Updating Schema and preparing AD for Exchange 2010

(Updated after fixing formatting)

(Updated after modifying Schema master replication statement) 

This is a slightly modified and updated version of my previous post regarding Exchange 2007.

Note before we begin:

It is was once considered best practice to disable outbound replication on the Schema master before conducting schema upgrades. If, for whatever reason, the schema update fails, you can then seize the Schema Master role and forcibly demote the former Schema Master. Once you have verified the success of the Schema updates, you can re-enable outbound replication on the Schema Master. However, this is no longer considered a best practice. It is recommended though, that you test application of the service pack in a lab environment before applying.

Let's begin:

I've broken this process down into two general scenarios, the first where you want to apply all pre-requisite AD and AD schema changes, and then the second where you may want to stage the AD and AD schema changes. I've then further broken down each of the 2 scenarios into 2 cases: single forest/single domain, and single forest/multiple domains. All scenarios assume you are upgrading an existing Exchange Org to Exchange 2010 from 2003 or 2000. So, to summarize, this post will cover the following scenarios and cases:

"All at once"

-Single Forest, Single Domain

-Single Forest, Multiple Domains

"Staged"

-Single Forest, Single Domain

-Single Forest, Multiple Domains

 All at once
 Single domain, single forest
 setup.exe /preparead (this is what the wizard/gui runs) Enterprise admin and schema admin

Single forest, multiple domains
 You must run the following commands on a computer in the same domain and in the same Active Directory site as the schema master

 (ROOT)setup.exe PrepareLegacyExchangePermissions (/pl) -Enterprise admin and schema admin
 (ROOT)setup.exe /prepareschema (/ps) -requires Schema admin
 (ROOT)setup.exe /preparead (/ad) - requires Domain Admin (unless domain created after preparead, then also needs exchange org admin rights)

You could run /preparealldomains, but there would have to be a GC from each child domain in the AD site you are running it from in order for that to work.

Staged:
 Single domain, single forest
 setup.exe PrepareLegacyExchangePermissions (/pl) -Enterprise admin and schema admin
 setup.exe /prepareschema (/ps) -Schema admin
 setup.exe /preparead (/ad) - Domain Admin (unless domain created after /preparead, then also needs exchange org admin rights)

Single forest, multiple domains

You must run the following commands on a computer in the same domain and in the same Active Directory site as the schema master
 setup.exe /preparead (or /ad)in root, then - Enterprise admin and schema admin
 setup.exe /preparealldomains (/pad) - enterprise rights

Then, in each child domain that is hosting:
 -Exchange 2000, Exchange 2003, Exchange 2007 or 2010 servers
 -Mail-enabled objects
 -Global catalog servers that Exchange directory access components might use

Run the following:

 -Setup /pl:domain.fqdn
 -setup /preparedomain (/pd):domain.fqdn

Note: You must run this in the same AD site as the domain controller you are running this against, which should be in the domain you are running against.

References:

White Paper: Description of the Parameters Used With the Exchange 2007 Setup.com Tool
 https://technet.microsoft.com/en-us/library/bb288906.aspx

Prepare Legacy Exchange 2003 Permissions
 https://technet.microsoft.com/en-us/library/aa997914.aspx

Prepare Active Directory and Domains
 https://technet.microsoft.com/en-us/library/bb125224.aspx