| Author | Messages | |
Gil
Posts:207
 | | 09/08/2008 4:43 PM |
| Don’t set the registry keys to allow schema updates on all the DCs… it should only be set on the DC that’s holding the Schema FSMO role, i.e. the one DC in the forest that is allowed to handle schema updates.
-g
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Steve Lewis
Sent: Tuesday, September 02, 2008 7:50 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Difference between Mixed and Native Modes with 2 different aspects
Hi All,
Thanks so much for all your suggestions. I believe that I now understand the difference between the Modes with Exchange and AD. Because of this list and other forums I joined I actually decided to leave AD in Mixed Mode for now. There isn’t any reason to change it right now unless any of you have a gooder (☺) reason for going to AD in Native Mode.
I agree that I don’t want to do stuff by shooting from the hip. I’m actually as surprised as this list is, that they contracted with me for this. They knew in advance of my limited knowledge of AD and W2X. However my experience with UNIX and my skills in finding out what to do properly without hurting stuff is why they wanted me for the contract. I’m also doing PCI certification, documenting their network, documenting all their processes and setting up some test beds for their store rollouts. (I’m working for Utrecht Art Supplies. It’s a nice company)
What I’m going to do is the following:
First and foremost I’m going to make sure that their AD and server(s) are backed up before doing anything. Then I’m going to fix the registry entries on the 4 existing AD’s with the following (found this on the Microsoft and Tech Republic forums):
“HKEY LOCAL MACHINE\System\CurrentControlSet\Services\NTDS\Parameters”
Create a new REG_DWORD value named: "Schema Update Allowed"
In this new entry we have to put a data value of "1"
This should get me ready to prep the AD database.
I read the following and want to get your input about these (quoted) paragraphs. Has anyone done this before? I’m assuming that I will be doing this as well. I have more to study before pushing the button though.
“Since we’ve installed Exchange 2000 into the forest before running ADPrep, we have to correct some mistakes that were made in the Exchange 2000 schema extensions.”
“Specifically, both ADPrep and Exchange 2000 define labledURI, houseIdentifier and secretary attributes, but Exchange 2000 does not use the correct LDAP display names (lDAPDisplayName) as defined in RFC 2798. ”
“If we run ADPrep after Exchange 2000 has been installed without fixing these attributes, we can end up with duplicate schema objects with different lDAPDisplayName attributes. ”
“To solve the problem, we must run the inetorgpersonfix.ldf file that is located in \support\ tools\support.cab. This LDIF file fixes the lDAPDisplayName attributes of the three attributes. ”
“First save the inetorgpersonfix.ldf file, then import it using the ldifde utility. Here is an example where we will be importing into the mycorp.com forest: ”
“ldifde.exe /i /f inetOrgPersonFix.ldf /c "DC=X" "DC=utrecht.,DC=com”
“Note that inetorgpersonfix.ldf uses DC=X as the forest path, which is why we needed to use the /c switch to replace it with our own forest”
After all seems well with the above tasks. I will then go to one of the AD’s (preferable the one that is not running Exchange 2000) and run the following:
adprep /forestPrep
Any thing you can tell me about what should happen during and after the running of this will be appreciated. I believe that after that I should be running the same adprep command with another switch:
adprep /domainPrep
Like above, are there any caveats running this that I should be looking for?
If all the above goes OK I think that promoting the server 2003 to a DC should go seamlessly. Do you agree?
Sorry for the wordy posts but I like to dot all i’s and cross all t’s before I push any button ☺
Thanks in advance for all your help,
Steve Lewis | Systems Operation Consultant | Utrecht Art Supplies
____________________________________________
FROM ORIGINAL POST
____________________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Steve Lewis
Sent: Friday, 29 August 2008 9:58 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Difference between Mixed and Native Modes with 2 different aspects
Hi,
I just started a 6 month job at a company to do some Windows work for them. The company has 4 Windows 2000 server machines with replicated Active Directories. One 2000 server is the master AD and also is running Exchange 2000. My taskis to bring up a new Windows 2003 server box and get AD on it.
I’m confused about the difference between Mixed and Native Modes with 2 different aspects.
As I said above there is an Active Directory instance on the exchange box and 3 other Domain Controllers.
When I go into the Active Directory Users and Computers properties it says ̶0;Mixed mode (supports both Windows 2000 and pre-Windows 2000 domain controllers)”.
This is talking about *Domain Controllers*
However when I go into the actual Service Manager for exchange on the same Exchange Server box the properties tell me the following: Native Mode (no pre-Exchange 2000 servers).
This is talking about *Exchange Servers* (i.e. there are no Exchange 5.5, Exchange 5 etc servers)
I’m unsure what the difference is between the two modes in the two different locations on the Exchange box. Does anyone have any clue of what I should do?
I want to bring all of them to Native Mode. Can I just upgrade all 4 of the existing 2000 servers to Native mode in the AD properties?
You only do this on *one* DC. Raising the Domain Functionality level is a domain wide operation.
The reason I have to do this is that I have to run the 2003 dcpromo.exe /forestprep on the old Exchange AD to be able to promote the 2003 server to a Domain Controller.
/forestprep extends the schema. I wasn’t aware you needed to raise the Domain functional level to run /forestprep (but it’s been awhile since I needed to do that)
Cheers
Ken
_=_NextPart_001_01C909DA.FDE74CE1 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Active Directory and Exchange each have independent 'modes' of operation. AD mixed mode means AD will support DCs running w2k as well as w2k3 OS. Exchange mixed mode means Exchange will support Exchange servers running e2k as well as e2k3.
