<xs:schema
    targetNamespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/AD/AdComposite/2008/04"
    xmlns:tns="http://schemas.microsoft.com/bestpractices/models/ServerManager/AD/AdComposite/2008/04"
    elementFormDefault="qualified"
    xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <xs:element name="AdComposite" type="tns:AdCompositeType"/>

  <!-- .Net class: System.Management.Automation.ErrorRecord -->
  <xs:complexType name="ErrorType">
    <xs:sequence>
      <xs:element name="Report" type="xs:boolean"/>
      <xs:element name="DataItem" type="xs:string"/>
      <xs:element name="Computer" type="xs:string"/>
      <xs:element name="Message" type="xs:string"/>
      <!-- the fully qualified error identifier (FQID) for this error record -->
      <xs:element name="FullyQualifiedErrorId" type="xs:string"/>
      <xs:element name="Exception" type="tns:ExceptionType" minOccurs="0"/>
    </xs:sequence>
  </xs:complexType>

  <!-- .Net class: System.Exception -->
  <xs:complexType name="ExceptionType">
    <xs:sequence>
      <xs:element name="Type" type="xs:string"/>
      <xs:element name="Message" type="xs:string"/>
      <xs:element name="InnerException" type="tns:ExceptionType" minOccurs="0"/>
    </xs:sequence>
  </xs:complexType>

  <!-- Empty string -->
  <xs:simpleType name="EmptyStringType">
    <xs:restriction base="xs:string">
      <xs:minLength value="0"/>
      <xs:maxLength value="0"/>
    </xs:restriction>
  </xs:simpleType>

  <!-- Value can be empty -->
  <xs:simpleType name="BooleanType">
    <xs:union>
      <xs:simpleType>
        <xs:restriction base="tns:EmptyStringType"/>
      </xs:simpleType>
      <xs:simpleType>
        <xs:restriction base="xs:boolean"/>
      </xs:simpleType>
    </xs:union>
  </xs:simpleType>

  <!-- Value can be empty -->
  <xs:simpleType name="DecimalType">
    <xs:union>
      <xs:simpleType>
        <xs:restriction base="tns:EmptyStringType"/>
      </xs:simpleType>
      <xs:simpleType>
        <xs:restriction base="xs:decimal"/>
      </xs:simpleType>
    </xs:union>
  </xs:simpleType>

  <!-- Value can be empty -->
  <xs:simpleType name="DoubleType">
    <xs:union>
      <xs:simpleType>
        <xs:restriction base="tns:EmptyStringType"/>
      </xs:simpleType>
      <xs:simpleType>
        <xs:restriction base="xs:double"/>
      </xs:simpleType>
    </xs:union>
  </xs:simpleType>

  <!-- Value can be empty -->
  <xs:simpleType name="DateTimeType">
    <xs:union>
      <xs:simpleType>
        <xs:restriction base="tns:EmptyStringType"/>
      </xs:simpleType>
      <xs:simpleType>
        <xs:restriction base="xs:dateTime"/>
      </xs:simpleType>
    </xs:union>
  </xs:simpleType>

  <xs:complexType name="StringDataType">
    <xs:choice>
      <xs:element name="Value" type="xs:string"/>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="BooleanDataType">
    <xs:choice>
      <xs:element name="Value" type="tns:BooleanType"/>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="DecimalDataType">
    <xs:choice>
      <xs:element name="Value" type="tns:DecimalType"/>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="DoubleDataType">
    <xs:choice>
      <xs:element name="Value" type="tns:DoubleType"/>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="DateTimeDataType">
    <xs:choice>
      <xs:element name="Value" type="tns:DateTimeType"/>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="StringListDataType">
    <xs:choice>
      <xs:sequence>
        <xs:element name="Value" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="AdCompositeType">
    <xs:sequence>
      <xs:element name="Forest" type="tns:ForestCompositeType" minOccurs="1" maxOccurs="unbounded"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="ForestCompositeType">
    <xs:sequence>
      <xs:element name="Name" type="tns:StringDataType"/>
      <xs:element name="ForestFunctionalLevel" type="tns:DecimalDataType"/>
      <xs:element name="RecycleBinFeature" type="tns:BooleanDataType"/>
      <xs:element name="TombstoneLifeTime" type="tns:DecimalDataType"/>
      <xs:element name="DeletedObjectLifetime" type="tns:DecimalDataType"/>
      <xs:element name="ResultantBackupLifetime" type="xs:string"/>

