6

I'm trying to understand the risk of updating the schema of a very large AD forest, where the schema has not been on every DC, and then an object that uses that schema object is replicated

An example is Lync setup, where it requires a schema change, and also a subsequent forest-prep that uses the aforementioned objects.

Is it possible, and what would happen if the forest-prep data arrived first at an out of date DC before the schema?

Would this be a permanent error, or is there a retry/queue for these types of updates?

makerofthings7
  • 8,821
  • 28
  • 115
  • 196

2 Answers2

6

No, the situation you describe is not possible. A domain controller will not replicate an object from a different schema than its own. Active Directory is a little smarter than that. :)

From TechNet:

Effect of Schema Changes on Replication

Attribute definitions are stored in attributeSchema objects in the schema directory partition. Changes to attributeSchema objects block other replication until the schema changes are performed. During replication of any directory partition other than the schema directory partition, the replication system first checks to see whether the schema versions of the source and the destination domain controllers are in agreement. If the versions are not the same, the replication of the other directory partition is rescheduled until the schema directory partition is synchronized.

So replication of objects will simply be put on hold until the schema update is replicated.

If you look at the output of repadmin, you will notice errors mentioning that replication is failing due to a schema mismatch.

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
2

Is it possible, and what would happen if the forest-prep data arrived first at an out of date DC before the schema?

The forest prep process for Lync does not touch any attributes created by the Lync AD schema extension as far as I can tell. See here for a list of what the forest prep is doing: http://technet.microsoft.com/en-us/library/gg425791.aspx

That said, to avoid installation errors, it's typically a good idea to do any schema updates long enough in advance so that it has replicated to all DCs in the environment. Even in the largest environments, this should not be an extremely long time.

MDMarra
  • 100,183
  • 32
  • 195
  • 326