The following table describes permitted editing methods for Active Directory schema types and the necessary restrictions for processing the system objects.
| Type | Read | Add | Delete | Refresh |
|---|---|---|---|---|
|
Domain (domainDNS) |
Yes |
No |
No |
Yes |
|
Forest (forest) |
Yes |
No |
No |
No |
|
Password policies (msDS-PasswordSettings) |
Yes |
Yes |
Yes |
Yes |
|
Trusted domain (trustedDomain) |
Yes |
No |
No |
No |
|
Container (container) |
Yes |
Yes |
Yes |
Yes |
|
Container (builtInDomain) |
Yes |
Yes |
Yes |
Yes |
|
Container (organizationalUnit) |
Yes |
Yes |
Yes |
Yes |
|
User accounts (user) |
Yes |
Yes |
Yes |
Yes |
|
User accounts (inetOrgPerson) |
Yes |
Yes |
Yes |
Yes |
| Contacts (contact) |
Yes |
Yes |
Yes |
Yes |
| Groups (Group) |
Yes |
Yes |
Yes |
Yes |
|
Computer, server (computer) |
Yes |
Yes |
Yes |
Yes |
|
Computer: location assignments (serverInSite) |
Yes |
No |
No |
No |
|
Location (site) |
Yes |
No |
No |
No |
|
Printer (printQueue) |
Yes |
No |
No |
No |