting requires schema changes to take effect right away.
- You want to avoid waiting for the five-minute background refresh interval.
How to Reload the Schema Cache
1. Using the Graphical Interface
- Run
regsvr32 schmmgmt.dllif the Schema snap-in is not already available. - Open the Active Directory Schema console by running
schmmgmt.msc. - Right-click on "Active Directory Schema" in the left pane and select "Reload the Schema".
Note: This must be performed on the domain controller that holds the Schema Master FSMO role.
2. Using ldifde
Create a file called reload.ldf with the following contents:
Then run the following command in Command Prompt:
This command writes to the schemaUpdateNow operational attribute of the RootDSE, triggering a manual schema cache refresh.
3. Using PowerShell
Use this PowerShell script, replacing <DCName> with the name of the Schema Master domain controller:
This method is ideal for automation and scripting.
4. Using AdMod
If you have the Sysinternals admod.exe utility, you can reload the schema cache with:
Real-World Example: Adding a New Attribute and Class
Suppose you need to create a new auxiliary class that references a custom attribute. You must reload the schema cache between creating the attribute and the class to avoid errors.
Step 1: Create the attribute
Step 2: Reload the schema cache
Step 3: Create the class that uses the new attribute
If the schema cache is not refreshed after step 1, step 3 will fail with an error stating that TestAttr does not exist.
Best Practices
- Perform schema changes in a test environment before applying them in production.
- Always identify and use the domain controller that holds the Schema Master FSMO role.
- Consider automating schema updates using PowerShell for repeatable, reliable processes.
- Document all schema changes thoroughly.
Conclusion
Reloading the Active Directory schema cache is a necessary step when performing dynamic schema modifications. Whether you're extending the schema for a new application or customizing your directory for internal use, understanding how to refresh the cache ensures your changes take effect immediately and without error.