Active Directory Schema

Active Directory is very much a database. It even has a schema to define what can and can’t be created and how everything is related and linked. An oversimplification is that the Active Directory schema is the rules about the types of items you can make in Active Directory, and this also includes the available attributes for each item.

Your schema level (or schema version) is not your domain functional level or forest functional level. The schema level doesn’t always match the domain functional level or the forest functional level.

Windows Server 2019 and Windows Server 2022 both operate at the domain and forest functional level of Windows Server 2016. Even though a server running Windows Server 2019 or Windows Server 2022 has a functional level of Windows Server 2016, its schema version is higher than Windows Server 2016.

In this post, I will show you step-by-step how to check your AD schema level using the GUI or PowerShell and how to translate the output to the corresponding Windows Server version.

GUI Way

• Open ADSI Edit.

• Click on Action > Connect to…

• In the Connection Point section, click on Select a well known Naming Context option and select Schema.

• Click OK

• Click on the Schema object.

• Right-click on the CN=Schema name and select Properties.

• Find the attribute named objectVersion.

The value of the objectVersion attribute is your schema level.

In my example, the value is 88.

Use the Schema version to Server Version section to translate the result.

PowerShell Way

• Run the following command to get your Active Directory schema level. Get-ADObject (Get-ADRootDSE).schemaNamingContext -Properties objectVersion | select DistinguishedName,objectVersion | fl

The command above will output the value of objectVersion, which is your schema level.

In my example, the value is 88.

Use the Schema version to Server Version section to translate the result.

Schema version to Server Version

We need to translate the schema object version value to the Windows Server version. Below is a list of how each object version value is translated to the Windows Server version.

• 91 = Windows Server 2025
• 88 = Windows Server 2022 and Windows Server 2019
• 87 = Windows Server 2016
• 69 = Windows Server 2012 R2
• 56 = Windows Server 2012
• 47 = Windows Server 2008 R2
• 44 = Windows Server 2008
• 31 = Windows Server 2003 R2
• 30 = Windows Server 2003

Here is Microsoft’s official translation list.

If you want to read more about the Active Directory Schema, here is Microsoft’s documentation.

Related posts:

Create Active Directory Central Store Deploying Windows LAPS Upgrade Palo Alto Firewall HA Pair (Active/Passive) Palo Alto Private Data Reset with HA (Active/Passive)