Hi All, I need to prep the E2K3 domain prior to E2K7 transition as per normal with the 32-bit code as all DC's are W2K3 32-bit (All E2K7 will of course be 64-bit..) The issue I have is a statment in the Technet article here : http://technet.microsoft.com/en-us/library/bb125224.aspx Proceedure Section 3. setup /PrepareAD * The computer where you run this command must be able to contact all domains in the forest on port 389. I am planning to run the Schema Preps from a server with .NET and Powershell (not a DC) that is in the same domain and the same ActiveDirectory site as the Schema Master as I don't want to modify the Schema Master server. The problem is I cannot Telnet to all the servers in the domain on port 389 because some of the servers are in secured areas. I understand performing the Schema update from the server I plan, updates the Schema Master and the Schema master the updates all the other DC's. If that is the case why must the server I plan to use to run the updates communicate with all domains on port 389 Can anyone clairify this ASAP ? Cheers LM

I guess because of organization preparation check during setup, checks various things across the organization, like Windows version, SP level etc...Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Amit, Thanks for the reply. Does that though mean that the schema updates will fail if the server that I run the schema updates from cannot communicate to all servers in the domain on port 389 ? It can communicate fine to all - non secure - servers including the Schema Master, on the entire corporate WAN, as I found out via running repadmin /replsummary - just some secure servers failed. Cheers LM

If the schema update didn't replicated to all DC's in that case you will have issues when you plan to deploy the ex2007 in those domains where these DC's resides. Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

I have seen some of the instances where setup does the organization check before preparing AD and if it doesn't communicate with any one of domain [not all servers :) ] it will fail with error telling that unable to communicate with domain xyz... "The computer where you run this command must be able to contact all domains in the forest on port 389."Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Vinod - There is and will be no Exchange in the secure domains.. Amit - OK then I guess we need to fix the port 389 issues.. Thanks for the tips Gents. Cheers LM

Hi, When we run Setup /PrepareAD, it run both Setup /PrepareSchema and Setup /PrepareLegacyExchangePermissions if required. Setup /PrepareSchema or Setup /ps must be run from a server in the same Active Directory site and domain as the schema master. Also following requirements must be meet. All domains must be available and able to be contacted on port 389. Use an account with Enterprise Admins permissions. Note: TCP port 389 is the default port for Lightweight Directory Access Protocol (LDAP) communications. More information to share with you: White Paper: Preparing Active Directory for Exchange 2007 http://technet.microsoft.com/en-us/library/bb288907.aspx How to use Portqry to troubleshoot Active Directory connectivity issues http://support.microsoft.com/default.aspx?kbid=816103 Regards, Xiu

Xiu, As always thankyou for the information. Arranging with the Network teams TCP port 389 access so we can do the schema updates. Is this only TCP or UDP as well ? Cheers LM

HI, per my knowledge LDAP use TCP/UDP 389 both to querying LDAP, Enabling both would be fine.RegardsChinthaka

Hi,Yes,we need to use following port to connect to Domain controller. So UDP 389 is also needed. LDAP (389/3268 TCP/UDP), Kerberos (88 TCP/UDP), DNS (53 TCP/UDP), RPC netlogon (135 TCP) More information to share with you:Understanding the Ports That Are Used by Exchange 2007 in a Mixed Environmenthttp://technet.microsoft.com/en-us/library/dd789693.aspxRegards,Xiu

Gents, Thanks - that Port link will be very useful. Especially for securing site to site environments. Cheers LM