      <xs:element name="RootPdc">
        <xs:complexType>
          <xs:sequence>
            <xs:element name="HostName" type="tns:StringDataType"/>
            <xs:element name="TimeSourceType" type="tns:StringDataType" minOccurs="0"/>
            <xs:element name="NtpServer" type="tns:StringDataType" minOccurs="0"/>
            <xs:element name="GoodTimeSource" minOccurs="0">
              <xs:complexType>
                <xs:choice>
                  <xs:sequence>
                    <xs:element name="Available" type="xs:boolean"/>
                    <xs:element name="Name" type="xs:string"/>
                    <xs:element name="Address" type="xs:string"/>
                    <xs:element name="Site" type="xs:string"/>
                  </xs:sequence>
                  <xs:element name="Error" type="tns:ErrorType"/>
                </xs:choice>
              </xs:complexType>
            </xs:element>
          </xs:sequence>
        </xs:complexType>
      </xs:element>

      <xs:element name="NumberOfDomains" type="tns:DecimalDataType"/>
      <xs:element name="Domain" type="tns:DomainCompositeType" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="Site" type="tns:SiteType" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="CrossForestTrust" type="tns:TrustedDomainType" minOccurs="0" maxOccurs="unbounded"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="DomainCompositeType">
    <xs:sequence>
      <xs:element name="Name" type="tns:StringDataType"/>
      <xs:element name="NumberOfDc" type="tns:DecimalDataType"/>
      <xs:element name="NumberOfGc" type="tns:DecimalDataType"/>
      <xs:element name="Server" type="tns:ServerCompositeType" minOccurs="0" maxOccurs="unbounded"/>

      <xs:element name="DesOnly">
        <xs:complexType>
          <xs:choice>
            <xs:sequence>
              <xs:choice minOccurs="0" maxOccurs="unbounded">
                <xs:element name="User" type="tns:UserType"/>
                <xs:element name="TrustedDomain" type="tns:TrustedDomainType"/>
              </xs:choice>
            </xs:sequence>
            <xs:element name="Error" type="tns:ErrorType"/>
          </xs:choice>
        </xs:complexType>
      </xs:element>

      <xs:element name="OrganizationalUnit" type="tns:OrganizationalUnitType" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="SPN" type="tns:SpnType" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="ExternalTrust" type="tns:TrustedDomainType" minOccurs="0" maxOccurs="unbounded"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="ServerCompositeType">
    <xs:sequence>
      <!-- If NTDS is running on this server -->
      <xs:element name="NTDS" type="xs:boolean"/>
      <!-- If ADWS is running on this server -->
      <xs:element name="ADWS" type="xs:boolean"/>
      <!-- If AD Powershell is functional on local server (this check is only performed on the local DC) -->
      <xs:element name="ADPS" type="xs:boolean" minOccurs="0"/>
      <!-- If this server is able to reach a functional DNS server -->
      <xs:element name="DNS" type="xs:boolean"/>
      <!-- If GP PS moduel is functional on local server (this check is only performed on the local DC) -->
      <xs:element name="GPPS" type="xs:boolean" minOccurs="0"/>

      <xs:element name="Name" type="tns:StringDataType"/>
      <xs:element name="HostName" type="tns:StringDataType"/>
      <xs:element name="IpAddresses" type="tns:HostAddressType" minOccurs="0"/>
      <xs:element name="HostNameDnsRecord" type="tns:HostNameDnsRecordType" minOccurs="0"/>
      <xs:element name="Site" type="tns:StringDataType"/>
      <xs:element name="Gc" type="tns:BooleanDataType"/>
      <xs:element name="ReadOnly" type="tns:BooleanDataType"/>
      <xs:element name="Pdc" type="tns:BooleanDataType"/>
      <xs:element name="Sku" type="tns:SkuType" minOccurs="0"/>
      <xs:element name="VirtualMachine" type="tns:BooleanDataType" minOccurs="0"/>
      <xs:element name="Fsmo" type="tns:FsmoCollectionType" minOccurs="0"/>
      <xs:element name="DnsRecords" type="tns:DnsRecordCollectionType" minOccurs="0"/>
      <xs:element name="StrictReplicationConsistency" type="tns:BooleanDataType" minOccurs="0"/>
      <xs:element name="BackupLatency" type="tns:DecimalDataType" minOccurs="0"/>
      <xs:element name="MaxPositivePhaseCorrection" type="tns:DecimalDataType" minOccurs="0"/>
      <xs:element name="MaxNegativePhaseCorrection" type="tns:DecimalDataType" minOccurs="0"/>
      <xs:element name="CurrentTime" type="tns:DateTimeDataType" minOccurs="0"/>
      <xs:element name="OuAccidentalDeletionProtection" type="tns:BooleanDataType" minOccurs="0"/>

