Here's the scenario: I am upgrading this shop across the board to 2003, including Exchange. I want to get a 2003 DC in place before putting Exchange on a 2003 stand-alone server. To do this, I need to prep the domain for the new 2003 schema, and I need to do this on the 2000 server acting as the schema master. Maybe I am looking at this wrong. What do you think?
-----Original Message----- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Your very welcome Frank. Yes you can demote a DC running Exchange 2000. However, I'm not sure what effect that will have on the Exchange installation. I would do this in a test environment before doing that sort of thing in a production environment. Just curious, why would you want to do this? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I demote a DC running Exchange 2000? I know this is not supported with Exchange 2003, but I can't find any literature regarding 2000. Again, thanks for your help Michael (and everyone!) -----Original Message----- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Yes you should be able to do it without rebuilding anything. It may require a domain synchronize to take effect. But you could force that. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) Can I do this without having to rebuild the server in the DMZ? -----Original Message----- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I thought I would throw this out there. A good option for you may be to use ntdsutil to enter the metabase to see if there is a tombstoned record in your metabase. After which you could delete the old record and manually enter a new record or seize the role with the internal DC. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Buechler Sent: Thursday, February 05, 2004 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Moving Schema Master (continued...) I've done a little more research.. turns out I missed something. After running dcdiag /test:Knowsofroleholders /v, it turns out the server in the DMZ fails. What I get is this: Warning: CN="NTDS Settings ...blah blah.. is the Schema Owner, but is deleted Warning: CN=NTDS Settings ...blah blah.. is the Domain Owner, but is deleted PDC, RID, and Infrastructure Update Owner all passed, seeing the internal server as the role holders. I'm still researching this, but I think I'm getting closer the the problem... -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, February 05, 2004 8:29 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Moving Schema Master (continued...) I figured you knew that... Sorry. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Hmmmmm.... Not a bad idea shipmate. > > -----Original Message----- > From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 6:55 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Don't you have a desktop PC that you could temporarily use? > If not, you > might want to consider moving your internal DC into the DMZ long > enough to move the FSMO instead of the other way around. > > Kenneth W. (Ken) Adams, MCSA, MCSE > > > > -----Original Message----- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 4:26 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Wish I could.. Roger had the same idea, placing a server in the DMZ, > moving the role, then bringing the server inside to transfer it to a > trusted DC. He called it a "swing" server. Great idea, but I don't > have another box to do that with. > > -----Original Message----- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 2:33 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Moving Schema Master (continued...) > > > Have you tried standing up a server in the DMZ next to the Schema > Master Server (IE. New server in the DMZ). Then transfer the FSMO > role to new server. > > Just an Idea, > > Todd > > -----Original Message----- > From: Frank Buechler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 04, 2004 12:46 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Moving Schema Master (continued...) > > > Greetings All > > If you have been following this thread, you know that I am having > problems moving the Schema Master role from a server sitting in my DMZ > to one sitting in trusted. I have opened up all ports between these > two servers, and I am still getting the same error; current FSMO could > not be contacted. I am really at a loss! I can't seize the role as the > server currently acting as the Schema Master is also an Exchange > server, and is hosting IIS. It is not a server that I can take offline > and rebuild. > > I have verified that all requisite rights are in place, I have > verified replication, I even called the mfgr. (Netscreen) of the > firewall to verify that I did indeed have all ports open. I can't take > this server offline to bring it inside, and I don't have a system that > I can use as a "swing" > server as Roger suggested. Is there anything else that may be > preventing me from doing this? I am really getting frustrated! (And > behind > schedule...) > > TIA for any help. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
