CHAPTER 4: ADMINISTRATIVE FUNCTIONS 45Returning User Group Information from Microsoft Active DirectoryReturning user group information from Microsoft’s Active Directory for Windows 2000 Server requiresupdating the LDAP schema. This should be attempted only by an experienced Active Directoryadministrator. Please refer to your Microsoft documentation for more detail.To Begin1. Install the schema plug-in for Active Directory – please refer to Microsoft Active Directorydocumentation for instructions.2. Run Active Directory Console and select Directory Schema.Setting the Registry to Permit Write Operations to the SchemaTo allow a domain controller to write to the schema, you must set a registry entry that permits schemaupdates.Setting the Registry Key1. Right-click the Active Directory Schema root node in the left pane of the window, and then clickOperations Master.2. Click on the check box before The Schema may be modified on this Domain Controller. .3. Click [OK].Creating a New AttributeTo create new attributes for the rciusergroup class:1. Click the [+] symbol before Active Directory Schema in the left pane of the window.2. Right-click Attributes in the left pane.3. Click New, and then select Attribute. When the warning message appears, click [Continue] and theCreate New Attribute window appears.Figure 41 Creating a New Attribute4. Type rciusergroup in the Common Name field.5. Type rciusergroup in the LDAP Display Name field.6. Type 1.3.6.1.4.1.13742.50 in the Unique x5000 Object ID field.7. Click on the Syntax drop-down arrow and select Case Insensitive String from the list.8. Type 1 in the Minimum field.9. Type 24 in the Maximum field.10. Click [OK] to create the new attribute.