We help IT Professionals succeed at work.

Exchnage CU updates

sara2000
sara2000 asked
on
Our client has a single AD forest (mydom.local) with multiple sites. They have Exchange 2016 running in DATABASE Availablity Group (DAG). The tech wants to extend the AD schema because of the CU updates. He says that he has to extend the AD schema at both DAG place (prod and DR). As I understand there is no need to do multiple times since there is only one schema master. Experts our there, you must have updated CUs several times, Could you please shed light on this?
1. Does CU update need AD schema update or Exchange schema update?
2. Do we have to update the schema at both places?
Comment
Watch Question

Saif ShaikhServer engineer

Commented:
1. Does CU update need AD schema update or Exchange schema update?

CU update will update the exchange schema number to a higher one.

Step 1: Extend the Active Directory schema
To extend the schema for Exchange, run the following command in a Windows Command Prompt window:

<Virtual DVD drive letter>:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema

Step 2: Prepare Active Directory:
To prepare Active Directory for Exchange, run the following command in a Windows Command Prompt window:

<Virtual DVD drive letter>:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD  /OrganizationName:"<Organization name>"

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019

For details on new schema classes and attributes that Exchange adds to Active Directory, including those made by Cumulative Updates (CUs), see Active Directory schema changes in Exchange Server.
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/active-directory/ad-schema-changes?view=exchserver-2019

For details about what's happening when Active Directory is being prepared for Exchange, see What changes in Active Directory when Exchange is installed?.
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/active-directory/ad-changes?view=exchserver-2019

2. Do we have to update the schema at both places?

No Its the above command which takes care on the whole AD and Exchange. AD (AD related information will be updated) Exchange (Exchange related information such as Prepare Active Directory containers, objects, and other items)

Exchange makes the following changes to the Active Directory forest as mentioned in below article:
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/active-directory/ad-changes?view=exchserver-2019

Author

Commented:
If CU updates (setup.exe) does the schema update, do we still have to follow the spets above?
My other question.
What would happen if we apply the above steps multiple times? that is, at each site.
Saif ShaikhServer engineer

Commented:
No you don't need to the above are used setup/prepareschema and /prepareAD when you are installing a new exchange server in the forest which does not have any exchange information.

If you already have exchange installed and just upgrading the CU the CU will take care of upgrading the schema and all.

You don;t need to do it mutiple sites at each site because if you have only one exchange server is a site which has 2 DC's the replication information will update the changes on the other DC.

If you have mutiple exchange server is different site, then just upgrading the CU's will help and their respective DC's will get the latest schema information.

Author

Commented:
Thank you for the quick reply.
What would happen if the Exchange admin decided to run above steps in multiple sites?
Exchange is not my field, and I have no authority tell exchange admin not to do ::
MichelangeloSystem Administrator / Postmaster

Commented:
Pretty nothing, the setup is engineered to check whether schema changes have been applied or not.
Just make sure you have a complete back up set of the AD database that you can restore in case of issues.
Be particularly aware in case you have a large deployment and/or a slow convergency time for AD replicas, and in case your AD schema has been extended with custom OIDs.

For instance (lab activity really) when applying CUs you can point to a given DC so that you can
- isolate it from the other DCs
- check in AD event log the schema changes while they happen, check no collisions happened
- de-isolate the DC and check replica



To sum up:
Exchange is an AD based application. AD is a (distributed) database with a schema. Exchange needs to extend AD schema to be able to save its data.
CU (Cumulative Updates) are complete exchange installs that
- check and update schema if needed
- install or update Exchange
AmitIT Architect
Distinguished Expert 2017

Commented:
If you have single forest and domain, you need to update your Schema and prepare your domain once only. No need to update multiple times, if you run also, nothing will happen.

Next, if you have multiple domain, then you need to update schema once and prepare other domains either in one shot or prepare them separately, depends on your client.

Refer: https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019

Read above KB you will understand what, i am saying above.

Note: Schema, Domain and Enterprise admin permission needed to update your schema and domain.

Author

Commented:
if I understood correctly, we have to prepare a domain if we upgrade from a prior version of 13 to 14, the steps are as below. Am i correct?


Step 1-
E:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema

step 2
E:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:"Contoso Corporation"
Saif ShaikhServer engineer

Commented:
Yes the steps are correct, but if you are upgrading from old CU to New CU the above command running are not required..

Just open CMD in elevated mode and navigated to setup disk location i.. CU20

Then run command: setup /m:upgrade

The above command will take care of schema and prepare AD

You don't need to run them additionally i.e. Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema and Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD

Author

Commented:
I am going to upgrade to C12 to C14.
I think the c14 requires aprep?
AmitIT Architect
Distinguished Expert 2017

Commented:
If you have account with all AD and Exchange rights, running CU will do everything for you. Until you have different team managing Exchange and AD.

Author

Commented:
Amit.

Will setup /m:upgrade update the schema? Provided the user has both exchange and AD permissions.
I think we have to run the two steps as per the link below. Exchange is not my filed and I  want to confirm with experts out there if they performed this task instead of pointing the Microsoft link..

https://practical365.com/exchange-server/installing-cumulative-updates-on-exchange-server-2016/

Author

Commented:
Here is my confusing part.

The updates for Exchange 2016 and Exchange 2019 do not bring any new features, but it does bring a lot of hot fixes which are documented in the respective Microsoft  articles. Also both updates do not include any Active Directory Schema changes. --------- It is strongly recommended to prepare the Active Directory Configuration container manually by running this command:

https://www.enowsoftware.com/solutions-engine/exchange-quarterly-updates-sept-2019
Saif ShaikhServer engineer

Commented:
Just open CMD in elevated mode and navigated to setup disk location i.. CU20

Then run command: setup /m:upgrade

The above command will take care of schema and prepare AD

You don't need to run them additionally i.e. Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema and Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD

Author

Commented:
Saif
I am not upgrading to CU20.
I am upgrading from cu12 to CU14
It requires the ADPrepare.
Server engineer
Commented:
Then run command: setup /m:upgrade

The above command will take care of schema and prepare AD

You don't need to run them additionally i.e. Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema and Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD

Author

Commented:
It is important to prepare AD if we jump from cu12 to 14 unless we go from CU13 to CU14.

Author

Commented:
setup.exe /m:upgrade will perform readiness check and will error if we did not prepare AD from CU12 to CU14 b/cwe missed CU13.
Thank you all for your help. We end up preparing AD and Schema prior to run the setup. We had no issue with upgrading the CU.