| Author | Messages | |
jppmendes
Posts:71
 | | 03/16/2010 11:02 AM |
| need to extend schema for these 3:
*SCCM 2007 R2** *
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe"
http://technet.microsoft.com/en-us/library/bb680608.aspx
*Exchange 2007***
e2k7_32\extract\Setup.exe
“White Paper: Preparing Active Directory for Exchange 2007”
http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
*Setup /PrepareLegacyExchangePermissions*
*Setup /PrepareSchema*
*Setup /PrepareAD*
*Setup /PrepareDomain*
***Exchange 2010***
*E2010\Setup.exe*
“Prepare Active Directory and Domains”:
http://technet.microsoft.com/en-us/library/bb125224.aspx
“*Note the following:* You must run this command on a 64-bit computer in the
same domain and in the same Active Directory site as the schema master.”
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup...
 )
thanks again
| | | |
| tonyszko
Posts:140
| | 03/16/2010 11:17 AM |
| On 3/16/2010 12:00 PM, mendes.joao@gmail.com wrote:
> need to extend schema for these 3:
>
> *_SCCM 2007 R2_** *
> SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
> "How to Extend the Active Directory Schema Using ExtADSch.exe"
> http://technet.microsoft.com/en-us/library/bb680608.aspx
>
> *_Exchange 2007_***
> e2k7_32\extract\Setup.exe
> “White Paper: Preparing Active Directory for Exchange 2007”
> http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
> *Setup /PrepareLegacyExchangePermissions*
> *Setup /PrepareSchema*
> *Setup /PrepareAD*
> *Setup /PrepareDomain*
>
> ***_Exchange 2010_**__*
> *E2010\Setup.exe*
> “Prepare Active Directory and Domains”:
> http://technet.microsoft.com/en-us/library/bb125224.aspx
> “*Note the following:* You must run this command on a 64-bit computer in
> the same domain and in the same Active Directory site as the schema master.”
>
> intent to do freeze replication process
> any recomendation / know-how must observe? (beside system state
> backup... )
Some of my old notes on schema extension process:
http://blogs.dirteam.com/blogs/tomek/archive/2006/02/09/exending-schema.aspx
There is also a showcase from MS IT on that topic, links are here:
http://technet.microsoft.com/en-us/library/bb687810.aspx
Regarding backup ... System state backup of course will be helpfull but
to roll back schema extension process in unlikely case that something
will go wrong be prepared for Forest recovery and planning document
for that was just updated by Microsoft:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=afe436fa-8e8a-443a-9027-c522dee35d85
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
| | | |
| mcasey
Posts:82
| | 03/16/2010 12:01 PM |
| If I'm not mistaken the Exchange 2010 schema update is included in the Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
-----Original Message-----
From: "mendes.joao@gmail.com" <mendes.joao@gmail.com>
Date: Tue, 16 Mar 2010 11:00:02
To: <ActiveDir@mail.activedir.org>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
*SCCM 2007 R2** *
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe"
http://technet.microsoft.com/en-us/library/bb680608.aspx
*Exchange 2007***
e2k7_32\extract\Setup.exe
“White Paper: Preparing Active Directory for Exchange 2007”
http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
*Setup /PrepareLegacyExchangePermissions*
*Setup /PrepareSchema*
*Setup /PrepareAD*
*Setup /PrepareDomain*
***Exchange 2010***
*E2010\Setup.exe*
“Prepare Active Directory and Domains”:
http://technet.microsoft.com/en-us/library/bb125224.aspx
“*Note the following:* You must run this command on a 64-bit computer in the
same domain and in the same Active Directory site as the schema master.”
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup...
)
thanks again
| | | |
| michael1
Posts:455
| | 03/16/2010 12:30 PM |
| Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of mcasey726@gmail.com
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
_____
From: "mendes.joao@gmail.com" <mendes.joao@gmail.com>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe" http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
“White Paper: Preparing Active Directory for Exchange 2007” http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
“Prepare Active Directory and Domains”: http://technet.microsoft.com/en-us/library/bb125224.aspx
“Note the following: You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master.”
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup... )
thanks again
| | | |
| jppmendes
Posts:71
| | 03/16/2010 2:38 PM |
| thanks!
2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
> Correct.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *mcasey726@gmail.com
> *Sent:* Tuesday, March 16, 2010 8:01 AM
>
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>
>
>
> If I'm not mistaken the Exchange 2010 schema update is included in the
> Exchange 2007 SP2 schema update.
>
>
> Sent via BlackBerry by AT&T
> ------------------------------
>
> *From: *"mendes.joao@gmail.com" <mendes.joao@gmail.com>
>
> *Date: *Tue, 16 Mar 2010 11:00:02 +0000
>
> *To: *<ActiveDir@mail.activedir.org>
>
> *Subject: *[ActiveDir] need to apply 3 schema ext
>
>
>
> need to extend schema for these 3:
>
> *SCCM 2007 R2 *
> SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
> "How to Extend the Active Directory Schema Using ExtADSch.exe"
> http://technet.microsoft.com/en-us/library/bb680608.aspx
>
> *Exchange 2007*
> e2k7_32\extract\Setup.exe
> “White Paper: Preparing Active Directory for Exchange 2007”
> http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
> *Setup /PrepareLegacyExchangePermissions*
> *Setup /PrepareSchema*
> *Setup /PrepareAD*
> *Setup /PrepareDomain*
>
> *Exchange 2010*
> *E2010\Setup.exe*
> “Prepare Active Directory and Domains”:
> http://technet.microsoft.com/en-us/library/bb125224.aspx
> “*Note the following:* You must run this command on a 64-bit computer in
> the same domain and in the same Active Directory site as the schema master.”
>
> intent to do freeze replication process
> any recomendation / know-how must observe? (beside system state backup...
> )
>
> thanks again
>
| | | |
| jppmendes
Posts:71
| | 03/20/2010 2:07 AM |
| pos & cons of aplying them at the same time .vs. one (let replication work)
the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
> Correct.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *mcasey726@gmail.com
> *Sent:* Tuesday, March 16, 2010 8:01 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>
>
>
> If I'm not mistaken the Exchange 2010 schema update is included in the
> Exchange 2007 SP2 schema update.
>
>
> Sent via BlackBerry by AT&T
> ------------------------------
>
> *From: *"mendes.joao@gmail.com" <mendes.joao@gmail.com>
>
> *Date: *Tue, 16 Mar 2010 11:00:02 +0000
>
> *To: *<ActiveDir@mail.activedir.org>
>
> *Subject: *[ActiveDir] need to apply 3 schema ext
>
>
>
> need to extend schema for these 3:
>
> *SCCM 2007 R2 *
> SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
> "How to Extend the Active Directory Schema Using ExtADSch.exe"
> http://technet.microsoft.com/en-us/library/bb680608.aspx
>
> *Exchange 2007*
> e2k7_32\extract\Setup.exe
> “White Paper: Preparing Active Directory for Exchange 2007”
> http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
> *Setup /PrepareLegacyExchangePermissions*
> *Setup /PrepareSchema*
> *Setup /PrepareAD*
> *Setup /PrepareDomain*
>
> *Exchange 2010*
> *E2010\Setup.exe*
> “Prepare Active Directory and Domains”:
> http://technet.microsoft.com/en-us/library/bb125224.aspx
> “*Note the following:* You must run this command on a 64-bit computer in
> the same domain and in the same Active Directory site as the schema master.”
>
> intent to do freeze replication process
> any recomendation / know-how must observe? (beside system state backup...
> )
>
> thanks again
>
| | | |
| michael1
Posts:455
| | 03/20/2010 2:08 AM |
| Since all the changes have to happen on the schema master, it's rather
six-of-one or a half-dozen of the other. If you are bandwidth constrained,
I'd do the Exchange update off-hours, because it's fairly large. SCCM isn't
as big.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of
mendes.joao@gmail.com
Sent: Friday, March 19, 2010 9:34 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
pos & cons of aplying them at the same time .vs. one (let replication work)
the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of mcasey726@gmail.com
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the
Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
_____
From: "mendes.joao@gmail.com" <mendes.joao@gmail.com>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe"
http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
"White Paper: Preparing Active Directory for Exchange 2007"
http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
"Prepare Active Directory and Domains":
http://technet.microsoft.com/en-us/library/bb125224.aspx
"Note the following: You must run this command on a 64-bit computer in the
same domain and in the same Active Directory site as the schema master."
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup...
)
thanks again
| | | |
| RobSilver
Posts:0
| | 03/20/2010 2:08 AM |
| DCs will only replicate with other DCs running on the same schema version (with the exception of replicating the new schema objects and attributes).
Introducing 3 new schema updates rapidly may create an interesting scenario of having 4 different schemas on the domain simultaneously.
Not sure of the worst case scenario in this event...
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] on behalf of Michael B. Smith [michael@TheEssentialExchange.com]
Sent: 19 March 2010 16:29
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Since all the changes have to happen on the schema master, it’s rather six-of-one or a half-dozen of the other. If you are bandwidth constrained, I’d do the Exchange update off-hours, because it’s fairly large. SCCM isn’t as big.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of mendes.joao@gmail.com
Sent: Friday, March 19, 2010 9:34 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
pos & cons of aplying them at the same time .vs. one (let replication work) the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com<mailto:michael@theessentialexchange.com>>
Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of mcasey726@gmail.com<mailto:mcasey726@gmail.com>
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
________________________________
From: "mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>" <mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe" http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
“White Paper: Preparing Active Directory for Exchange 2007” http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
“Prepare Active Directory and Domains”: http://technet.microsoft.com/en-us/library/bb125224.aspx
“Note the following: You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master.”
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup... )
thanks again
| | | |
| rkaramchand
Posts:100
| | 03/20/2010 2:08 AM |
|
There are two methods of schema update
Disconnect Schema master
And Peel off method on schema master
Repadmin /option +disable_ntdsconn_xlate
Repadmin /option +disable_outbound_repl
Ensure these before you update the schema
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of [Infraspec] Rob Silver
Sent: Friday, March 19, 2010 11:46 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
DCs will only replicate with other DCs running on the same schema version (with the exception of replicating the new schema objects and attributes).
Introducing 3 new schema updates rapidly may create an interesting scenario of having 4 different schemas on the domain simultaneously.
Not sure of the worst case scenario in this event...
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] on behalf of Michael B. Smith [michael@TheEssentialExchange.com]
Sent: 19 March 2010 16:29
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Since all the changes have to happen on the schema master, it's rather six-of-one or a half-dozen of the other. If you are bandwidth constrained, I'd do the Exchange update off-hours, because it's fairly large. SCCM isn't as big.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of mendes.joao@gmail.com
Sent: Friday, March 19, 2010 9:34 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
pos & cons of aplying them at the same time .vs. one (let replication work) the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com<mailto:michael@theessentialexchange.com>>
Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of mcasey726@gmail.com<mailto:mcasey726@gmail.com>
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
________________________________
From: "mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>" <mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe" http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
"White Paper: Preparing Active Directory for Exchange 2007" http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
"Prepare Active Directory and Domains": http://technet.microsoft.com/en-us/library/bb125224.aspx
"Note the following: You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master."
