Certain Exchange Server updates and full installations require schema updates before installation. For the sake of this article, I will not detail which updates or why each requires a schema update, but detail how to disable replication on the schema master while these changes are made to prevent replication of a bad schema extension from propogating throughout the rest of the directory. By doing this, we can ensure we have followed Microsoft best practices and also provide that warm and cozy feeling needed to perform the update during business hours.
First, we must identify who holds the schema master role in the forest. This is a forest level fsmo role and a single schema master will exist per each Active Directory forest. To do this we will log onto a domain controller and run the following command.
netdom query fsmo
The command specified above will output all fmso role holders in the domain and forest. The screenshot below shows the expected output.
As you can see from the command results, lab-dc2.lab.com currently holds the schema master role. Next, we will disable outbound replication on the lab-dc2 domain controller to ensure that it cannot replicate any changes to any other domain controller during the schema update procedure. But before we do this, how do we know that the Active Directory schema has actually been updated? By running the following command and substituing the poper cn values for the domain in question, which is highlighted in bold text below. This will result in a version number that correlates to the “Exchange schema version”. Output is also shown below the command.
dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=lab,dc=com -scope base -attr rangeUpper
Now that we noted what the value is prior to the schema extension process, we can proceed onto disabling outbound replication on the schema master role owner. To do this, we will run the following command;
repadmin /options <schemamastername> +Disable_outbound_repl
Output should show as below. Note the highlighted text displaying that outbound replication is disabled.
We can now proceed with the schema preperation, knowing that if anything were to go wrong in the process, our changes will not be replicated out to the other directory servers. We could then force the removal of the domain controller from Active Directory and clean up the metadata. Once removed, seize the schema master role from another DC and there should be no harm done.
Now, how to update the schema for Exchange from the domain controller? You could also run the installer on the Exchange server which will check if the schema prep has been done and if not, the installer will do it automatically. For this article I will take the lesser used route and prep the environment on the domain controller using the Exchange Server 2010 SP2 install files.
Once the install files have been extracted and copied to the C:\exsp2 folder on the system volume of my domain controller, I will execute the following command to start the schema extension process.
The screenshot below shows a completed schema extension. The process took about 7 minutes on my lab vm with very low resources but also small directory and exchange organization.
Now that the schema extension is completed, verify the schema value using the same dsquery command mentioned above to confirm hit has incremented properly. As you can see in the below screenshot, it has incremented from 14726 to 14732.
Now that the schema prep has been successfully ran, we can enable outbound replication on the schema master by running the following command.
repadmin /options <schemamastername> -Disable_outbound_repl
Once the schema has been prepared for Exchange bits and we should be able to proceed with Exchange installations.