RE: Schema upgrade/rollback
Yes - that is the only back out plan. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 11:48 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback I'm not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Friday, June 08, 2012 2:56 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
I extended our Schema last week and amazingly, nothing broke. Now, before deploying the first 2K8 DC I am running though this checklist: http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx In some cases I am going to create an equivalent GPO and turn it on. Eventually all W2K8 equivalent GPO's will be on and we'll know at least when we do stand up the first 2K8 DC it's unlikely a new GPO setting will break things. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, June 28, 2012 8:50 AM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback Yes - that is the only back out plan. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Friday, June 08, 2012 11:48 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback I'm not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Friday, June 08, 2012 2:56 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Schema upgrade/rollback
You *expected* something to break? * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Jun 28, 2012 at 11:56 AM, David Lum david@nwea.org wrote: I extended our Schema last week and amazingly, nothing broke. Now, before deploying the first 2K8 DC I am running though this “checklist”:*** * http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx ** ** In some cases I am going to create an equivalent GPO and turn it on. Eventually all W2K8 equivalent GPO’s will be on and we’ll know at least when we do stand up the first 2K8 DC it’s unlikely a new GPO setting will break things. ** ** *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Thursday, June 28, 2012 8:50 AM *To:* NT System Admin Issues *Subject:* RE: Schema upgrade/rollback ** ** *Yes – that is the only back out plan.* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* David Lum [mailto:david@nwea.org] *Sent:* Friday, June 08, 2012 11:48 PM *To:* NT System Admin Issues *Subject:* RE: Schema upgrade/rollback ** ** I’m not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. ** ** *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Friday, June 08, 2012 2:56 PM *To:* NT System Admin Issues *Subject:* RE: Schema upgrade/rollback ** ** *What is it that you fear will happen that this proposed process will protect you from?*** * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* br...@briandesmond.com** * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* David Lum [mailto:david@nwea.org david@nwea.org] *Sent:* Friday, June 08, 2012 2:32 PM *To:* NT System Admin Issues *Subject:* Schema upgrade/rollback ** ** In this day and age of VM’s, what would be the simplest way to test and possibly roll back a schema extension? Would this work? ** ** **1. **Power down all DC’s **2. **Snapshot schema master **3. **Power up schema master **4. **Extend schema **5. **Smoke test **a. **If there are failures revert to snapshot **b. **If all checks out OK power up remaining DC’s *David Lum* Systems Engineer // NWEATM Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
It is Microsoft Duck.. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, June 28, 2012 12:35 PM To: NT System Admin Issues Subject: Re: Schema upgrade/rollback You *expected* something to break? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jun 28, 2012 at 11:56 AM, David Lum david@nwea.org wrote: I extended our Schema last week and amazingly, nothing broke. Now, before deploying the first 2K8 DC I am running though this checklist: http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active -directory-upgrade-considerations.aspx In some cases I am going to create an equivalent GPO and turn it on. Eventually all W2K8 equivalent GPO's will be on and we'll know at least when we do stand up the first 2K8 DC it's unlikely a new GPO setting will break things. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, June 28, 2012 8:50 AM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback Yes - that is the only back out plan. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 11:48 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback I'm not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, June 08, 2012 2:56 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.com mailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org mailto:david@nwea.org ] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