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup... )
thanks again
| | | |
| bdesmond
Posts:1041
| | 03/20/2010 2:08 AM |
| There's absolutely no reason you need to do either of these. Some organizations like to as they feel it gives them some pseudo-insurance. Personally I do neither.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Chauhan, Rajeev
Sent: Friday, March 19, 2010 11:14 AM
To: 'activedir@mail.activedir.org'
Subject: RE: [ActiveDir] need to apply 3 schema ext
There are two methods of schema update
Disconnect Schema master
And Peel off method on schema master
Repadmin /option +disable_ntdsconn_xlate
Repadmin /option +disable_outbound_repl
Ensure these before you update the schema
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of [Infraspec] Rob Silver
Sent: Friday, March 19, 2010 11:46 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
DCs will only replicate with other DCs running on the same schema version (with the exception of replicating the new schema objects and attributes).
Introducing 3 new schema updates rapidly may create an interesting scenario of having 4 different schemas on the domain simultaneously.
Not sure of the worst case scenario in this event...
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] on behalf of Michael B. Smith [michael@TheEssentialExchange.com]
Sent: 19 March 2010 16:29
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Since all the changes have to happen on the schema master, it's rather six-of-one or a half-dozen of the other. If you are bandwidth constrained, I'd do the Exchange update off-hours, because it's fairly large. SCCM isn't as big.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of mendes.joao@gmail.com
Sent: Friday, March 19, 2010 9:34 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
pos & cons of aplying them at the same time .vs. one (let replication work) the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com<mailto:michael@theessentialexchange.com>>
Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of mcasey726@gmail.com<mailto:mcasey726@gmail.com>
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
________________________________
From: "mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>" <mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe" http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
"White Paper: Preparing Active Directory for Exchange 2007" http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
"Prepare Active Directory and Domains": http://technet.microsoft.com/en-us/library/bb125224.aspx
"Note the following: You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master."
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup... )
thanks again
| | | |
| neil.ruston@credit-suisse.com
Posts:0
| | 03/20/2010 2:10 AM |
| Let's be clear - there are no 'technical' reasons. That's not to say
there are no 'political' or 'cultural' reasons.
Surely as a consultant, you tailor your solution to meet the needs of
the client J i.e. you have no 'personal' preference per se :->
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: 19 March 2010 16:22
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
There's absolutely no reason you need to do either of these. Some
organizations like to as they feel it gives them some pseudo-insurance.
Personally I do neither.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Chauhan, Rajeev
Sent: Friday, March 19, 2010 11:14 AM
To: 'activedir@mail.activedir.org'
Subject: RE: [ActiveDir] need to apply 3 schema ext
There are two methods of schema update
Disconnect Schema master
And Peel off method on schema master
Repadmin /option +disable_ntdsconn_xlate
Repadmin /option +disable_outbound_repl
Ensure these before you update the schema
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of [Infraspec] Rob
Silver
Sent: Friday, March 19, 2010 11:46 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
DCs will only replicate with other DCs running on the same schema
version (with the exception of replicating the new schema objects and
attributes).
Introducing 3 new schema updates rapidly may create an interesting
scenario of having 4 different schemas on the domain simultaneously.
Not sure of the worst case scenario in this event...
________________________________
From: activedir-owner@mail.activedir.org
[activedir-owner@mail.activedir.org] on behalf of Michael B. Smith
[michael@TheEssentialExchange.com]
Sent: 19 March 2010 16:29
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Since all the changes have to happen on the schema master, it's rather
six-of-one or a half-dozen of the other. If you are bandwidth
constrained, I'd do the Exchange update off-hours, because it's fairly
large. SCCM isn't as big.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of
mendes.joao@gmail.com
Sent: Friday, March 19, 2010 9:34 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
pos & cons of aplying them at the same time .vs. one (let replication
work) the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of
mcasey726@gmail.com
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the
Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
________________________________
From: "mendes.joao@gmail.com" <mendes.joao@gmail.com>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe"
http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
"White Paper: Preparing Active Directory for Exchange 2007"
http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
"Prepare Active Directory and Domains":
http://technet.microsoft.com/en-us/library/bb125224.aspx
"Note the following: You must run this command on a 64-bit computer in
the same domain and in the same Active Directory site as the schema
master."
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state
backup... )
thanks again
===============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
===============================================================================
| | | |
| williamnoble
Posts:5
| | 03/20/2010 2:10 AM |
| Hi Brian
We tend to use the 'peel off' method as most often we have more than one schema update to lay down, as we tend to lump them in as downtime can be tough to get in some environments.
Cheers
-wsn
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, March 19, 2010 1:23 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
All you're doing is creating a scenario where you apply the update to the schema master holder and then let it sit there. It's not doing anything or remotely acting like a normal DC given you've got it off the wire/isolated. Thus all you're doing is pushing the appearance of some possible problem off in to the future when you plug the box back in and let it replicate with the environment. No win if you ask me.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Chauhan, Rajeev
Sent: Friday, March 19, 2010 12:04 PM
To: 'activedir@mail.activedir.org'
Subject: RE: [ActiveDir] need to apply 3 schema ext
Brian
Can you elaborate on this for my understanding
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, March 19, 2010 12:22 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
There's absolutely no reason you need to do either of these. Some organizations like to as they feel it gives them some pseudo-insurance. Personally I do neither.
