The following table describes permitted editing methods for Active Directory schema types and the necessary restrictions for processing the system objects.
Type | Read | Add | Delete | Refresh |
---|---|---|---|---|
Domain (domainDNS) |
Yes |
No |
No |
Yes |
Forest (forest) |
Yes |
No |
No |
No |
Password policies (msDS-PasswordSettings) |
Yes |
Yes |
Yes |
Yes |
Trusted domain (trustedDomain) |
Yes |
No |
No |
No |
Container (container) |
Yes |
Yes |
Yes |
Yes |
Container (builtInDomain) |
Yes |
Yes |
Yes |
Yes |
Container (organizationalUnit) |
Yes |
Yes |
Yes |
Yes |
User accounts (user) |
Yes |
Yes |
Yes |
Yes |
User accounts (inetOrgPerson) |
Yes |
Yes |
Yes |
Yes |
Contacts (contact) |
Yes |
Yes |
Yes |
Yes |
Groups (Group) |
Yes |
Yes |
Yes |
Yes |
Computer, server (computer) |
Yes |
Yes |
Yes |
Yes |
Computer: location assignments (serverInSite) |
Yes |
No |
No |
No |
Location (site) |
Yes |
No |
No |
No |
Printer (printQueue) |
Yes |
No |
No |
No |