MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Exchange 2016: Prepare Active Directory

This blog is a walk through process of updating schema, active directory and domains for Exchange 2016. The same steps can be used for any cumulative update or any current Exchange server version.

PrepareSchema

Disable the replication on the schema master domain controller

                     repadmin /options SchemaMasterDCName +DISABLE_OUTBOUND_REPL

                      repadmin /options SchemaMasterDCName +DISABLE_INBOUND_REPL


Verification:

Open Even Viewer and check directory services logs for the event id 1115 and 1113.



Install RSAT AD tools using Windows PowerShell to run AD update and preparation commands from Exchange 2016 server:

              Install-windowsFeature RSAT-ADDS


            If you have already installed in from GUI then you will see below Exit code and Feature Result.

              

Run Exchange 2016 Schema Update

               .\setup.exe /Prepareschema /IacceptExchangeServerLicenseTerms


                Restart the DC once schema update completes.

                Testing the DC working with the following tools

                     -Run Dcdiag, replication test will fail which is know because we have disabled replication

                     -Open mmc and connect to schema and review it is opening nicely

                     -Open ADUC and see if you can access the AD objects

               Run the command to check the schema level.

                       dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=<Domain>,dc=<local> -scope base -attr rangeUpper

                       Example: dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=mig2016,dc=com -scope base -attr rangeUpper

                            

                 Now verify at Microsoft TechNet link here.


If the result is healthy then Enable the replication on the schema master domain controller, then enable the replication by running the following commands:

                  repadmin /options SchemaMasterDCName -DISABLE_OUTBOUND_REPL

                  repadmin /options SchemaMasterDCName -DISABLE_INBOUND_REPL


AD replication and verification:

-Open Active Directory Site and services and force the replication.

-Wait for the replication to complete.
-Open the command prompt and run the following commands to sync all domain controllers
                      repadmin /syncall /force

-Open the command prompt and run the following commands to review the replication and any failed or error.

repadmin /replsum

repadmin /showrepl

Dcdiag /v

If you find the domain controller has got corrupted the active directory database, then continue to disable the replication and report a bug at Microsoft. Once issue has been reported.

Once Microsoft collects all the reports, format this domain controller and seize the FSMO roles on the other domain controller. Now wait for Microsoft’s resolution or revised version of Exchange.

Remember you can’t revert FSMO seizing.

Verification:

Open Even Viewer and check directory services logs for the event id 1114 and 1116



AD schema update has completed.

PrepareAD

Important note: No Exchange Server 2013 roles have been detected in this topology. After this operation, you will not be able to install any Exchange Server 2013 roles.

In my setup there is Exchange 2010 and no Exchange 2013 so Exchange AD preparation is informing that Exchange 2013 can’t be installed after we run this command.

If you have any plan or application compatibility requirement to install Exchange 2013 then make sure to do it before starting Exchange 2016 schema update.

           Run the following Exchange 2016 Active directory Preparation command:

                 .\setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:orgname


PrepareAD has completed here.

PrepareDomain

In a multi-domain active directory forest, we can either run /preparedomain to update one domain at a time or use /preparealldomains to update all domains in one go.

           Run the following Exchange 2016 Domain Preparation command:

                .\setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms


 

 

Domain Preparation has completed here.

We can again test and run the Active Directory health checks.

This completes Exchange 2016 Active Directory Preparation.

 

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru

14 Responses to “Exchange 2016: Prepare Active Directory”

  1. Exchange 2016: Unattended Installation « MSExchangeGuru.com Says:

    […] Preparing Active Directory for Exchange 2016. Check the blog here. […]

  2. Bhargav Shukla Says:

    You mentioned restarting the DC after schema update… I have never done that. What is the reason behind that recommendation?

  3. Prabhat Nigam Says:

    I would recommend a restart to see if restart break any thing. You don’t wish to break your AD forest and do forest recovery. ????

  4. Exchange 2013/2016: Cumulative Update Deployment in Production without any Outage « MSExchangeGuru.com Says:

    […] the steps mentioned in the blog here to prepare your active directory. This blog was originally written for Exchange 2016 but active […]

  5. Rahul Says:

    Sir,

    Can i install exchange server 2016 on Window Server 2012 R2 Standard which already ruining Active Directory on It.

    Regards,
    Rahul Salve.

  6. Prabhat Nigam Says:

    It will work. You can do it in your lab but it is neither recommended nor supported in Production

  7. Steven Norrid Says:

    When we went to Exch 2010, we only did the schema extension at the forest root and not at the child domains. We are about to go to Exch 2016. As we have some mailboxes in a couple of our child domains, can we do the /preparealldomains if some of the child domains didn’t get extended to 2010? Thanks for your reply.

  8. Prabhat Nigam Says:

    There is only one schema master DC in the whole forest which exist in the root domain so we just need to update this DC. So you are fine with it.
    Next 2 commands are required after this.

    Required at the root domain – .\setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:orgname
    Then you have 2 choice
    Either run this in every domain – .\setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms
    or
    Run this command at the root domain to update all domain -.\setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

    I hope it clarifies any doubt.

  9. BenBen Says:

    You Run Exchange 2016 Schema Update: .\setup.exe /Prepareschema /IacceptExchangeServerLicenseTerms on the DC of from another machine?

    Can you excute the procedure within service window without affecting users?

    Regards

  10. Prabhat Nigam Says:

    You can run the command from any server, DC or Exchange or Management server. You server should have prerequisite installed.

    Yes this will not impact anything but I recommend to run post business hours.

  11. Michael Says:

    Thanks Prabhat, this is a really good guide, the best I could find after a lot of searching. I used these to update our Schema today.

    After doing our upgrade I noticed this post which stated MS no longer support/advocate turning off replication to/from the Schema Master

    https://blogs.technet.microsoft.com/samdrey/2011/09/12/active-directory-schema-upgrade-procedure-with-back-out-plan/

    All went well for me but I did see an Event log entry referencing a connection being made to a GC when I had teh replication link down. After I reenabled the replication a number of the site links were rebuilt by the KCC.

    Also wondering if its overkill to disable replication when doing setup /PrepAD

    Thanks,

    Michael

  12. Prabhat Nigam Says:

    Disabling replication was suggested to one of my premiere customer in Australia by Microsoft where the customer was following a practice of isolating a schema master.
    Many organization’s security policies do not allow to update schema without isolating domain controller and if you remove the network cable or disable NIC then some of the prechecks will not complete.

    I don’t see any harm in disabling replication of schema master during schema update. You can permanently remove this DC from the network if schema update corrupts the active directory.

    I would respectfully ignore the blog shared by this Microsoft PFE because there is no reasoning provided.

  13. Srini Says:

    Hi Prabhat, Thanks for the nice article. This is what exactly I was looking for.

    I have one question. Does the server where schema update is run needs to be in the same AD site as the Schema master? Thanks, Srini

  14. Prabhat Nigam Says:

    Yes

Leave a Reply

Categories

Archives

MSExchangeGuru.com