Ldife error: “The server side error is “Schema update is not allowed on this DC”

KB ID 0000258 


Seen when running an ldife command like this

Add error on line 1: Unwilling To Perform
The server side error is "Schema update is not allowed on this DC. Either the
registry key is not set or the DC is not the schema FSMO Role Owner."
0 entries modified successfully.
An error has occurred in the program

ldife error



1. I’m assuming you ARE on the schema master? check

2. Basically your copy of the schema needs to “write enabled”, Click Start > In the run box Paste the following, It should say “command completed successfully”

regsvr32 schmmgmt.dll

ad schema manager snapin

3. Then click Start > Run > mmc > {Enter} > when the Microsoft Management Console opens > Console > AddRemove Snap-in > Add > Active Directory Schema > Add.

AD schema manager

4. Right click “Active directory” > Operations Masters > Place a tick in “The Schema may be modified in this Domain Controller” > OK.

Modify Schema Master

5. You can now close the management console (you don’t need to save it).

6. You should now be able to run your Ldife command without error.

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On