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Chauhan, Rajeev
Sent: Friday, March 19, 2010 11:14 AM
To: 'activedir@mail.activedir.org'
Subject: RE: [ActiveDir] need to apply 3 schema ext
There are two methods of schema update
Disconnect Schema master
And Peel off method on schema master
Repadmin /option +disable_ntdsconn_xlate
Repadmin /option +disable_outbound_repl
Ensure these before you update the schema
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of [Infraspec] Rob Silver
Sent: Friday, March 19, 2010 11:46 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
DCs will only replicate with other DCs running on the same schema version (with the exception of replicating the new schema objects and attributes).
Introducing 3 new schema updates rapidly may create an interesting scenario of having 4 different schemas on the domain simultaneously.
Not sure of the worst case scenario in this event...
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] on behalf of Michael B. Smith [michael@TheEssentialExchange.com]
Sent: 19 March 2010 16:29
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Since all the changes have to happen on the schema master, it's rather six-of-one or a half-dozen of the other. If you are bandwidth constrained, I'd do the Exchange update off-hours, because it's fairly large. SCCM isn't as big.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of mendes.joao@gmail.com
Sent: Friday, March 19, 2010 9:34 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
pos & cons of aplying them at the same time .vs. one (let replication work) the other (let replication work)... and so on ?
2010/3/16 Michael B. Smith <michael@theessentialexchange.com<mailto:michael@theessentialexchange.com>>
Correct.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of mcasey726@gmail.com<mailto:mcasey726@gmail.com>
Sent: Tuesday, March 16, 2010 8:01 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] need to apply 3 schema ext
If I'm not mistaken the Exchange 2010 schema update is included in the Exchange 2007 SP2 schema update.
Sent via BlackBerry by AT&T
________________________________
From: "mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>" <mendes.joao@gmail.com<mailto:mendes.joao@gmail.com>>
Date: Tue, 16 Mar 2010 11:00:02 +0000
To: <ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
Subject: [ActiveDir] need to apply 3 schema ext
need to extend schema for these 3:
SCCM 2007 R2
SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
"How to Extend the Active Directory Schema Using ExtADSch.exe" http://technet.microsoft.com/en-us/library/bb680608.aspx
Exchange 2007
e2k7_32\extract\Setup.exe
"White Paper: Preparing Active Directory for Exchange 2007" http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
Setup /PrepareLegacyExchangePermissions
Setup /PrepareSchema
Setup /PrepareAD
Setup /PrepareDomain
Exchange 2010
E2010\Setup.exe
"Prepare Active Directory and Domains": http://technet.microsoft.com/en-us/library/bb125224.aspx
"Note the following: You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master."
intent to do freeze replication process
any recomendation / know-how must observe? (beside system state backup... )
thanks again
| | | |
| SaucyWrong
Posts:54
| | 03/20/2010 2:10 AM |
| We do isolate our schema master when performing updates to the schema, but
the only reason we do this is to appease Change Management.
There's almost no *technical* reason we do this--we acknowledge that all we
can do with an isolated schema master is validate that the extension process
added the correct attributes and classes as documented. There is absolutely
no way for us to be sure that this new schema won't cause a problem with a
production system once we hook the master back up and it replicates.
Sure, we drive our schema through lower environments first, but these
environments do not contain 100% of our business applications (and this is
something we've been unable to change due to politics). So in our
environment, there's always a slim chance that a schema extension will muck
some app that hasn't seen the schema in a lower environment, and isolating
the schema master does nothing to help this.
Matt
On Fri, Mar 19, 2010 at 1:47 PM, Ruston, Neil <neil.ruston@credit-suisse.com
> wrote:
> Or …
>
>
>
> You apply the mod to the SM whilst it is ‘offline’. Once completed, you
> execute a process which ascertains the success or otherwise of the mod.
>
>
>
> If success => put the SM back online and allow the mod to replicate.
>
> If not success => keep the SM offline, replace it and thus do not replicate
> the mod.
>
>
>
> A little ‘extra insurance’ and ‘feel good factor’ J
>
>
>
> NOTE: Most Change Processes insist on a backout plan – in this scenario you
> either rebuild the entire forest or simply keep the SM offline.
>
>
>
> More than one way to skin a rabbit – none are ‘right’ and none are ‘wrong’
> J
>
>
>
> neil
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* 19 March 2010 17:23
>
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
>
>
> *All you’re doing is creating a scenario where you apply the update to the
> schema master holder and then let it sit there. It’s not doing anything or
> remotely acting like a normal DC given you’ve got it off the wire/isolated.
> Thus all you’re doing is pushing the appearance of some possible problem off
> in to the future when you plug the box back in and let it replicate with the
> environment. No win if you ask me.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c – 312.731.3132*
>
> * *
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *Chauhan, Rajeev
> *Sent:* Friday, March 19, 2010 12:04 PM
> *To:* 'activedir@mail.activedir.org'
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
>
>
> Brian
>
>
>
> Can you elaborate on this for my understanding
>
>
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Friday, March 19, 2010 12:22 PM
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
>
>
> *There’s absolutely no reason you need to do either of these. Some
> organizations like to as they feel it gives them some pseudo-insurance.
