OK - what I ment is 1. If extending well known schemas on a fresh installed domain, I'd do it just like that b/c I don't care if I have issues (actually a failure would allow me to have another Latte Macchiate while the DC freshly installs)
2. If extending with a 3rd Party Schema Extensions (usually just a ldif-file) I'd prefer to pull the schema master out of the infrastructure really quick. The scenario Joe has mentioned is "well known schema extension which does additional stuff - like exchange or other programmed extentions". I fully agree in his recommendation to slow down or interrupt replication if contact to other DCs or Servers is needed. Note that no matter what - I'm usually always testing 3rd-Party Schema Extensions first, meaning to verify OID, prefix, LinkIDs, document MapiIDs and consult the customer in the risk of those, and verify the Structure (classes, how they are added to existing objects) default permissions, and look at the migration path if needed. Next step is to pull the domain in a virtual environment and test the schema extension there. Then I start with the extension in production where I follow above mentioned steps. However I'm always curious for other suggestions ;-) Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells |Sent: Thursday, February 09, 2006 1:46 AM |To: Send - AD mailing list |Subject: RE: [ActiveDir] Schema Extension | |I really don't agree in the confined scenario Ulf described. |Can you explain your point further or is it merely an issue of |Microsoft supporting it? | |-- |Dean Wells |MSEtechnology |* Email: [EMAIL PROTECTED] |http://msetechnology.com | | |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko |Sent: Wednesday, February 08, 2006 5:50 PM |To: [email protected] |Subject: Re: [ActiveDir] Schema Extension | |Ulf B. Simon-Weidner wrote: | |> Hi David, |> |> OK - as far as controlling the update of the schema I'd do |it that way: |> |> Do you really care - aka not frequently tested combination of schema |> extensions: |> 1. Put the schema master on a otherwise stale switch/hub (to |provide a |> link but no connection to the network) 2. Backup Systemstate |(to file |> would be fine) 3. Run the Schema Extensions 4. Verify Schema |> Extensions 5. If error in 4, restore systemstate 6. Plug |back into the |> production network | |Ulf ... I don't think that restoring the system state in the |case of schema extension failure is a proper thing. I would |suggest instead of that decommission of this DC and seizing |Schema FSMO to other DC in the forest. | | |-- |Tomasz Onyszko |http://www.w2k.pl/blog/ - (PL) |http://blogs.dirteam.com/blogs/tomek/ - (EN) |List info : http://www.activedir.org/List.aspx |List FAQ : http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |List info : http://www.activedir.org/List.aspx |List FAQ : http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