Further reading: http://support.microsoft.com/kb/270143 http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;322692 neil________________________________
Active Directory and Exchange each have independent ‘modes’ of operation.
AD mixed mode means AD will support DCs running w2k as well as w2k3 OS.
Exchange mixed mode means Exchange will support Exchange servers running e2k as well as e2k3.</font>
Further reading:</font>
http://support.microsoft.com/kb/270143
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;322692
neil
From: "joe" Subject: RE: [ActiveDir] Difference between Mixed and Native Modes with 2 different aspects Date: Fri, 29 Aug 2008 10:16:04 -0400 Reply-To: ActiveDir@mail.activedir.org
This is a multi-part message in MIME format. ------=_NextPart_000_0755_01C909C0.3EC330C0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
The native mode pieces have been explained. I am a little concerned about the DC that is running Exchange as well. That is almost always a bad idea unless it is an Windows SBS server deployment which is intended to be run that wayΏ]. I also admit to some concern that it sounds like you took a contract gig for something you don't really have much understanding of. Go buy some books on Active Directory and Exchange and get spun up on the stuff you are working on because you need to understand it or you could very likely cause more harm than good. joe Ώ] Though I still hate the idea. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm _____ From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org]
The native mode pieces have been explained.
I am a little concerned about the DC that is running Exchange as well. That is almost always a bad idea unless it is an Windows SBSserver deployment which is intended to be run that wayΏ].
I also admit to some concern that it sounds like you took acontract gig for something you don't really have much understanding of. Go buysome books on Active Directory and Exchange and get spun up on the stuff you areworking on because you need to understand it or you could very likely causemore harm than good.
joe
Ώ] Though I still hate the idea.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
Kirkpatrick Date: Fri, 29 Aug 2008 07:30:38 -0700 Subject: RE: [ActiveDir] Difference between Mixed and Native Modes with 2 Reply-To: ActiveDir@mail.activedir.org --_000_54C6B235DB8E54439E6432F7CE88E2213007576FBFNPPHXMAIL01ne_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi Steve, It sounds like you're pretty new to the AD thing. I suggest you hit the books and get yourself up to speed as quickly as you can, or go find some training videos (e.g. TrainSignal) if that works better for you. I really recommend you not make any substantial changes to the environment till you know what you're doing. Screwing up AD can put the entire Windows environment out of commission. First off, Active Directory and Exchange are entirely different services. They each have their own operating modes. Active Directory has a domain and forest "modes" (now called functional levels). The domain and forest functional levels control certain features in AD, for instance the way replication works. Exchange also has a mode which is (I believe) independent of Active Directory's mode. Just because Exchange is installed on a DC doesn't meanthat they somehow have the same mode... the modes are characteristics of the respective services, not of the machine they are running on. Domain controllers (servers that run the AD service) are peers; there isn'ta "master AD", although there are certain functions that are performed only on specific domain controllers. As a general note, from a security and maintenance perspective, it's not a good idea to run Exchange on a DC, although it certainly works. Something to consider for the future. -gil
It sounds like you’re pretty new to the AD thing. I suggest you hit the books and get yourself up to speed as quickly as you can, or go find some training videos (e.g. TrainSignal) if that works better for you. I really recommend you not make any substantial changes to the environment till you know what you’re doing. Screwing up AD can put the entire Windows environment out of commission.
First off, Active Directory and Exchange are entirely different services. They each have their own operating modes. Active Directory has a domain and forest “modes” (now called functional levels). The domain and forest functional levels control certain features in AD, for instance the way replication works. Exchange also has a mode which is (I believe) independent of Active Directory’s mode. Just because Exchange is installed on a DC doesn’t mean that they somehow have the same mode… the modes are characteristics of the respective services, not of the machine they are running on.
Domain controllers (servers that run the AD service) are peers; there isn’t a “master AD”, although there are certain functions that are performed only on specific domain controllers.
As a general note, from a security and maintenance perspective, it’s not a good idea to run Exchange on a DC, although it certainly works. Something to consider for the future.
-gil
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Steve Lewis
Sent: Friday, August 29, 2008 4:58 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Difference between Mixed and Native Modes with 2 different aspects
Hi,
I just started a 6 month job at a company to do some Windows work for them. The company has 4 Windows 2000 server machines with replicated Active Directories. One 2000 server is the master AD and also is running Exchange 2000. My taskis to bring up a new Windows 2003 server box and get AD on it.
I’m confused about the difference between Mixed and Native Modes with 2 different aspects.
As I said above there is an Active Directory instance on the exchange box and 3 other Domain Controllers.
When I go into the Active Directory Users and Computers properties it says “Mixed mode (supports both Windows 2000 and pre-Windows 2000 domain controllers)”. However when I go into the actual Service Manager for exchange on the same Exchange Server box the properties tell me the following: Native Mode (no pre-Exchange 2000 servers).
I’m unsure what the difference is between the two modes in the two different locations on the Exchange box. Does anyone have any clue of what I should do?
I want to bring all of them to Native Mode. Can I just upgrade all 4 of the existing 2000 servers to Native mode in the AD properties? The reason I have to do this is that I have to run the 2003 dcpromo.exe /forestprep on the old Exchange AD to be able to promote the 2003 server to a Domain Controller.
I appreciate any help and direction you can give me.
Thanks in advance,
--
Steve Lewis
| | | |
|
|