0

We are migrating to Microsoft Online Services, BPOS in particular. We do not run Exchange in our new production environment. However, we do want to take advantage of syncing certain AD attributes to the hosted service. For this we figured we could simply extend the schema of AD with the Exchange 2007 install media to get access to the attributes.

I spun up a test VM running as a domain controller and mounted the Exchange 2007 SP1 media and launched an admin command prompt (Box is a 2008 R2 server standard). I ran "setup /prepareschema".

I rebooted the DC and checked the user attributes using ADUC and the Advanced View Attribute Editor and none of the exchange attributes are showing up.

Note: I also ran another test to include the following commands and nothing shows up again:

"setup /prepareschema"
"setup /preparead /organizationname: "MyOrg"
"setup /preparealldomains"

However, after doing all of this none of the schema attributes show up. Does anyone have any idea on how to get the schema loaded or what I might be missing? Let me know if you need more details.

Ben Pilbrow
  • 11,995
  • 5
  • 35
  • 57
Brent Pabst
  • 6,059
  • 2
  • 23
  • 36

2 Answers2

2

What are you expecting to see? Having just checked a user account with an Exchange mailbox and another without a mailbox, only the user with a mailbox is showing Exchange attributes on the attribute editor.

As for how to edit the attributes, you can use ADSI Edit or something like AD Explorer from Sysinternals. Personally though (for no real reason, though there probably is one) I wouldn't be caught editing Active Directory attributes with these tools unless something had gone very wrong, and especially not to just update user attributes.

These tools do exactly what you ask them to and do not question it, unlike ADUC which will warn you when you might be about to do something stupid.

Ben Pilbrow
  • 11,995
  • 5
  • 35
  • 57
  • Hmm, ok. I'll have to reference our existing 2003 system to see if I see the same thing. I guess I expected to see the attributes show up so at the very least I can edit them, mailbox or not – Brent Pabst May 27 '11 at 14:49
  • 1
    Agree - the filtering on the Attribute Editor tab can be finicky. I'd recommend checking the actual Schema directory partition with ADSIEdit or similar for the new objects. – Shane Madden May 27 '11 at 14:59
  • Shane/Ben OK, I can verify the attributes have been added, what's the easiest way to assign them to the user/group objects? – Brent Pabst May 27 '11 at 15:01
  • @Brent I have updated my answer with details of how to modify the attributes. – Ben Pilbrow May 27 '11 at 15:20
  • 1
    "I wouldn't be caught editing Active Directory attributes with these tools unless something had gone very wrong, and especially not to just update user attributes." I could not agree more. They are normally added automatically by Exchange when adding a mailbox to a user. It is considered very dangerous to do bulk edits using ASDI. – KCotreau May 27 '11 at 16:49
  • @Ben, thanks I'll have to work with ADSI I guess (crap). Just remember we are only editing attributes which get pushed to MSFT BPOS through a sync utility and it's primarily to control visibility of users in the GAL. We don't have an on-premise Exchange box reading from the directory, hence the attributes cannot be added automagically. – Brent Pabst May 27 '11 at 18:12
0

http://support.microsoft.com/kb/934761 http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/Exchange-server-2007-extends-active-directory-schema.html

Also make sure you run it as a user, who can extend the schema...I know it goes without saying, but you never know. If you are not sure, check the group "Schema Admins". Even if you are a domain admin, you are not in that group by default.

KCotreau
  • 3,361
  • 3
  • 19
  • 24
  • If you read my entire question you will see I DID run prepapread as a second test. – Brent Pabst May 27 '11 at 14:50
  • Sorry the reason I have time to even answer questions the last few days is that I am sick as a dog...I have a tendency to miss a few things when I feel like this. My apologies. – KCotreau May 27 '11 at 15:03