Hi all,

Sometime last decade we installed AD4UNIX onto our Win2k3 Domain Controllers.

Now it seems this schema extension is blocking updates to the AD schema.

I have gone through the schema using Active Directory Schema. While I can defunct most objects and attributes, I can't defunct several, including msSFUPosixAccount, msSFUPosixGroup, msSFUIpHost, and msSFUShadowAccount.

Using ADSIEdit, If i attempt to set isDefunct to true, I see:

"Schema deletion failed: class is used as an auxiliary class".

I have tried searching the dit for any references to any of the classes mentioned above, with no luck. I have tried using LDP, and ldapsearch from openldap.

Prior to this exercise, I have gone through AD and removed all attributes from all accounts and groups. This was accomplished using LDP.exe.

Can anyone shed any light on what magic I need with AD to find what is using these classes?

I am beginning to think I will be better off creating a new AD Domain, or even an entirely new forest? This seems like a massive waste of time.

I await any advice.

Thanks.