[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

How can I tell if I need to run the "inetOrgPersonfix" on my schema?

Hello all,

My current forest basically consists of a 2000 DC and an exchange 2000 server.
 
I've gone over the http://support.microsoft.com/kb/314649/ link more times than I'm willing to admit, and I still can't tell where to go from this point. I want to replace our 2000 DC's with 2003 DC's. I read in this link that there might be mangling done in the schema. My first question because the KB is vague is this: At what point would the shema become mangled? Is it when you install Exchange 2000, run the adprep commands or when you introduce the 2003 DC's? I ran the ADSI snap in and searched the resulting output for the key attributes that were stated in the KB. I couldn't find anything at all related to what they mentioned (houseid, secretary..., the rest of it). Does that mean they are not there and do not run the risk of becoming duplicated like the KB says?

My second question is this: does the inetOrgPerson command prevent the mangling or does it fix the mangled attributes?

I guess the overarching question is this: How can I tell if I need to run this inetOrgPersonfix command?  
0
numb3rs1x
Asked:
numb3rs1x
  • 6
  • 6
1 Solution
 
LegendZMPrincipal Security ArchitectCommented:
If you setup the Exchange 2000 server after you've already domain/forest prepped it for 2003, then you will "mangle" it.

follow Scenario 2 in the KB you linked and you should be fine. :)
0
 
numb3rs1xAuthor Commented:
I have not done that. As of right now, I have not run the adprep. I just tried to run the inetorgpersonfix utility and I get "A required subref is missing". Does this mean that it can't find the mangled attributes to fix? I would swear by reading that KB article that the mangling happens when you add 2000 to the forest at any time before or after installing 2003. So what you are saying is that if Exchange 2000 is already installed before anything related to 2003 has been installed, I don't have to worry about this mangling business?
0
 
LegendZMPrincipal Security ArchitectCommented:
inetorgpersonfix isn't finding anything, you haven't "mangled" it yet I think....

it sounds like you'll be experiencing scenario 2, but there are 3 different points which the schema can be mangled.

Scenario 1: Exchange 2000 schema changes are added after you run the adprep /forestprep command

Scenario 2: Exchange 2000 schema changes are installed before you run the Windows Server 2003 adprep /forestprep command

Scenario 3: you did not run InetOrgPersonfix before you ran the Windows Server 2003 adprep /forestprep command
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
numb3rs1xAuthor Commented:
it's scenario 2, and I followed the instructions, and I got that error about the subref not being found. I haven't yet promoted the 2003 server to the forest and I haven't run the adprep commands. when you say "mangled it yet" does that mean it is to become mangled at some other point in this process?
0
 
LegendZMPrincipal Security ArchitectCommented:
It will probably become mangled when you run adprep as scenario 2 says, since those are the steps you're taking right?
0
 
numb3rs1xAuthor Commented:
yes, I'm still trying to complete the inetorgpersonfix command and I'm getting a syntax error. let's say my domain controller's name is DC and my domain was domain.com. How would I enter this command?

C:\IOP>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "domain name path for forest root domain"

I entered C:\IOP>ldifde -i -f inetorgpersonfix.ldf -v -c DC=X "dc=domain,dc=com"

I get "a referral was returned by the server".

I wish microsoft would make things a little clearer.
0
 
LegendZMPrincipal Security ArchitectCommented:
that's right ...  "DC=yourcompany,DC=local"

make sure there's a space between DC=X and the "DC=yourcompany,DC=local"
0
 
numb3rs1xAuthor Commented:
yes, there is a space between the X and the name. I still get the error. I looked it up and I'm told it's a syntax error though. I don't know where to go from here.
0
 
LegendZMPrincipal Security ArchitectCommented:
Try this: ldifde -i -f inetorgpersonfix.ldf -v -c "DC=X" "dc=domain,dc=com"
0
 
numb3rs1xAuthor Commented:
Same error. I read somewhere that you had to get into the script and modify the "DC=X" entry there, but that also didn't work. I seems to have the proper entries for the domain when The script starts, but it still errors out. It errors out on line 1 every time and it's always the Referral error.

0
 
numb3rs1xAuthor Commented:
Alright. The problem was two-fold: First, I was trying to run the wrong script: inetOrgPersonfix is the script that you would have to run if your attributes were already mangled after an adprep. inetOrgPersonPrevent is the script that you run to prevent the manging from happening. The script that the MS KB gives you to paste into your DC needs to have the "DC=X" parameter changed to fit your domain. They failed to mention that in the writing. I was still having problems after that because I was not being specific enough about my domain, i.e. I only wanted to fix my.domain.com instead of domain.com. After these two things I was able to get the script to run. adprep went off without a hitch.
0
 
LegendZMPrincipal Security ArchitectCommented:
Great! Glad to hear you got it worked out!

If you could paste your script (modifying the sensitive information) so others who serach for a similar answer can see what script you've used it would be great!

Thanks!

-Legend
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now