Hello, I am trying to determing whether or not administrators before me had prepped one of our child domains for Exchange 2007. Our top level domain already has exchange 2007 in it, but I'm not sure if the child domain has been properly configured. the child domain curertnly has an Exchange 2003 server, ans we are looking to migrate those users to the Exchange 2007 server in the top level domain. while going through the white paper "Preparing Active Directory for Exchange 2007" the first step is setup /pl after running that, you are instructed to do the following: 1. Launch Ldp.exe. 2. Click Connection, and then click Connect (leave server blank). Click OK. 3. Click Connection, and then click Bind (leave credentials blank). Click OK. 4. Click View, and then click Tree. 5. Enter the fully qualified domain name (FQDN) (for example, DC=northwindtraders,DC=co,DC=uk). Click OK. 6. Right-click the domain (for example, northwindtraders.co.uk), click Advanced, and then click Security Descriptor. Click OK. The GUID for the Exchange-Information extended right is 1F298A89-DE98-47b8-B5CD-572AD53D267E. 7. Scroll through the results pane and look for Object Ace Type: Unknown with this GUID. well, I went through this procedure in the child domain (I did not run setup /pl) and I got the following results. Notice that Object Ace Type: is set to "Exchange Information", not "Unknown". does this mean that the child domain has indeed been prepped properly? Are there any other checks I can look into to determine whether or not I need to run through the domain prep steps for this child domain? Ace[25] Ace Type: 0x5 - ACCESS_ALLOWED_OBJECT_ACE_TYPE Ace Size: 40 bytes Ace Flags: 0x2 CONTAINER_INHERIT_ACE Object Ace Mask: 0x00000010 ACTRL_DS_READ_PROP Object Ace Flags: 0x1 ACE_OBJECT_TYPE_PRESENT Object Ace Type: Exchange Information - 1f298a89-de98-47b8-b5cd-572ad53d267e Object Ace Sid: NT AUTHORITY\Authenticated Users S-1-5-11

As prep is non-destructive, I would just run it again. Then you know for sure. Also be aware that the prep is different between service packs, as there were additional changes for Exchange 2010 support later on. Therefore running prep from the latest service pack on all domains would be the best option, then you know. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thanks. I plan on installing Exchange 2007 SP3 to my Servers in the top level domain tonight. Will simply running it automatically update the schema for the top level and child domains, or should I still run setup /pd on the child domain using the exchange sp3 setup.exe?

No - you will need to prep the child domains manually. I would do that before you install SP3, then you will not have any problems. Therefore your best option is to prep the top level domain first from the command line, then any child domains. Wait about half an hour for replication to occur, then install the service pack. If you were in a single domain forest then you could just run the setup.exe and the GUI would prep the domain, but in this case you need to do things manually. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.