I am with Dean on this. Back around the time of Exchange 2000 MS was recommending segregating the schema FSMO role, about the time that K3 came out they recanted on this, I believe that there was something in the forestprep that required the ability to talk to other machines.
Anyway, you just want to slow down or stop replication to/from the schema master when making the change in production. This can be done with repadmin switches or by setting up site links with really long replication periods (don't exceed one week) or even cutting site links completely and removing connection objects or with 2K, deleting the GUID CNAME alias for the DC in DNS. In K3, they supposedly made it harder to break replication by having missing DNS entries and I haven't tested the ability to kill replication by deleting the GUID CNAME alias. If someone does test, get a trace and figure out what other DNS entries it uses then. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Wednesday, February 08, 2006 7:46 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Schema Extension I really don't agree in the confined scenario Ulf described. Can you explain your point further or is it merely an issue of Microsoft supporting it? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Wednesday, February 08, 2006 5:50 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Schema Extension Ulf B. Simon-Weidner wrote: > Hi David, > > OK - as far as controlling the update of the schema I'd do it that way: > > Do you really care - aka not frequently tested combination of schema > extensions: > 1. Put the schema master on a otherwise stale switch/hub (to provide a > link but no connection to the network) 2. Backup Systemstate (to file > would be fine) 3. Run the Schema Extensions 4. Verify Schema > Extensions 5. If error in 4, restore systemstate 6. Plug back into the > production network Ulf ... I don't think that restoring the system state in the case of schema extension failure is a proper thing. I would suggest instead of that decommission of this DC and seizing Schema FSMO to other DC in the forest. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
