Link to home
Start Free TrialLog in
Avatar of K B
K BFlag for United States of America

asked on

EXCHANGE: Extended schema in child domain

I have setup a lab to mimic a client.  They have:

contoso.com (empty forest root)
     child.contoso.com (production domain)

When I installed exchange I moved the schema master role to child.contoso.com and used these commands (the syntax may not be exactly correct but the command order is true to what I did):

setup /prepareschema
setup /prepareAD
setup /preparedomain

Then I installed the bits

Open in new window


What I am left with is my Microsoft Exchange System Objects in the parent contoso.com domain.

Is this normal?  

Is there a way to isolate Exchange just to the child domain?

Thank you!
ASKER CERTIFIED SOLUTION
Avatar of Ed OConnor
Ed OConnor
Flag of Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of K B

ASKER

Perfect!  thank you.. makes sense.. I suppose the child domain exists in the parent doesn't it
It sounds normal that you have Exchange related containers in root domain.
Looking in my own forest, and Microsoft Exchange Security Groups container is in root domain. Microsoft Exchange System Objects container exist in both root and the child domain with Exchange servers.

Exchange will use universal groups and GC which are forest wide components in AD, so will not be isolated in a single domain.
Avatar of K B

ASKER

hmm my Microsoft Exchange System Objects container only exists in the root.

I notice that I can replicate fine parent to child .. but from child to parent (repadmin /syncall /APedq) I get access denied errors.

Is that normal?

EDIT:  I had to close ADUC.. now i can see it  but what about replication?
Avatar of K B

ASKER

User generated image
Avatar of K B

ASKER

perhaps that's another question on here.  I can post as such.

EDIT: Okay that was just because I hadn't logged out (and back in) after giving the account I was using Enterprise Admin rights.

Thank you to you both!
User probably not member of Enterprise Admins or Schema Admins groups. Logged on as child domain's administrator instead of root domain's administrator?