RE: [ActiveDir] FSMO role holding DC's

[GRILLENMEIER,GUIDO (HP-Germany,ex1)]

Title: Message

Yes, it's different for Exchange 2003. - it has no communication requirement with Schema FSMO during installation - also, additional servers can be installed with Exchange Full Admin at the Administrative Group level (used to require Full Org privilege with Exchange 2000 - still need these permissions for the first server of an Org, Domain or Admin group)   /Guido From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Freitag, 24. Oktober 2003 16:55 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] FSMO role holding DC's Fixes for Exchange setup in a service pack?  Really.  You'll want to see if that problem of checking the schema master has been addressed in Exchange 2003 not Exchange 2000.    Al -----Original Message----- From: Merry, Joel (US - Philadelphia) [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] FSMO role holding DC's Don't forget about the RID master. If you want to be able to create new objects on that DC it may eventually need to obtain a new set of RIDs.   It also needs to talk to the PDCe to forward and/or confirm bad password attempts and fun stuff like that.   -Joel       -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 3:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] FSMO role holding DC's   Maybe some of the Exchange MVPs on this list have more info.  Andy, Tom, Missy, Kevin....?   ---------- Original Message ---------------------------------- From: John Reijnders <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date:  Fri, 24 Oct 2003 09:49:15 +0200   Hmmmmm ... That could have been one of the ideas behind this "feature". However, it seems to be a rather nasty feature, especially in AD environment that contain firewalls that separate the schema master from Exchange boxes. (I know, I know ... Firewalls WITHIN a AD environment?). There is a KB article on this issue (280178). Reading this article I get the feeling that every Exchange installation tries to UPDATE the schema (that's an interesting way of verifying the schema, isn't it?). I would prefer a Exchange installation to check the schema on a "random" DC. I think that the failure of an Exchange installation is one of your last worries when you're running an environment in which DCs do not replicate for weeks ;-) ...   I know Microsoft has confirmed this to be a problem. But I'm not aware of the current status and plans on fixing this issue (for example by making it customizable whether or not you want this check to happen on the Schema Master). Anybody ... Anybody at all?   John   -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: vrijdag 24 oktober 2003 9:19 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] FSMO role holding DC's   Just a thought John.  Could the restriction be in place to avoid problems in cases where the E2K installation is made on a DC that has not yet received the replication changes arising from a schema update?  For example, if a DC in a remote site has had replication problems and has not received updates for a week or so.   Tony ---------- Original Message ---------------------------------- From: John Reijnders <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date:  Thu, 23 Oct 2003 08:13:00 +0200   As an addi tion to the previous mails I would like to point out a particular issue with the schema master. The installation of an Exchange 2000 server explicitely needs to contact the DC holding the schema master. The reason for this contact is to check whether or not the schema is updated with the Exchange extensions.   I consider this to be a bug because every single DC in the forests holds the Schema partition and should therefor be able to verify whether or not the Schema has been updated. This wasn't solved a couple of months ago. Mayby MS will solve it in a next Service Pack of Exchange, but untill then ... Make sure that every Exchange box can contact the Schema Master!   Cheers! John Reijnders   -----Original Message----- From: Abbiss, Mark [mailto:[EMAIL PROTECTED] Sent: maandag 20 oktober 2003 11:58 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] FSMO role holding DC's   I have nudged this issue in an earlier post but would like to ask again for confirmation from the collective genius contained in this list.   Do all DC's in a domain HAVE to have a direct connection to the FSMO role holding machines or is there a way of "proxying" these roles ?   What are some of the likely major implications of maintaining a DC without access to FSMO role holders ? The DC in question is replicating with other DC's, so has all objects but just doenst have any connection to the FSMO role holders.   Any thoughts ?   Many thanks List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/   List info   : http://www.activedir .org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/   List info   : http://www.activedir.org/mail_list.htm List FAQ    : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.