Tech Tip: Avoid mangled Active Directory names

If you use Microsoft's deployment guide for upgrading to Windows Server 2003, "Upgrading Windows 2000 Domains to Windows Server 2003 Domains," you'll notice that one of the first steps in upgrading Windows 2000 Active Directory (AD) to Window 2003 AD is running the ADPrep.exe utility.

However, when the Windows 2000 AD forest has Exchange 2000 installed, you risk mangling some object names if you run ADPrep.exe without proper preparation.

Exchange 2000 defines three non-RFC compliant attributes, which Windows Server 2003 redefines to comply with RFC 2798. ADPrep.exe resolves the conflict between the existing non-RFC attributes and the redefined attributes by marking the old attributes as duplicates. It considers these duplicate attributes mangled; they can prevent the installation or upgrade of Exchange 2000.

While it isn't difficult to fix these mangled attributes, you can prevent this problem entirely. You can modify the Exchange 2000 AD attributes before running ADPrep.exe. Follow these steps:

  1. Log on to the schema operations master role with an account that's a member of both the Schema and Enterprise Administrators groups. Make sure you've enabled schema updates.
  2. Create a directory under the system drive's root with the name IOP.
  3. Open Notepad, and paste the following text:

dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchAssistantName

dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchLabeledURI

dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: lDAPDisplayName
lDAPDisplayName: msExchHouseIdentifier

changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1

  1. Save the Notepad file with the name InetOrgPersonPrevent.ldf in the newly created IOP directory, and close Notepad.
  2. Open a command prompt, and change directories to %systemdrive\LOP.
  3. Type the following command, including the quotation marks:

c:\iop>ldifde -i -f inetorgpersonprevent.ldf -v -c DC=<X> "<dn path for forest root domain>"

Replace <X> with a case-sensitive constant (dc=corp,dc=tailspintoys,dc=com), and replace <dn path for forest root domain> with the domain name path for the root domain of the forest.

This process modifies the non-RFC compliant Exchange 2000 attributes, allowing you to run the ADPrep.exe utility.


Editor's Picks