Schema Upgrade for 2010
Hi All, We are about to perform the schema upgrade in a couple of weeks. Just wanted to clarify a couple of things. We have our internal domain which is say prod.com and also another domain which is our dmz, say dmz.com. Now the schema master for the DMZ is the same DC as the one in prod.com. My question is when running the schema upgrade in prod.com, should I be running setup /pl or setup /pl:prod.com only? We do not have any 2003 Exchange servers in dmz.com. At the moment we don't plan to put the edge transport role in yet but if we do, I assume the schema in the dmz must also be updated? It's a little confusing because the dmz shares the same schema master and one would assume that if it uses the same schema master, then when the schema master is updated in prod.com, that will flow onto the dmz domain as well? So should I be running 1. setup /pl instead of setup /pl:prod.com 2. setup /ps 3. setup /prepareAD (this should cover both dmz and prod?) Thanks again guys.
August 22nd, 2011 9:05pm

Assuming you can contact the DCs in the in DMZ domain from the server you are running this from, I would simply run setup /pl. If not, ( and since this is a DMZ ) then I would run it for the production domain only - assuming there are no existing Exchange security groups in the DMZ domain. The edge server is typically not a domain-joined member, so the schema update is moot for its installation. In fact, it doesnt have access to AD at all: http://technet.microsoft.com/en-us/library/bb124701.aspx Overview of the Edge Transport Server Role In case you havent seen it: http://technet.microsoft.com/en-us/library/bb125224.aspx Prepare Active Directory and Domains
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2011 9:35pm

Thanks Andy. We will be running schema update from a 2008R2 server in the same site as our schema master. It will also be our Exchange 2010 server. Reason is we don't have an 2008R2 schema master to run the prep on directly. It will have access to the DMZ but I think you are right. We may not need to extend the schema in the DMZ because theres no exchange 2003 or exchange security groups in there at all. Thanks for the links to the article. I actually ran a schema update in our test environment, however it does not have a DMZ so wasn't able to get an exact result. Spoke to a couple of my colleagues and they said that they believe the DMZ.com is a separate domain with a trust relationship to prod.com. I think what they are trying to tell me is that dmz.com and prod.com are not part of the same forest. Theres just a trusted relationship. Then why are the schema masters the same?
August 22nd, 2011 10:32pm

Thanks Andy. We will be running schema update from a 2008R2 server in the same site as our schema master. It will also be our Exchange 2010 server. Reason is we don't have an 2008R2 schema master to run the prep on directly. It will have access to the DMZ but I think you are right. We may not need to extend the schema in the DMZ because theres no exchange 2003 or exchange security groups in there at all. Thanks for the links to the article. I actually ran a schema update in our test environment, however it does not have a DMZ so wasn't able to get an exact result. Spoke to a couple of my colleagues and they said that they believe the DMZ.com is a separate domain with a trust relationship to prod.com. I think what they are trying to tell me is that dmz.com and prod.com are not part of the same forest. Theres just a trusted relationship. Then why are the schema masters the same? 2 separate forests would make sense and I would expect the DMZ forest to trust the Production Forest, but not the other way around.
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2011 10:42pm

Ok thanks, looks like we will just run the update on prod.com. Appreciate your assistance.
August 22nd, 2011 10:52pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics