Chris Beams’s Blog

Active Directory and more….

Posts Tagged ‘Schema’

#Exchange2010 SP2 – Needs a #Schema Change

Posted by chrisbeams on May 18, 2011

Just seen that the exchange team have announced that Exchange 2010 SP2 will need a Schema Change 😦

More details here –

Posted in Active Directory, Exchange 2010 | Tagged: | Leave a Comment »

Exchange Schema – What gets changed?

Posted by chrisbeams on May 20, 2010

Nice document from MS

Posted in Active Directory, Exchange, Exchange 2010 | Tagged: , , , | Leave a Comment »

Exchange 2007 SP2 Schema Changes

Posted by chrisbeams on August 26, 2009

I have to admit this article worries me .. how many schema changes can you need for a Service Pack change. Does this mean all Service Pack changes could potentially come with a Schema Change? I hope not. The SP2 one actually looks bigger than SP1.

Its madness

Posted in Active Directory | Tagged: , , | Leave a Comment »

Exchange 2007 Schema – Issues

Posted by chrisbeams on June 2, 2009

As I mentioned recently I recently did the exchange 2007 schema change. What a change it is!!:
1. Numerous new indexes
2. Pwd-Last-Set added to GC
3. Plenty of ACEs added
4. New groups created

It’s not to be taken lightly and needs plenty of testing

Issues I had.

Adding Domain Group to “Exchange Servers”
When running Domain Prep a new group is created in the Domain which must be to the Group “Exchange Servers”. If you have a distributed multi domain forest the script does not take into account replication. So it trys to add the group before it has replicated round. This causes the script to bomb out and you can either add the group manually or rerun the script after waiting at least 15Min’s (for inter site replication).

Adding Legacy ACEs – setup /pl
This is a strange one , again in a multi domain forest when you run the legacy permissions it does not always ACL everything with the correct group. I have now seen twice where it adds a Group from another domain to the ACL and not the Domain it should. You get no error but when you looking at the ACLS through the GUI you will see one or maybe two are missing. This is also shown in the log files, search for the GUID of the groups is ACLing and make sure you have one for each Domain you are running the tool against. I have seen it fail to ACL the Configuration Container and the Root of the Name NC.  The group that was added incorrectly was the “Exchange Enterprise Servers” Group and the “Exchange Domain Servers”  Group. So just check you see these groups in the logs correctly.  What we had was another Domains Group be ACLed twice (or trying to) and another Domain being missed.

GC Traffic
Another one to look out for. The Schema change changes makes pwdlastset attribute part of the partial attribute set, which basically means its in the GC. Again if you a lot of Domains and a globally distributed environment this is going to cause a lot of traffic (assuming all DCs are GCs).  Alot of other attributes are also added check out the links below for a full list.


Exchange 2007 Schema Changes

The SP1 Schema change is a lot smaller and therefore a lot less painful 🙂

Exchange 2007 Sp1 Schema Changes



Posted in Active Directory | Tagged: | Leave a Comment »