> Personally I do neither. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c – 312.731.3132*
>
> * *
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *Chauhan, Rajeev
> *Sent:* Friday, March 19, 2010 11:14 AM
> *To:* 'activedir@mail.activedir.org'
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
>
>
>
>
> There are two methods of schema update
>
>
>
> Disconnect Schema master
>
>
>
> And Peel off method on schema master
>
>
>
> Repadmin /option +disable_ntdsconn_xlate
>
> Repadmin /option +disable_outbound_repl
>
>
>
> Ensure these before you update the schema
>
>
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *[Infraspec] Rob Silver
> *Sent:* Friday, March 19, 2010 11:46 AM
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
>
>
> DCs will only replicate with other DCs running on the same schema version
> (with the exception of replicating the new schema objects and attributes).
>
>
>
> Introducing 3 new schema updates rapidly may create an interesting scenario
> of having 4 different schemas on the domain simultaneously.
>
>
>
> Not sure of the worst case scenario in this event...
> ------------------------------
>
> *From:* activedir-owner@mail.activedir.org [
> activedir-owner@mail.activedir.org] on behalf of Michael B. Smith
> [michael@TheEssentialExchange.com]
> *Sent:* 19 March 2010 16:29
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
> Since all the changes have to happen on the schema master, it’s rather
> six-of-one or a half-dozen of the other. If you are bandwidth constrained,
> I’d do the Exchange update off-hours, because it’s fairly large. SCCM isn’t
> as big.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *mendes.joao@gmail.com
> *Sent:* Friday, March 19, 2010 9:34 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>
>
>
> pos & cons of aplying them at the same time .vs. one (let replication
> work) the other (let replication work)... and so on ?
>
> 2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
>
> Correct.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *mcasey726@gmail.com
> *Sent:* Tuesday, March 16, 2010 8:01 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>
>
>
> If I'm not mistaken the Exchange 2010 schema update is included in the
> Exchange 2007 SP2 schema update.
>
> Sent via BlackBerry by AT&T
> ------------------------------
>
> *From: *"mendes.joao@gmail.com" <mendes.joao@gmail.com>
>
> *Date: *Tue, 16 Mar 2010 11:00:02 +0000
>
> *To: *<ActiveDir@mail.activedir.org>
>
> *Subject: *[ActiveDir] need to apply 3 schema ext
>
>
>
> need to extend schema for these 3:
>
> *SCCM 2007 R2 *
> SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
> "How to Extend the Active Directory Schema Using ExtADSch.exe"
> http://technet.microsoft.com/en-us/library/bb680608.aspx
>
> *Exchange 2007*
> e2k7_32\extract\Setup.exe
> “White Paper: Preparing Active Directory for Exchange 2007”
> http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
> Setup /PrepareLegacyExchangePermissions
> Setup /PrepareSchema
> Setup /PrepareAD
> Setup /PrepareDomain
>
> *Exchange 2010*
> E2010\Setup.exe
> “Prepare Active Directory and Domains”:
> http://technet.microsoft.com/en-us/library/bb125224.aspx
> “*Note the following:* You must run this command on a 64-bit computer in
> the same domain and in the same Active Directory site as the schema master.”
>
> intent to do freeze replication process
> any recomendation / know-how must observe? (beside system state backup...
> )
>
> thanks again
>
>
>
>
> ==============================================================================
> Please access the attached hyperlink for an important electronic
> communications disclaimer:
> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
>
> ==============================================================================
>
>
| | | |
| davewade
Posts:137
| | 03/20/2010 2:12 AM |
| What about the "take a DC offline and use it as a new starting point if things go wrong" approach. I know its probably only practical for small organizations. Also by the time you find the problem you will probably have made so many updates you don't want to go back, but I think that's all you can do.
Really the thing about the change process is that it should :-
1) Assess the risk and recognise that whilst the change is risky and hard to back out its also un-avoidable,
2) Put in place resources and procedures to deal with the fall out should there be problems.
Often IMHE it picks up on "1" but then doesn't understand it needs to implement "2" and instead gets into a flap.
Dave Wade
________________________________
From: activedir-owner@mail.activedir.org on behalf of Michael B. Smith
Sent: Fri 19/03/2010 20:54
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Well, it does a bit more than that...it is a test to see if the schema update process will accept THIS PARTICULAR SET of changes.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of [Infraspec] Rob Silver
Sent: Friday, March 19, 2010 4:21 PM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Hi
So, make the management happy by doing something we all know is a check in the box; value - not much as the Schema Master will more than likely very happy with the schema changes in isolation. The process makes sense because they (management) need to approve the approach (change/risk) to the solution - although the approach is merely smoke and mirrors and a tranquilite to potential failure which we have all had to adapt to without knowing the real exposure of the risk (probability x impact).
Would the mitigation be to ensure there is a backup in place to authoritatively restore the schema?
I love SCCM (although a completely different topic/technology but bears resemblance in the limitations in the realistic feasibility of fully testing AD changes) in the way you can progress through an iterative change cycle in a very controlled manner. i.e. Pilot Collection - one Computer - test for success > add a bunch of different computers > test for success etc etc. It provides a very easy and somewhat grey transition moving from piloting to production while limiting the scope of exposure significantly.
The scenario of taking the Schema Master offline is neither a Pilot, POC or a Test. It is a test to see if the schema accepts changes. Naturally, it will if you have schema admin rights...
Regards,
rob silver | managing director | infraspec | cell: +26774212064 | mail: rob@infraspec.net <mailto:rob@infraspec.net> | skype: rob.silver.botswana | msn: rob@infraspec.net <mailto:rob@infraspec.net>
cid:image001.png@01CA217D.7937A940<https://scnowa1.stockport.gov.uk/exchange/dave.wood/Drafts/RE:%20[ActiveDir]%20need%20to%20apply%203%20schema%20ext.EML/1_multipart/image001.png>
It's not a Bug -It's a Feature!
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Matt Quinn
Sent: 19 March 2010 9:04 PM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
Yeah, I've never seen a test environment that's perfect (ours is considerably less-than...) so there's always that minimal risk. Over the years we've done a good job of debunking a lot of the fear that management had with the schema extensions. One thing we've never been able to do is convince them that it doesn't necessarily buy you anything to isolate the schema master during an upgrade.
And like Brian said, it's almost not worth the energy. Isolating adds a few commands to the process. I'll happily deal with that rather than ripping more hair out trying to change somebody's mind
Matt
On Fri, Mar 19, 2010 at 2:55 PM, Brown, Ken F. <Ken.Brown@kbslp.com> wrote:
>> So in our environment, there's always a slim chance that a schema extension will muck some app that hasn't seen the schema in a lower environment, and isolating the schema master does nothing to help this.
Been there, done that. The schema change broke the single-signon the some unix systems were using (they detected the latest SFU attributes and auto-magically started using them - and those attributes had no data in them).
Did we test unix SSO? Sure did - with the unix support group driving the test from their dev machine.
Did the test work? It did - on the dev test machine.
The key question became:
Did we test *every* version of unix/linux/*nix with the different versions of the SSO code on the unix boxes? No - too many versions.
**********************************************************************
Congratulations to all our winners in the 2010 Proud of Stockport Awards see the celebrations on http://www.stockport.gov.uk/proudofstockport
This email, and any files transmitted with it, is confidential and
intended solely for the use of the individual or entity to whom they
are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act.
If you receive this email in error please notify Stockport ICT, Business Services via email.query@stockport.gov.uk and then permanently remove it from your system.
Thank you.
http://www.stockport.gov.uk
**********************************************************************
| | | |
| neil.ruston@credit-suisse.com
Posts:0
| | 03/22/2010 10:25 AM |
| Would the mitigation be to ensure there is a backup in place to
authoritatively restore the schema?
So if I understand, you'd rather rebuild the entire forest than add some
additional checks earlier in the process?
The scenario of taking the Schema Master offline is neither a Pilot, POC
or a Test. It is a test to see if the schema accepts changes.
Naturally, it will if you have schema admin rights...
Perhaps u miss the point - the change will be 'accepted' of course but
will it be applied 'successfully'? Two [subtly] different considerations
and the 'SM offline' approach assists with the assessment of the latter.
J
neil
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of [Infraspec] Rob
Silver
Sent: 19 March 2010 20:21
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] need to apply 3 schema ext
Hi
So, make the management happy by doing something we all know is a check
in the box; value - not much as the Schema Master will more than likely
very happy with the schema changes in isolation. The process makes
sense because they (management) need to approve the approach
(change/risk) to the solution - although the approach is merely smoke
and mirrors and a tranquilite to potential failure which we have all had
to adapt to without knowing the real exposure of the risk (probability x
impact).
Would the mitigation be to ensure there is a backup in place to
authoritatively restore the schema?
I love SCCM (although a completely different topic/technology but bears
resemblance in the limitations in the realistic feasibility of fully
testing AD changes) in the way you can progress through an iterative
change cycle in a very controlled manner. i.e. Pilot Collection - one
Computer - test for success > add a bunch of different computers > test
for success etc etc. It provides a very easy and somewhat grey
transition moving from piloting to production while limiting the scope
of exposure significantly.
The scenario of taking the Schema Master offline is neither a Pilot, POC
or a Test. It is a test to see if the schema accepts changes.
Naturally, it will if you have schema admin rights...
Regards,
rob silver | managing director | infraspec | cell: +26774212064 |
mail: rob@infraspec.net | skype: rob.silver.botswana | msn:
rob@infraspec.net
It's not a Bug -It's a Feature!
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Matt Quinn
Sent: 19 March 2010 9:04 PM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] need to apply 3 schema ext
Yeah, I've never seen a test environment that's perfect (ours is
considerably less-than...) so there's always that minimal risk. Over
the years we've done a good job of debunking a lot of the fear that
management had with the schema extensions. One thing we've never been
able to do is convince them that it doesn't necessarily buy you anything
to isolate the schema master during an upgrade.
And like Brian said, it's almost not worth the energy. Isolating adds a
few commands to the process. I'll happily deal with that rather than
ripping more hair out trying to change somebody's mind
Matt
On Fri, Mar 19, 2010 at 2:55 PM, Brown, Ken F. <Ken.Brown@kbslp.com>
wrote:
>> So in our environment, there's always a slim chance that a schema
extension will muck some app that hasn't seen the schema in a lower
environment, and isolating the schema master does nothing to help this.
Been there, done that. The schema change broke the single-signon the
some unix systems were using (they detected the latest SFU attributes
and auto-magically started using them - and those attributes had no data
in them).
Did we test unix SSO? Sure did - with the unix support group driving
the test from their dev machine.
Did the test work? It did - on the dev test machine.
The key question became:
Did we test *every* version of unix/linux/*nix with the different
versions of the SSO code on the unix boxes? No - too many versions.
===============================================================================
Please access the attached hyperlink for an important electronic communications disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
===============================================================================
| | | |
| jppmendes
Posts:71
| | 03/27/2010 12:05 PM |
| Confirmed!
