to update the schema you could:
Take a copy of your production environment (e.g. a virtual machine that is
promoted as a RWDC) and get that to your test environment. Cleanup the
metadata of the virtual DC (use MS KB for how to) in the production
environment
Then power the virtual DC on in the test environment and make it healthy by:
• Seizing ALL the FSMO roles to it using NTDSUTIL
• Making it a GC if it isn’t one
• Cleanup the metadata of all the other DCs (use MS KB for how to)
• Promote another RWDC into that test environment
• Before the schema create snapshots so that you can revert back to your
starting scenario when needed
• Now do the schema update
• Check event logs
• Check AD replication
In your production environment
• Make sure the DC with the schema master FSMO role (NETDOM QUERY FSMO to
find that one) has replicated!!! (important because of the initial
synchronization requirements for FSMO role owners) You could just go into
Sites and Services and force inbound replication
• Disable AD replication (inbound and outbound) on the DC that has the
schema master FSMO role (NETDOM QUERY FSMO to find that one)
• Disable AD replication (inbound and outbound) on a NEARBY DC (very
important)
• Update the AD schema by specifying the DC with the schema FSMO as the
target DC
• Check the event logs on the schema FSMO
• Force AD replication between the schema FSMO DC and the nearby DC using
REPADMIN /replicate <Dest_DC_LIST> <Source DC_NAME> <Naming Context> /force
• Check the event logs on the nearby DC
• If all is good, enable replication on the schema FSMO and the nearby DC
Just before the schema update do a system state backup of the DCs involved.
That way you have the most update backup you can get
if something goes wrong, you need to do a non-authoritative restore. because
it just involves the schema, make sure to TRANSFER all the FSMO roles of the
schema master DC (if any) to another DC. That saves you the headache from
ALSO restoring the other FSMO roles (do this prior to the backup, so that it
contains the new FSMO role config)
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question -->
http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"jpsrstokato" <> wrote in message
news:AB7CE051-FD11-4181-8D82-...
> Before we run adprep to prepare infrastructure for Windows 2008, I plan to
> disable outbound replication on the FSMO master.
> If things go wrong, and I neeed to revert, can I restore systemstate from
> backup normally (i.e. without an authoritative AD restore), and then
> re-enable outbound replication.
> i.e. I'm assuming here that if replication has been disabled, an
> authoritative restore is not necessary before it is re-enabled..
>
> Thanks.
>
>
Similar Threads
Linear Mode
