Hi, In a MIXED mode root domain the Enterprise Admins group and the Schema Admins group are GLOBAL SECURITY GROUPS as in a mixed mode domain you can not use UNIVERSAL SECURITY GROUPS. When you change de domain functional level (or domain mode in w2k) those groups will be converted to UNIVERSAL SECURITY GROUPS. In a GLOBAL SECURITY GROUP from one domain you can noot add users from another domain.
To accomplish what you want to do (update schema) log onto the schema master with Schema/Enterprise Admins permissions and update the schema and create the Exchange objext in the config container. You'll also need to run exchange forestprep and domainprep in the forest root domain so for that you will need Enterprise Admins and domain admins. QUOTE### ForestPrep must be run in the domain that contains the Active Directory schema master. By default, this domain is the root domain in the forest. You do not necessarily have to run ForestPrep on the schema master; any Windows 2000 or Windows Server 2003 computer in the domain is adequate. That said, it is a best practice to run ForestPrep on the schema master so that network interruptions and latency do not affect the schema update. QUOTE### YOU CAN READ MORE AT http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3ad .mspx http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3ADPerm/cf42 a674-0b75-4de4-b96f-2d22dbdb528e.mspx Remember that when using Exchange you'll need to use UNIVERSAL SECURITY GROUPS (and thus convert that domain to at least domain functional level Windows 2000 native!!!) if you are using distribution lists to secure public folders with MAPI permissions or if you have delegations in place for distribution lists. Those distribution lists will be converted to UNIVERSAL SECURITY GROUPS. The other distribution lists that are not used for public folder security and/or delegation will be converted to UNIVERSAL DISTRIBUTION GROUPS Cheers, jorge -----Original Message----- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 4/19/2005 5:35 PM Subject: [ActiveDir] Installing Exchange in a child domain Hi, 1. I have Install a new Root domain controller "test.com" 2. Install a child domain controller in it "child.test.com" 3. Install a member server in child domain "ps.child.test.com" Now I want to install Exchange server in my PS member server. The problem is that when I login on my ps in child domain I am not able to run the forest prep because the enterprise/ schema admin rights are required for that. I tried to make the child administrator member of Enterprise and schema admin, but I am not able to add child administrator say the users not found. As both the Enterprise and schema admin group are global security group so how do I delegate the child domain administrator the permission so that I can run the forest prep and domain prep by logging in to my PS using child administrator account? What is the procedure to give the delegation of Schema and Enterprise admin right to other child domain users so that Exchange can be installed without login in to root domain controller? Thanks,Manjeet This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
