How can I tell in Exchange 2007 Schema Extensions have already been installed ?
Hello,
I am trying to determing whether or not administrators before me had prepped one of our child domains for Exchange 2007. Our top level domain already has exchange 2007 in it, but I'm not sure if the child domain has been properly configured. the child domain
curertnly has an Exchange 2003 server, ans we are looking to migrate those users to the Exchange 2007 server in the top level domain.
while going through the white paper "Preparing Active Directory for Exchange 2007" the first step is setup /pl
after running that, you are instructed to do the following:
1.
Launch Ldp.exe.
2.
Click
Connection, and then click Connect (leave server blank). Click
OK.
3.
Click
Connection, and then click Bind (leave credentials blank). Click
OK.
4.
Click
View, and then click Tree.
5.
Enter the fully qualified domain name (FQDN) (for example, DC=northwindtraders,DC=co,DC=uk). Click
OK.
6.
Right-click the domain (for example, northwindtraders.co.uk), click
Advanced, and then click Security Descriptor. Click
OK.
The GUID for the Exchange-Information extended right is 1F298A89-DE98-47b8-B5CD-572AD53D267E.
7.
Scroll through the results pane and look for
Object Ace Type: Unknown with this GUID.
well, I went through this procedure in the child domain (I did not run setup /pl) and I got the following results. Notice that Object Ace Type: is set to "Exchange Information", not "Unknown". does this mean that the child domain has indeed been prepped
properly? Are there any other checks I can look into to determine whether or not I need to run through the domain prep steps for this child domain?
Ace[25]
Ace Type: 0x5 - ACCESS_ALLOWED_OBJECT_ACE_TYPE
Ace Size: 40 bytes
Ace Flags: 0x2
CONTAINER_INHERIT_ACE
Object Ace Mask: 0x00000010
ACTRL_DS_READ_PROP
Object Ace Flags: 0x1
ACE_OBJECT_TYPE_PRESENT
Object Ace Type: Exchange Information
- 1f298a89-de98-47b8-b5cd-572ad53d267e
Object Ace Sid: NT AUTHORITY\Authenticated Users S-1-5-11
February 10th, 2011 10:29am
As prep is non-destructive, I would just run it again. Then you know for sure. Also be aware that the prep is different between service packs, as there were additional changes for Exchange 2010 support later on. Therefore running prep from the latest service
pack on all domains would be the best option, then you know.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 12:19pm
Thanks.
I plan on installing Exchange 2007 SP3 to my Servers in the top level domain tonight. Will simply running it automatically update the schema for the top level and child domains, or should I still run setup /pd on the child domain using the
exchange sp3 setup.exe?
February 10th, 2011 5:14pm
No - you will need to prep the child domains manually. I would do that before you install SP3, then you will not have any problems.
Therefore your best option is to prep the top level domain first from the command line, then any child domains. Wait about half an hour for replication to occur, then install the service pack.
If you were in a single domain forest then you could just run the setup.exe and the GUI would prep the domain, but in this case you need to do things manually.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 6:46pm