Step 1: Create your LDIF file
An LDIF file is a standard plain text data interchange format for representing LDAP
The AWS Directory Service imports your LDIF file with the schema changes by running the
        ldifde.exe application on your AWS Managed Microsoft AD directory. Therefore,
      you will find it helpful to understand the LDIF script syntax. For more information, see LDIF Scripts
Several third-party LDIF tools can extract, clean-up, and update your schema updates. Regardless of which tool you use, it is important to understand that all identifiers used in your LDIF file must be unique.
We highly recommend that you review the following concepts and tips prior to creating your LDIF file.
- 
        Schema elements – Learn about schema elements such as attributes, classes, object IDs, and linked attributes. For more information, see Schema elements. 
- 
        Sequence of items – Make sure that the order in which the items in your LDIF file are laid out follow the Directory Information Tree (DIT) from the top down. The general rules for sequencing in an LDIF file include the following: - 
            Separate items with a blank line. 
- 
            List child items after their parent items. 
- 
            Ensure that items such as attributes or object classes exist in the schema. If they are not present, you must add them to the schema before they can be used. For example, before you can assign an attribute to a class, the attribute must be created. 
 
- 
            
- 
        Format of the DN – For each new instruction in the LDIF file, define the distinguished name (DN) as the first line of the instruction. The DN identifies an Active Directory object within the Active Directory object's tree and must contain the domain components for your directory. For example, the domain components for the directory in this tutorial are DC=example,DC=com.The DN must include the Active Directory object's common name (CN). The first CN entry represents the attribute or class name. To extend the Active Directory schema, use CN=Schema,CN=Configuration. Remember that you cannot modify Active Directory object content. The general DN format follows.dn: CN=[attribute or class name],CN=Schema,CN=Configuration,DC=[domain_name]For this tutorial, the DN for the new Shoe-Size attribute would look like: dn: CN=Shoe-Size,CN=Schema,CN=Configuration,DC=example,DC=com
- 
        Warnings – Review the warnings below before you extend your schema. - 
            Before you extend your Active Directory schema, it is important to review Microsoft's warnings on the impact of this operation. For more information, see What You Must Know Before Extending the Schema . 
- 
            You cannot delete a schema attribute or class. Therefore, if you make a mistake and don't want to restore from backup, you can only disable the object. For more information, see Disabling Existing Classes and Attributes . 
- Changes to defaultSecurityDescriptor are not supported. 
 
- 
            
To learn more about how LDIF files are constructed and see a sample LDIF file that can be
      used for testing AWS Managed Microsoft AD schema extensions, see the article How to Extend your AWS Managed Microsoft AD Directory Schema
Next Step