No, but the other SE's half did. I should have put a smiley after my nothing broke comment. I read a blog the other day that a schema upgrade did break something, but only because they went forward then backward: http://blogs.technet.com/b/askpfeplat/archive/2012/02/20/2008-r2-active-directory-schema-updates-lcs-ocs-and-lync.aspx Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, June 28, 2012 9:35 AM To: NT System Admin Issues Subject: Re: Schema upgrade/rollback You *expected* something to break? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jun 28, 2012 at 11:56 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: I extended our Schema last week and amazingly, nothing broke. Now, before deploying the first 2K8 DC I am running though this checklist: http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx In some cases I am going to create an equivalent GPO and turn it on. Eventually all W2K8 equivalent GPO's will be on and we'll know at least when we do stand up the first 2K8 DC it's unlikely a new GPO setting will break things. From: Brian Desmond [mailto:br...@briandesmond.commailto:br...@briandesmond.com] Sent: Thursday, June 28, 2012 8:50 AM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback Yes - that is the only back out plan. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: David Lum [mailto:david@nwea.org]mailto:[mailto:david@nwea.org] Sent: Friday, June 08, 2012 11:48 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback I'm not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. From: Brian Desmond [mailto:br...@briandesmond.com]mailto:[mailto:br...@briandesmond.com] Sent: Friday, June 08, 2012 2:56 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Schema upgrade/rollback
Reverting to snapshot normally bad with DCs due to USN rollback. I've seen it done, but I wouldn't want to try my luck. A sandboxed test environment is the way to go. ---Blackberried -Original Message- From: David Lum david@nwea.org Date: Fri, 8 Jun 2012 19:32:14 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Schema upgrade/rollback
http://blogs.technet.com/b/janelewis/archive/2009/05/12/schema-what-is-the-best-practise-for-updating.aspx Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum david@nwea.orgmailto:david@nwea.org Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, June 8, 2012 2:32 PM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Schema upgrade/rollback In this day and age of VM’s, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC’s 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC’s ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Schema upgrade/rollback
Wouldn't it be wise to power down all of the members computer in the domain, too? Kurt On Fri, Jun 8, 2012 at 12:32 PM, David Lum david@nwea.org wrote: In this day and age of VM’s, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC’s 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC’s David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Schema upgrade/rollback
Reverting to snapshot tends to nuke the time stamps. Nuking timestamps tosses you into host isolation mode. Host isolation mode is bad, time consuming and painful. We have a full lab (with a restored AD environment) where we do testing and once it's in production, we open a ticket with MS is something goes wrong. The only time something goes wrong is when our AD team forgets, snapshots a DC and then reverts it. On Fri, Jun 8, 2012 at 12:32 PM, David Lum david@nwea.org wrote: In this day and age of VM’s, what would be the simplest way to test and possibly roll back a schema extension? Would this work? ** ** **1. **Power down all DC’s **2. **Snapshot schema master **3. **Power up schema master **4. **Extend schema **5. **Smoke test **a. **If there are failures revert to snapshot **b. **If all checks out OK power up remaining DC’s *David Lum* Systems Engineer // NWEATM Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
To cut to the chase- bottom line- schema rollback = forest recovery. --Additional detail All due respect to Carl's link and it's author, that is not the party line from MSIT any longer, they do not recommend taking the SM offline and as noted in the blog comments, some updates fail unless there is successful replication, PDCe is reachable etc. You will actually find a lot of the links to the older guidance on MS sites mentioned in various blogs and forums are now defunct(AKA 404) I saw Brian Puhl (Directory Services Manager in MSIT or some such title at the time) make a presentation at DEC (now TEC) 4 years ago to that effect and it is repeated and reinforced by the MS DS Product Team every year. He actually had a big red x over the How MSIT does Schema Updates blog posting on one of his slides. From that slide- 1. Admin stare compare, documentation review, understand the changes! 1. Deploy in a test environment that resembles the production domain 1. Follow change control process for notification, scheduling, etc... 1. Install Do's Communicate with the other services about what you're doing Test and Document so you know what it's supposed to do Don'ts Try to prevent the data from replicating out Install the schema, until you are SURE that you want it Think that your backout plan is anything less than a forest restore Notes: We took it off and revising it, because in the before time we would pull servers off the network, change replication topologys, and do all this crazy work... and then we found that we were way too late in the process...we should have been focusing our FUD BEFORE we ever pulled the trigger...if you want to extend the schema, but aren't sure, then you shouldn't be doing it in the first place... 