"Schema conflict with Exchange 2000", Exchange never installed

[Guest]

We're trying to upgrade our Win2000 AD to 2003 R2. Our dcdiag's are all
good, and we're getting the "There is a schema conflict with Exchange 2000"
error when we run the adprep /forestprep command from the R2 CD (disk 2).

Everything I've read on this talks about mangled attributes, etc... but
we've never had Exchange installed anywhere on our network or, if by some
strange circumstance it was ever installed, we never used it.. or setup
anything in AD for it.

When I was in the Active Directory Schema snap-in configuring it to allow
changes to the schema, I found all sorts of Exchange stuff listed under both
Classes and Attributes.. and I'm wondering how that stuff got there. Is it
always there by default or would Exchange *had* to have been installed and/or
used at one point or another? Can those attributes/classes simply be
deleted? I wasn't about to do that.. or attempt to do it.. without checking
with someone else first.

There's nothing in our Active Directory related to Exchange. There was a
couple of groups *that had no members*.. and I deleted those groups.

Additionally, none of our servers have anything about Exchange in the
registry.

We're strongly considering contacting Microsoft, but I wanted to explore
this avenue first. Any ideas? Thanks in advance!

 

[Guest]

Upon further inspection, I see that I can disable or deactivate classes and
attributes in the Active Directory Schema snap-in. Is this an advisable
thing to try?

 

[Ace Fekay [MVP]]

In

Upon further inspection, I see that I can disable or deactivate
classes and attributes in the Active Directory Schema snap-in. Is
this an advisable thing to try?

Apparently at one time, an attempted Exchange install had been performed, or
at least a "setup /forestprep" was run at one point in preparation for
Exchange.

To verify that, create an MMC and add the ADSI Edit snapin and take a look
at the Schema Container. When you click on the Schema object in the left
window pane, you will find on the top of the right results pane an object
counter. If Exchange was installed, it will report about 2200 objects. If
not, it's only about 1100 or so. I can't remember the exact numbers, but
there are about 1000 Exchange objects and if it is over 2000, it is a
definite sign that an Exchange forestprep was run at one time.

btw- to get the ADSI Edit snapin, install the Support Tools (free on the
Windows CD).

If this is the case, the way to fix it is to follow this article below. It's
really not that hard, but one thing I need to mention is that you CAN'T just
simply dectivate the objects because their attribute object IDs are needed
in order to renamed for Windows 2003.

Windows Server 2003 adprep /forestprep command causes mangled attributes in
Windows 2000 forests that contain Exchange 2000 servers:
http://support.microsoft.com/kb/314649

If you have difficulty following the procedure, you can also call Microsoft
PSS. I believe their charges for support are about $250.00 USD per incident
(unless it went up) and they will take as long as is required to fix it for
you.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain

 

[Guest]

Thank you for replying!

Yes, ADSI Edit shows 2017 objects.

And, since there's no way to remove them.. we'll just have to live with it,
I suppose.

I was considering following the procedure in the KB article you mentioned,
but I wanted to rule out any possibility of removing Exchange first.. for
obvious reasons.

Thanks again for your reply. It was very helpful.

 

[Ace Fekay [MVP]]

In

Thank you for replying!

Yes, ADSI Edit shows 2017 objects.

And, since there's no way to remove them.. we'll just have to live
with it, I suppose.

I was considering following the procedure in the KB article you
mentioned, but I wanted to rule out any possibility of removing
Exchange first.. for obvious reasons.

Thanks again for your reply. It was very helpful.

No prob for replying. With 2017 Schema objects obviously shows a forestprep
was run at one time. To remove it, pop in the Exchange 2000 CD, and choose
to Remove ALL. Once done, then put in the 2003 CD and install Exchange. I
would suggest to install Ex2003 on a Windows 2003 member server to reduce
the complexties of installing it on a DC.

Ace

 

[Guest]

Well, after trying to run the inetorgpersonfix.ldf file.. I get the following:

"A referral was returned from the server". The part it was attempting to
modify was CN=secretary,CN=Schema,CN=Configuration,DC=ourdomain. "0 entried
modified successfully"

We have never had a reason to use Exchange (we use a different mail server)
so I guess I'll have to find an Exchange 2000 CD from someone and remove it,
as you described.

Thanks

 

[Guest]

I went back into ADSI Edit and looked for the 3 attributes the KB article
mentions. I found the houseIdentifier and LabeldURI attributes, but didn't
find the Secretary attribute.. among the 2017 schema objects.

That suggests that if the inetorgpersonfix was edited to remove the
Secretary portion, the fix may work... yes? no?

Thanks,
Mark

 

[Ace Fekay [MVP]]

In

I went back into ADSI Edit and looked for the 3 attributes the KB
article mentions. I found the houseIdentifier and LabeldURI
attributes, but didn't find the Secretary attribute.. among the 2017
schema objects.

That suggests that if the inetorgpersonfix was edited to remove the
Secretary portion, the fix may work... yes? no?