I can run 32-bit Exchange 2007 SP2 version to extend AD & *"If your Active
Directory environment is currently Exchange 2003 and you are upgrading to
Exchange 2007, then when you extend the schema, the schema changes included
with Exchange 2007 through Exchange 2010 will be deployed in your
environment" :*
32-Bit vs. 64-Bit Version of Exchange 2007
Exchange 2007 RTM and SP1 are available in two platform versions: the 64-bit
version is for live production environments and the 32-bit version is for
non-production environments (such as labs, training facilities, demos, and
evaluation environments). Only the 64-bit version can be purchased because
you cannot run 32-bit Exchange 2007 servers in production.
There are exceptions with respect to production and non-production use of
the 32-bit platform because Microsoft does allow minimal supported use of
the 32-bit version in production environments:
You can use the 32-bit version in production to extend your Active Directory
directory service schema. For detailed steps about how to prepare Active
Directory for Exchange 2007, see How to Prepare Active Directory and
Domains.
http://technet.microsoft.com/en-us/library/bb125224(EXCHG.80).aspx<http://technet.microsoft.com/en-us/library/bb125224(EXCHG.80).aspx>
still working on lab thanks!
2010/3/19 Michael B. Smith <michael@theessentialexchange.com>
> Well, it’s actually only two (Exchange 2007 sp2 includes all the schema
> updates for Exchange 2010, so Exchange + SCCM).
>
>
>
> The worst case scenario is that other replication gets suspended until
> schema updates get processed. Which is the best case, as well.
>
>
>
> (Note: I’m sure it’s possible to construct some catastrophic scenario for
> this situation, but it’s impossible to mitigate risk to zero. This is a
> low-risk scenario.)
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com <http://theessentialexchange.com/>
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *[Infraspec] Rob Silver
> *Sent:* Friday, March 19, 2010 11:46 AM
>
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
>
>
> DCs will only replicate with other DCs running on the same schema version
> (with the exception of replicating the new schema objects and attributes).
>
>
>
> Introducing 3 new schema updates rapidly may create an interesting scenario
> of having 4 different schemas on the domain simultaneously.
>
>
>
> Not sure of the worst case scenario in this event...
> ------------------------------
>
> *From:* activedir-owner@mail.activedir.org [
> activedir-owner@mail.activedir.org] on behalf of Michael B. Smith
> [michael@TheEssentialExchange.com]
> *Sent:* 19 March 2010 16:29
> *To:* activedir@mail.activedir.org
> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>
> Since all the changes have to happen on the schema master, it’s rather
> six-of-one or a half-dozen of the other. If you are bandwidth constrained,
> I’d do the Exchange update off-hours, because it’s fairly large. SCCM isn’t
> as big.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com <http://theessentialexchange.com/>
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *mendes.joao@gmail.com
> *Sent:* Friday, March 19, 2010 9:34 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>
>
>
> pos & cons of aplying them at the same time .vs. one (let replication
> work) the other (let replication work)... and so on ?
>
> 2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
>
> Correct.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com <http://theessentialexchange.com/>
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *mcasey726@gmail.com
> *Sent:* Tuesday, March 16, 2010 8:01 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>
>
>
> If I'm not mistaken the Exchange 2010 schema update is included in the
> Exchange 2007 SP2 schema update.
>
> Sent via BlackBerry by AT&T
> ------------------------------
>
> *From: *"mendes.joao@gmail.com" <mendes.joao@gmail.com>
>
> *Date: *Tue, 16 Mar 2010 11:00:02 +0000
>
> *To: *<ActiveDir@mail.activedir.org>
>
> *Subject: *[ActiveDir] need to apply 3 schema ext
>
>
>
> need to extend schema for these 3:
>
> *SCCM 2007 R2 *
> SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
> "How to Extend the Active Directory Schema Using ExtADSch.exe"
> http://technet.microsoft.com/en-us/library/bb680608.aspx
>
> *Exchange 2007*
> e2k7_32\extract\Setup.exe
> “White Paper: Preparing Active Directory for Exchange 2007”
> http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
> Setup /PrepareLegacyExchangePermissions
> Setup /PrepareSchema
> Setup /PrepareAD
> Setup /PrepareDomain
>
> *Exchange 2010*
> E2010\Setup.exe
> “Prepare Active Directory and Domains”:
> http://technet.microsoft.com/en-us/library/bb125224.aspx
> “*Note the following:* You must run this command on a 64-bit computer in
> the same domain and in the same Active Directory site as the schema master.”
>
> intent to do freeze replication process
> any recomendation / know-how must observe? (beside system state backup...
> )
>
> thanks again
>
>
>
| | | |
| jppmendes
Posts:71
| | 04/07/2010 10:56 PM |
| done Exchange + SCCM schema ext!
like in the lab... the difference was on time... GC replication takes
mannnnyyy time to finish.
2010/3/27 mendes.joao@gmail.com <mendes.joao@gmail.com>
> Confirmed!
> I can run 32-bit Exchange 2007 SP2 version to extend AD & *"If your Active
> Directory environment is currently Exchange 2003 and you are upgrading to
> Exchange 2007, then when you extend the schema, the schema changes included
> with Exchange 2007 through Exchange 2010 will be deployed in your
> environment" :*
>
> 32-Bit vs. 64-Bit Version of Exchange 2007
> Exchange 2007 RTM and SP1 are available in two platform versions: the
> 64-bit version is for live production environments and the 32-bit version is
> for non-production environments (such as labs, training facilities, demos,
> and evaluation environments). Only the 64-bit version can be purchased
> because you cannot run 32-bit Exchange 2007 servers in production.