      <xs:element name="NamingContext" type="tns:NamingContextType" minOccurs="0" maxOccurs="unbounded"/>

      <xs:element name="Rsop" type="tns:GroupPolicyType"/>
    </xs:sequence>
    <!-- "true" if the server is local; "false" if the server is remote -->
    <xs:attribute name="Local" type="xs:boolean" use="optional"/>
  </xs:complexType>

  <xs:complexType name="DnsRecordCollectionType">
    <xs:sequence>
      <xs:element name="LdapIpAddress" type="tns:DnsRecordType"/>
      <xs:element name="Ldap" type="tns:DnsRecordType"/>
      <xs:element name="LdapAtSite" type="tns:DnsRecordType"/>
      <xs:element name="Pdc" type="tns:DnsRecordType"/>
      <xs:element name="Gc" type="tns:DnsRecordType"/>
      <xs:element name="GcAtSite" type="tns:DnsRecordType"/>
      <xs:element name="DcByGuid" type="tns:DnsRecordType"/>
      <xs:element name="GcIpAddress" type="tns:DnsRecordType"/>
      <xs:element name="DsaCname" type="tns:DnsRecordType"/>
      <xs:element name="Kdc" type="tns:DnsRecordType"/>
      <xs:element name="KdcAtSite" type="tns:DnsRecordType"/>
      <xs:element name="Dc" type="tns:DnsRecordType"/>
      <xs:element name="DcAtSite" type="tns:DnsRecordType"/>
      <xs:element name="Rfc1510Kdc" type="tns:DnsRecordType"/>
      <xs:element name="Rfc1510KdcAtSite" type="tns:DnsRecordType"/>
      <xs:element name="GenericGc" type="tns:DnsRecordType"/>
      <xs:element name="GenericGcAtSite" type="tns:DnsRecordType"/>
      <xs:element name="Rfc1510UdpKdc" type="tns:DnsRecordType"/>
      <xs:element name="Rfc1510Kpwd" type="tns:DnsRecordType"/>
      <xs:element name="Rfc1510UdpKpwd" type="tns:DnsRecordType"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="DnsRecordType">
    <xs:sequence>
      <xs:element name="DomainName" type="tns:StringDataType"/>
      <xs:element name="Registered" type="tns:BooleanDataType"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="FsmoCollectionType">
    <xs:sequence>
      <xs:element name="DomainWide" type="tns:DomainWideFsmoCollectionType"/>
      <xs:element name="ForestWide" type="tns:ForestWideFsmoCollectionType"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="DomainWideFsmoCollectionType">
    <xs:sequence>
      <xs:element name="RidMaster" type="tns:FsmoRoleOwnerType"/>
      <xs:element name="InfrastructureMaster" type="tns:FsmoRoleOwnerType"/>
      <xs:element name="PdcEmulator" type="tns:FsmoRoleOwnerType"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="ForestWideFsmoCollectionType">
    <xs:sequence>
      <xs:element name="SchemaMaster" type="tns:FsmoRoleOwnerType"/>
      <xs:element name="DomainNamingMaster" type="tns:FsmoRoleOwnerType"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="FsmoRoleOwnerType">
    <xs:sequence>
      <xs:element name="Owner" type="tns:StringDataType"/>
      <xs:element name="Connectivity" type="tns:BooleanDataType" minOccurs="0"/>
      <xs:element name="Gc" type="tns:BooleanDataType" minOccurs="0"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="HostNameDnsRecordType">
    <xs:choice>
      <xs:sequence>
        <!-- True if host name is registered on DNS server -->
        <xs:element name="Registered" type="xs:boolean"/>
        <!-- Contains the list of IP addresses that are returned by DNS server -->
        <xs:element name="IP" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
        <!-- Contains the list of IP addresses, which do not belong to this DC but are registed on the DNS server, separated by semicolon -->
        <xs:element name="InvalidAddresses" type="xs:string"/>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="HostAddressType">
    <xs:choice>
      <xs:sequence>
        <xs:element name="Value" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="SkuType">
    <xs:choice>
      <xs:sequence>
        <xs:element name="Id" type="xs:integer"/>
        <xs:element name="Text" type="xs:string"/>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="NamingContextType">
    <xs:sequence>
      <xs:element name="DistinguishedName" type="tns:StringDataType"/>
      <xs:element name="LastBackupTime" type="tns:DateTimeDataType"/>
      <xs:element name="DaysSinceLastBackup" type="tns:DoubleDataType"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="SiteType">
    <xs:sequence>
      <xs:element name="Name" type="tns:StringDataType"/>
      <xs:element name="DistinguishedName" type="tns:StringDataType"/>

