NETID Domain Schema

The current NETID domain schema is documented below. MI will entertain any schema modification requests. All schema modifications must follow schema best practices. Vendors tend to follow these best practices. Custom schema modifications are also possible. Schema best practice is documented below. Schema modifications that are deemed to follow best practices are likely to be added. NOTE: At this time, MI does not permit any directory information to be written aside from by MI connectors, except to your own user account, and then only to the "personal" attributes that you have write permission to by default. MI connectors are described in the architecture guide. A full list of all user attributes currently in use, and written to by MI connectors is documented here.

Current Schema

Description (links here take you to our copy of the schema)	Schema Vendor	Date Added	Notes (links here take you to the vendor documentation--which may not exist at a later point in time)
Windows Server 2003 R2	Microsoft Corporation	June 29, 2006	Base Schema. See here for vendor documentation
Exchange Server 2003	Microsoft Corporation	June 29, 2006
UW Enterprise Directory Services / Group Directory Services	University of Washington	July 20, 2006	Added uwEntity & uwPrincipal classes and attributes
eduPerson	Internet2/EDUCAUSE	July 20, 2006
Catalyst Labs - Macintosh Support	University of Washington	July 20, 2006	Added for EPLT labs for Mac authentication. 12/2012: Not used.
Dell Remote Access Controller	Dell	August 7, 2006	Allows central management of Dell DRAC-enabled devices
Vista Bitlocker TPM Extensions	Microsoft Corporation	February 1, 2007	See here for vendor documentation
Exchange Server 2007	Microsoft Corporation	June 1, 2007	See here for vendor documentation
Office Communications Server 2007	Microsoft Corporation	November 1, 2007
Exchange Server 2007 SP1	Microsoft Corporation	December 12, 2007	See here for vendor documentation
Group Service Integration View Access Control	University of Washington	September 17, 2008	Added uwViewAccess to uwDepartmentGroup
Windows Server 2008	Microsoft Corporation	March 12, 2009	Not R2. See here for vendor documentation
Exchange Server 2007 SP2	Microsoft Corporation	February 23, 2010	See here for vendor documentation
Windows Server 2008 R2	Microsoft Corporation	June 17, 2010	See here for vendor documentation
Exchange Server 2007 SP3	Microsoft Corporation	August 25, 2010
Exchange Server 2010 SP1	Microsoft Corporation	August 25, 2010
Exchange Server 2010 SP2	Microsoft Corporation	March 7, 2012
uwReadAccess for uwCourseOffering	University of Washington	August 23, 2012	Added uwReadAccess to uwCourseOffering
Windows Server 2012	Microsoft Corporation	August 23, 2012	See here for vendor documentation
Windows Server 2012 R2	Microsoft Corporation	April 2, 2014	See here for vendor documentation
System Center Configuration Manager	Microsoft Corporation	April 2, 2014	See here for vendor documentation
2014 Custom Schema	University of Washington	April 2, 2014	Added uwNetIDType, uwEntityType, uwKerberosDelegationSensitiveException, uwDisplayNameOverride, eduPersonAssurance
Exchange Server CU7	Microsoft Corporation	December 17, 2014	See here for vendor documentation
Local Administrator Password Solution (LAPS)	Microsoft Corporation	March 31, 2017	Added ms-Mcs-AdmPwdExpirationTime and ms-Mcs-AdmPwd to the computer class
Windows Server 2016	Microsoft Corporation	August 17, 2017	See here for vendor documentation

Custom Schema Best Practices

Unique OIDs are used for every objectclass and attribute. These OIDs belong to the vendor or organization employing the schema modification OR the OIDs are tied to standards-based schema definitions. The UW has an OID space. Contact the NOC to request an OID arc for custom schema definition. The Netid.washington.edu Windows domain has a delegated OID space, which is documented here.
Objectclass and attribute names that are not likely to create a future collision. Prepending the vendor or organization's name to the attribute or objectclass name is recommended to avoid possible collisions. For example, "year" is a poor attribute name choice. "uwYear" is a well-chosen attribute name.
Objectclass hierarchy doesn't break existing functionality. For example, inserting a superior objectclass above the user objectclass or a structural objectclass on top of the user objectclass may introduce changes that break existing functionality.
Thoughtful use of attribute indexing. Indexing can introduce a great deal of overhead. Only attributes that are widely used should be indexed.
Thoughtful use of when an attribute should be included in the global catalog partition set. Only attributes that are widely used and needed during login should be included in the global catalog.
Existing schema objects are not modified. (As the Active Directory vendor, Microsoft has in the past modified existing schema objects, and this is acceptable as an exception.)
Appropriate attribute syntax is used for the data to be stored. Poor choice of syntax can result in unnecessary directory overhead.
displayName=cn
Use auxiliary classes to enhance existing objectclasses.
Populate the description attribute with meaningful information.
Schema modifications are in LDIF format.

In addition, some thought should be given to the following questions:

How volatile is the data that will employ this schema modification?
How will objects using this schema be managed and manipulated?
What security settings are required to grant applications/users access to read/modify the data?
Who are the users of the data?
Are there data privacy issues that should be considered?
What is the total data size expected to be added to the directory from this schema modification?