Thanks,
Mark

I don;t know. One way to find out is to try the adprep /forestprep again. If
it doesn't, I would try to uninstall Exchange 2000 completely as I
previously suggested. If you do not have the CD to run the uninstall and
are still having problems, call PSS. Believe me, for $250 USD they will take
as long as it takes to fix it (hours, days, etc). Well worth it.

Ace

 

[Ace Fekay [MVP]]

In

Well, after trying to run the inetorgpersonfix.ldf file.. I get the
following:

"A referral was returned from the server". The part it was
attempting to modify was
CN=secretary,CN=Schema,CN=Configuration,DC=ourdomain. "0 entried
modified successfully"

We have never had a reason to use Exchange (we use a different mail
server) so I guess I'll have to find an Exchange 2000 CD from someone
and remove it, as you described.

Thanks

A referral means the object you are referencing does not exist. This can be
because it really doesn't exist, the path is incorrect, the server you are
doing this on (are you on your desktop doing this?) cannot access the DC, or
bad credentials.

Hmm, I noticed you have "DC=ourdomain", does that mean uit is not
"dc=ourdomain,dc=com" or "dc=ourdomain,dc=local", etc and that truly the
format of your domain name is actally a single label such as "OURDOMAIN"
and not "ourdomain.com" or "ourdomain.local", etc?

If this is true, I would first think about migrating into a brand new domain
with the proper name format, etc. SIngle label names are EXTREMELY
PROBLEMATIC and probably has somehting to do with the failed Exchange 2000
installation attempt in the past.

It can also cause the referral error.

If the name is really like this you MUST make plans to take care of this one
way or another.

Ace

 

[Guest]

No, our domain name has multiple labels.. I was just making it generic for
the sake of discussion. Suffice it to say it's DC=ourdomain,DC=com

I ran the fix from the server (albeit via Remote Desktop) with all of the
FSMO roles while logged in as someone who's a member of the Domain Admins,
Enterprise Admins, and Schema Admins group.

 

[Guest]

Well, there's nothing really to uninstall about Exchange. I tried the
"update.exe /removeorg" option, but it said it can't continue because there's
no Organization container.

I suppose I could do the Exchange forestprep and domainprep.. and then do
the /removeorg thing.. but I wonder if that would just make things more
complicated and/or worse.

 

[Brian Desmond [MVP]]

You can't uninstall the schema updates made by Exchange ... they're
permanent

--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com

 

[Guest]

Alright. What do you think of editing the inetorgpersonfix to remove the
CN=Secretary portion? I do not see that attribute in the Active Directory
Schema snap-in, and installing the inetorgpersonfix generates an error
because it can't find the Secretary attribute.

Thanks,
Mark

 

[Ace Fekay [MVP]]

In

You can't uninstall the schema updates made by Exchange ... they're
permanent

Ah yes, forgot about that simple fact!

Thanks, Brian.

 

[Ace Fekay [MVP]]

In

Alright. What do you think of editing the inetorgpersonfix to remove
the CN=Secretary portion? I do not see that attribute in the Active
Directory Schema snap-in, and installing the inetorgpersonfix
generates an error because it can't find the Secretary attribute.

Thanks,
Mark

I f you can do it, fine. Going by memroy, the article shows the steps as two
fold, if I remember correctly. If you can't find the attributes, it may mean
eithe ryou are looking in the wrong spot, or it was not created. IIRC, one
of the steps creates the attribute.

Try following the article steps. It should work. I've done it on 5 different
systems in the past without problems. On one system I worked on it for 5
hours without success. A predecessor at that company created a Unix
attribute for the MacOSx server, which was not required. But since he
created it, it could not be removed and was causing me difficulties. I
finally broke down and called Microsoft. It took them 8.5 hours and
escalating it to the next tier and getting the devs guys from the prod group
into it as well to fix it. Long day, but that was a well spent $245.00.

Since it is difficult to see what you are doing, and if you feel that you
are having trouble, like I said the $$ are well worth the call and will save
you hours of lost time and resources and not getting anywhere.

Ace

 

[Guest]

I figured out why it wasn't finding the Secretary object. I was using the
inetorgpersonfix from the Win2003 CD, not the Win2000 version (which a KB
article described how to make).

When I ran the Win2000 version, it modified all of the entries successfully.

I'm waiting for the changes to replicate.. and then I'll try the adprep
/forestprep again. *crosses fingers*

Thanks for all your help!

Mark

 

[Ace Fekay [MVP]]

In

I figured out why it wasn't finding the Secretary object. I was
using the inetorgpersonfix from the Win2003 CD, not the Win2000
version (which a KB article described how to make).

When I ran the Win2000 version, it modified all of the entries
successfully.

I'm waiting for the changes to replicate.. and then I'll try the
adprep /forestprep again. *crosses fingers*

Thanks for all your help!

Mark

Good to hear!

ace

 

[Guest]

Forestprep was successful!

Thanks again for the insight.

Mark

 

[Ace Fekay [MVP]]

In

Forestprep was successful!

Thanks again for the insight.

Mark

No prob. Glad you didn't have to call PSS too.