Windows Server 2016 New AD Schema Objects
Hello,
With Windows Server 2016, Active Directory Domain Services got some new attributes. The schema got updated through the Technical Preview :
- Windows Server 2016 Technical Preview 2 – Active Directory New Schema
- Windows Server 2016 Technical Preview 4 – Active Directory New Schema Attributes
- Windows Server 2016 TP 5 Active Directory New Schema Attributes
If we take a look a Windows Server 2012 R2, there is 1739 objects in the schema :
Windows Server 2016 New AD Schema Objects – Windows Server 2012 R2
Then, if we look at Windows Server 2016 :
Windows Server 2016 New AD Schema Objects – Windows Server 2016
So, there is 30 new objects in the Active Directory schema, hereunder the list of them :
Get-ADObject -Filter * -SearchBase (Get-ADRootDSE).schemaNamingContext -Properties WhenCreated | Group-Object -Property {Get-Date $_.WhenCreated -Format 'yyyy/MM/dd hh'} | Where-Object -FilterScript {$_.Name -like '2016/10/14 11'} | Select-Object -ExpandProperty Group
- ms-DS-Device-MDMStatus
- ms-DS-External-Directory-Object-Id
- ms-DS-Is-Compliant
- ms-DS-Key-Id
- ms-DS-Key-Material
- ms-DS-Key-Usage
- ms-DS-Key-Principal
- ms-DS-Key-Principal-BL
- ms-DS-Device-DN
- ms-DS-Computer-SID
- ms-DS-Custom-Key-Information
- ms-DS-Key-Approximate-Last-Logon-Time-Stamp
- ms-DS-Key-Credential
- ms-DS-Device-Trust-Type
- ms-DS-Shadow-Principal-Sid
- ms-DS-Shadow-Principal-Container
- ms-DS-Shadow-Principal
- ms-DS-Key-Credential-Link
- ms-DS-Key-Credential-Link-BL
- Dns-Zone-Scope-Container
- Dns-Zone-Scope
- ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
- ms-DS-Token-Group-Names
- ms-DS-Token-Group-Names-Global-And-Universal
- ms-DS-Token-Group-Names-No-GC-Acceptable
- ms-DS-User-Allowed-NTLM-Network-Authentication
- ms-DS-Service-Allowed-NTLM-Network-Authentication
- ms-DS-Strong-NTLM-Policy
- ms-DS-Source-Anchor
- ms-DS-Object-SOA
Those new attributes pushed the objectversion to 87 from 69 for Windows Server 2012R2. There is no change from the Technical Preview 5.