1. Stare and compare - this is how we ended up finding out that Exchange was granting itself the right to manage replication - if you don't know what the prep's are doing (and it's not always all documented by MS or every other app provider) then you don't know what's in your directory - and finding out after the fact is a major hassle 2. No, ours isn't EXACT, but from the schema, security, and GPO perspective it's a match 3. The 240,000 mistake 4. If you've done your due diligence, then pull the trigger on the damn thing and let it go Comment by Laura Hunter from a thread on this topic on activdir back then- http://www.activedir.org/ListArchives/tabid/55/view/topic/postid/26689/Default.aspx 03/24/2008 3:40 PM It's actually worth noting that the MSIT guidance in that webcast is a bit outmoded (unsurprising, with it being 2 years old and all.) At Brian's How MSIT does... chat at DEC a few weeks ago, the current prevailing wisdom at MSIT on schema mods is as follows: * Decide what you want to do * Understand the ramifications of it * Test it * Test it again * Do it. (But do it with the understanding that the recovery from a bad/unwanted schema mod is, make no mistake, a -full forest recovery-.) In terms of taking the Schema Master offline/stopping outbound repl/other similar gyrations, the curent MSIT thinking seems to be We don't do that anymore, as this seemed to be adding much unnecessary FUD around the prospect of schema mods. Does this mean that the advice from 2 years ago doesn't work anymore? I would say not, and if it's a process that your org is comfortable with then for my part I would further say 'go with God'. I'm just reporting on the latest takeaway from How MSIT does..., as it's different from what was being advocated in the link listed by Ken. From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, June 08, 2012 1:04 PM To: NT System Admin Issues Subject: Re: Schema upgrade/rollback http://blogs.technet.com/b/janelewis/archive/2009/05/12/schema-what-is-the-best-practise-for-updating.aspx Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum david@nwea.orgmailto:david@nwea.org Reply-To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Friday, June 8, 2012 2:32 PM To: NT Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? Power down all DC's Snapshot schema master Power up schema master Extend schema Smoke test If there are failures revert to snapshot If all checks out OK power up remaining DC's ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally
RE: Schema upgrade/rollback
the difference is he'd only have one dc online until he was sure which schema version he was using. Sent from my Windows Phone From: Rankin, James R Sent: 6/8/2012 3:17 PM To: NT System Admin Issues Subject: Re: Schema upgrade/rollback Reverting to snapshot normally bad with DCs due to USN rollback. I've seen it done, but I wouldn't want to try my luck. A sandboxed test environment is the way to go. ---Blackberried From: David Lum david@nwea.org Date: Fri, 8 Jun 2012 19:32:14 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Schema upgrade/rollback In this day and age of VM’s, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC’s 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC’s David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Schema upgrade/rollback
Agreed ---Blackberried -Original Message- From: Crawford, Scott crawfo...@evangel.edu Date: Fri, 8 Jun 2012 21:05:03 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Schema upgrade/rollback the difference is he'd only have one dc online until he was sure which schema version he was using. Sent from my Windows Phone From: Rankin, James R Sent: 6/8/2012 3:17 PM To: NT System Admin Issues Subject: Re: Schema upgrade/rollback Reverting to snapshot normally bad with DCs due to USN rollback. I've seen it done, but I wouldn't want to try my luck. A sandboxed test environment is the way to go. ---Blackberried From: David Lum david@nwea.org Date: Fri, 8 Jun 2012 19:32:14 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Schema upgrade/rollback In this day and age of VM’s, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC’s 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC’s David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Schema upgrade/rollback
I'm not worried in the least, my fellow non-AD educated folks have paranoia about what happens if something breaks so I have to give them an answer. I told them simply a forest restore. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, June 08, 2012 2:56 PM To: NT System Admin Issues Subject: RE: Schema upgrade/rollback What is it that you fear will happen that this proposed process will protect you from? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Friday, June 08, 2012 2:32 PM To: NT System Admin Issues Subject: Schema upgrade/rollback In this day and age of VM's, what would be the simplest way to test and possibly roll back a schema extension? Would this work? 1. Power down all DC's 2. Snapshot schema master 3. Power up schema master 4. Extend schema 5. Smoke test a. If there are failures revert to snapshot b. If all checks out OK power up remaining DC's David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin