K B
asked on
EXCHANGE: Extended schema in child domain
I have setup a lab to mimic a client. They have:
contoso.com (empty forest root)
child.contoso.com (production domain)
When I installed exchange I moved the schema master role to child.contoso.com and used these commands (the syntax may not be exactly correct but the command order is true to what I did):
What I am left with is my Microsoft Exchange System Objects in the parent contoso.com domain.
Is this normal?
Is there a way to isolate Exchange just to the child domain?
Thank you!
contoso.com (empty forest root)
child.contoso.com (production domain)
When I installed exchange I moved the schema master role to child.contoso.com and used these commands (the syntax may not be exactly correct but the command order is true to what I did):
setup /prepareschema
setup /prepareAD
setup /preparedomain
Then I installed the bits
What I am left with is my Microsoft Exchange System Objects in the parent contoso.com domain.
Is this normal?
Is there a way to isolate Exchange just to the child domain?
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It sounds normal that you have Exchange related containers in root domain.
Looking in my own forest, and Microsoft Exchange Security Groups container is in root domain. Microsoft Exchange System Objects container exist in both root and the child domain with Exchange servers.
Exchange will use universal groups and GC which are forest wide components in AD, so will not be isolated in a single domain.
Looking in my own forest, and Microsoft Exchange Security Groups container is in root domain. Microsoft Exchange System Objects container exist in both root and the child domain with Exchange servers.
Exchange will use universal groups and GC which are forest wide components in AD, so will not be isolated in a single domain.
ASKER
hmm my Microsoft Exchange System Objects container only exists in the root.
I notice that I can replicate fine parent to child .. but from child to parent (repadmin /syncall /APedq) I get access denied errors.
Is that normal?
EDIT: I had to close ADUC.. now i can see it but what about replication?
I notice that I can replicate fine parent to child .. but from child to parent (repadmin /syncall /APedq) I get access denied errors.
Is that normal?
EDIT: I had to close ADUC.. now i can see it but what about replication?
ASKER
perhaps that's another question on here. I can post as such.
EDIT: Okay that was just because I hadn't logged out (and back in) after giving the account I was using Enterprise Admin rights.
Thank you to you both!
EDIT: Okay that was just because I hadn't logged out (and back in) after giving the account I was using Enterprise Admin rights.
Thank you to you both!
User probably not member of Enterprise Admins or Schema Admins groups. Logged on as child domain's administrator instead of root domain's administrator?
ASKER