It is a prerequisite for Exchange 2010 that we upgrade the Active Directory schema. Quite simply, without a schema update we can’t install the product. But other maintenance work we’ve done in recent months, such as that taken to resolve hidden PDFs sent from a Mac, necessitated a schema update too.
In an ideal world this would have meant we were saved a task – being fully up-to-date on Exchange 2007 should save us from further updating tasks. But no, it has actually painted us into a corner. The original release of Exchange 2010 used a schema version that is now below the level we’re operating on. So the original ‘release to manufacturing’ version of Exchange 2010 can no longer be installed here because of the service packs we’ve applied. Here’s how it has worked out:
Schema versions
2007 SP3 14625 11222 11221
2010 RTM 14622 12640 12639
2010 SP1 14726 13214 13040
It’s only the ‘rangeupper’ value that we’re interested in right now. This is the first of the three number strings shown for each version above – our current ‘range upper’ value is 14625 – and as you can see it’s higher than the un-updated version on Exchange 2010.
So we’ll actually be deploying straight to the most current version of Exchange 2010. Currently it’s Service Pack 1 Update Rollup 5 but it’s probable that Service Pack 2 will be released before we get too far.
Meanwhile, back to the task at hand. Fortunately it’s pretty easy to update the schema:
- From a command prompt, check the current rangeupper value is what you’d expect. You can check with adsiedit but I just used dsquery as it’s faster:
dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=domainname,dc=ox,dc=ac,dc=uk -scope base -attr rangeUpper
- From the Exchange 2010 SP1 media, run setup.com with the ‘prepareschema’ (or ‘ps’) switch. The command has a stop-me-if-you-want-to-cancel mode: just wait and it’ll proceed by itself:
- Run dsquery again – the rangeupper value should now be 14726.
- Er, that’s it.
This is one of those jobs that should be uneventful – but one with mammoth repercussions if it broke Active Directory…
By getting it out of the way early it’s one less issue that could cause a loss of service when the big rollout starts.