Tuesday, April 10, 2012

Active Directory Schema update

Too many times have I seen how people update the Active Directory schema without taking precautions. A problem during the update could lead to a catastrophic event with no way out other than a forest wide restore. Devoting a couple of minutes to take the safe road is always worth it. These are the simple steps required to perform a safe schema update.

  • Make sure the current state of the Active Directory is healthy. Verify that all replication is working as expected.
  • Introduce a new virtual domain controller and make sure everything is replicated.
  • Transfer the FSMO Schema Master to the new domain controller and isolate it from the rest but running the following commands.
Repadmin /options <DC> +DISABLE_INBOUND_REPL
Repadmin /options <DC> +DISABLE_OUTBOUND_REPL
  • Update the schema and make sure there are no problems.
  • Enable replication by running the following commands.
Repadmin /options <DC> -DISABLE_INBOUND_REPL
Repadmin /options <DC> -DISABLE_OUTBOUND_REPL
  • Wait for replication, transfer the FSMO Schema Master to the original domain controller and remove the newly introduced domain controller from the Active Directory (dcpromo).

Easy as pie and totally worth it.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)