> There are exceptions with respect to production and non-production use of
> the 32-bit platform because Microsoft does allow minimal supported use of
> the 32-bit version in production environments:
> You can use the 32-bit version in production to extend your Active
> Directory directory service schema. For detailed steps about how to prepare
> Active Directory for Exchange 2007, see How to Prepare Active Directory and
> Domains.
> http://technet.microsoft.com/en-us/library/bb125224(EXCHG.80).aspx<http://technet.microsoft.com/en-us/library/bb125224(EXCHG.80).aspx>
>
> still working on lab thanks!
>
> 2010/3/19 Michael B. Smith <michael@theessentialexchange.com>
>
> Well, it’s actually only two (Exchange 2007 sp2 includes all the schema
>> updates for Exchange 2010, so Exchange + SCCM).
>>
>>
>>
>> The worst case scenario is that other replication gets suspended until
>> schema updates get processed. Which is the best case, as well.
>>
>>
>>
>> (Note: I’m sure it’s possible to construct some catastrophic scenario for
>> this situation, but it’s impossible to mitigate risk to zero. This is a
>> low-risk scenario.)
>>
>>
>>
>> Regards,
>>
>>
>>
>> Michael B. Smith
>>
>> Consultant and Exchange MVP
>>
>> http://TheEssentialExchange.com <http://theessentialexchange.com/>
>>
>>
>>
>> *From:* activedir-owner@mail.activedir.org [mailto:
>> activedir-owner@mail.activedir.org] *On Behalf Of *[Infraspec] Rob Silver
>> *Sent:* Friday, March 19, 2010 11:46 AM
>>
>> *To:* activedir@mail.activedir.org
>> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>>
>>
>>
>> DCs will only replicate with other DCs running on the same schema version
>> (with the exception of replicating the new schema objects and attributes).
>>
>>
>>
>> Introducing 3 new schema updates rapidly may create an interesting
>> scenario of having 4 different schemas on the domain simultaneously.
>>
>>
>>
>> Not sure of the worst case scenario in this event...
>> ------------------------------
>>
>> *From:* activedir-owner@mail.activedir.org [
>> activedir-owner@mail.activedir.org] on behalf of Michael B. Smith
>> [michael@TheEssentialExchange.com]
>> *Sent:* 19 March 2010 16:29
>> *To:* activedir@mail.activedir.org
>> *Subject:* RE: [ActiveDir] need to apply 3 schema ext
>>
>> Since all the changes have to happen on the schema master, it’s rather
>> six-of-one or a half-dozen of the other. If you are bandwidth constrained,
>> I’d do the Exchange update off-hours, because it’s fairly large. SCCM isn’t
>> as big.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Michael B. Smith
>>
>> Consultant and Exchange MVP
>>
>> http://TheEssentialExchange.com <http://theessentialexchange.com/>
>>
>>
>>
>> *From:* activedir-owner@mail.activedir.org [mailto:
>> activedir-owner@mail.activedir.org] *On Behalf Of *mendes.joao@gmail.com
>> *Sent:* Friday, March 19, 2010 9:34 AM
>> *To:* activedir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>>
>>
>>
>> pos & cons of aplying them at the same time .vs. one (let replication
>> work) the other (let replication work)... and so on ?
>>
>> 2010/3/16 Michael B. Smith <michael@theessentialexchange.com>
>>
>> Correct.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Michael B. Smith
>>
>> Consultant and Exchange MVP
>>
>> http://TheEssentialExchange.com <http://theessentialexchange.com/>
>>
>>
>>
>> *From:* activedir-owner@mail.activedir.org [mailto:
>> activedir-owner@mail.activedir.org] *On Behalf Of *mcasey726@gmail.com
>> *Sent:* Tuesday, March 16, 2010 8:01 AM
>> *To:* activedir@mail.activedir.org
>> *Subject:* Re: [ActiveDir] need to apply 3 schema ext
>>
>>
>>
>> If I'm not mistaken the Exchange 2010 schema update is included in the
>> Exchange 2007 SP2 schema update.
>>
>> Sent via BlackBerry by AT&T
>> ------------------------------
>>
>> *From: *"mendes.joao@gmail.com" <mendes.joao@gmail.com>
>>
>> *Date: *Tue, 16 Mar 2010 11:00:02 +0000
>>
>> *To: *<ActiveDir@mail.activedir.org>
>>
>> *Subject: *[ActiveDir] need to apply 3 schema ext
>>
>>
>>
>> need to extend schema for these 3:
>>
>> *SCCM 2007 R2 *
>> SCCM2007R2\SMSSETUP\BIN\I386\Extadsch.exe
>> "How to Extend the Active Directory Schema Using ExtADSch.exe"
>> http://technet.microsoft.com/en-us/library/bb680608.aspx
>>
>> *Exchange 2007*
>> e2k7_32\extract\Setup.exe
>> “White Paper: Preparing Active Directory for Exchange 2007”
>> http://technet.microsoft.com/en-us/library/bb288907%28EXCHG.80%29.aspx
>> Setup /PrepareLegacyExchangePermissions
>> Setup /PrepareSchema
>> Setup /PrepareAD
>> Setup /PrepareDomain
>>
>> *Exchange 2010*
>> E2010\Setup.exe
>> “Prepare Active Directory and Domains”:
>> http://technet.microsoft.com/en-us/library/bb125224.aspx
>> “*Note the following:* You must run this command on a 64-bit computer in
>> the same domain and in the same Active Directory site as the schema master.”
>>
>> intent to do freeze replication process
>> any recomendation / know-how must observe? (beside system state backup...
>> )
>>
>> thanks again
>>
>>
>>
>
>
| | | |
|
|