      <xs:element name="KccEnabled">
        <xs:complexType>
          <xs:choice>
            <xs:sequence>
              <xs:element name="InterSite" type="tns:BooleanType"/>
              <xs:element name="IntraSite" type="tns:BooleanType"/>
            </xs:sequence>
            <xs:element name="Error" type="tns:ErrorType"/>
          </xs:choice>
        </xs:complexType>
      </xs:element>

      <xs:element name="UgcEnabled" type="tns:BooleanDataType"/>
      <xs:element name="NumberOfDc" type="tns:DecimalDataType"/>
      <xs:element name="NumberOfGc" type="tns:DecimalDataType"/>
      <xs:element name="Server" type="tns:ServerCompositeType" minOccurs="0" maxOccurs="unbounded"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="SpnType">
    <xs:choice>
      <xs:sequence>
        <xs:element name="ServicePrincipalName" type="xs:string"/>
        <xs:element name="TrustedBy">
          <xs:complexType>
            <xs:sequence>
              <xs:element name="Account" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
              <!-- CombinedAccountString is the concatenation of all Account elements -->
              <xs:element name="CombinedAccountString" type="xs:string" minOccurs="0"/>
            </xs:sequence>
          </xs:complexType>
        </xs:element>
        <xs:element name="RegisteredBy">
          <xs:complexType>
            <xs:choice>
              <xs:sequence>
                <xs:element name="Account" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
                <!-- CombinedAccountString is the concatenation of all Account elements -->
                <xs:element name="CombinedAccountString" type="xs:string" minOccurs="0"/>
              </xs:sequence>
              <xs:element name="Error" type="tns:ErrorType"/>
            </xs:choice>
          </xs:complexType>
        </xs:element>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="GroupPolicyType">
    <xs:sequence>
      <xs:element name="SeNetworkLogonRight" type="tns:NtAccountListDataType" minOccurs="0"/>
      <xs:element name="SeDenyNetworkLogonRight" type="tns:NtAccountListDataType" minOccurs="0"/>
      <xs:element name="SeEnableDelegationPrivilege" type="tns:NtAccountListDataType" minOccurs="0"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="GpoLinkType">
    <xs:sequence>
      <xs:element name="DisplayName" type="xs:string"/>
      <xs:element name="GpoId" type="xs:string"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="OrganizationalUnitType">
    <xs:sequence>
      <xs:element name="DistinguishedName" type="tns:StringDataType"/>

      <!-- GPOs linked directly to this OU or inherited from parent containers -->
      <xs:element name="AppliedGpoLinks">
        <xs:complexType>
          <xs:choice>
            <xs:sequence>
              <xs:element name="GpoLink" type="tns:GpoLinkType" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
            <xs:element name="Error" type="tns:ErrorType"/>
          </xs:choice>
        </xs:complexType>
      </xs:element>

    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="TrustedDomainType">
    <xs:choice>
      <xs:sequence>
        <xs:element name="DistinguishedName" type="xs:string"/>
        <xs:element name="TrustPartner" type="xs:string"/>
        <xs:element name="TrustType" type="tns:DecimalType" minOccurs="0"/>
        <xs:element name="TrustDirection" type="tns:DecimalType" minOccurs="0"/>
        <xs:element name="TrustAttributes" type="tns:DecimalType" minOccurs="0"/>
        <xs:element name="SupportedEncryptionTypes" type="tns:DecimalType" minOccurs="0"/>
        <xs:element name="Quarantined" type="tns:BooleanType" minOccurs="0"/>
        <xs:element name="TreatAsExternal" type="tns:BooleanType" minOccurs="0"/>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

  <xs:complexType name="UserType">
    <xs:sequence>
      <xs:element name="DistinguishedName" type="xs:string"/>
      <xs:element name="SamAccountName" type="xs:string"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="NtAccountType">
    <xs:sequence>
      <xs:element name="Name" type="xs:string"/>
      <xs:element name="Sid" type="xs:string"/>
    </xs:sequence>
  </xs:complexType>

  <xs:complexType name="NtAccountListDataType">
    <xs:choice>
      <xs:sequence>
        <xs:element name="NtAccount" type="tns:NtAccountType" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:element name="Error" type="tns:ErrorType"/>
    </xs:choice>
  </xs:complexType>

</xs:schema>