«

»

Aug 18

Powershell Code: Get Active Directory and Exchange Schema Version

Before performing any Active Directory Schema Update, it is a really good idea to run the following command against every DC and check for replication failures.

repadmin /replsum /bysrc /bydst /sort:delta

After performing an Active Directory schema update, one should verify that all the DCs received the update.  The best command for this I have found so far is:

repadmin /showattr * “cn=Schema,cn=Configuration,dc=EXAMPLE,dc=COM” /atts:ObjectVersion

This repadmin command connects to every DC and displays the AD schema version. The following information translates the AD schema object version code to the OS version.

  • 13   = Windows 2000 Forest Functional Mode
  • 30  = Windows 2003 Forest Functional Mode
  • 31   = Windows 2003 R2 Forest Functional Mode
  • 44  = Windows 2008 Forest Functional Mode
  • 47   = Windows 2008 R2 Forest Functional Mode

Repadmin can also be used to confirm a successful Exchange Schema update.  The command for this is:

repadmin /showattr * “cn=ms-exch-schema-version-pt,cn=Schema,cn=Configuration,dc=EXAMPLE,dc=COM” /atts:rangeupper

The following information translates the Exchange schema object version code to the Exchange version.

  • 4397  = Exchange 2000 RTM Schema
  • 4406  = Exchange 2000 SP3 Schema
  • 6870  = Exchange 2003 RTM Schema
  • 6936  = Exchange 2003 SP3 Schema
  • 10628  = Exchange 2007 RTM Schema
  • 11116  = Exchange 2007 RTM Schema
  • 14622  = Exchange 2007 SP3 & Exchange 2010 RTM Schema
  • 14726  = Exchange 2010 SP1 Schema

Using PowerShell to get AD & Exchange Schema information can be very useful. Code follows.

AD Schema Version Check
In order to check the AD Schema version after performing the Windowsw 2008 R2  Schema update, I came up with the following:

Import-Module ActiveDirectory

$ADInfo = Get-ADDomain
$PDC = $ADInfo.PDCEmulator
$ADDomainDistinguishedName = $ADInfo.DistinguishedName

write-output “Checking the Active Directory Schema version on the PDC ($PDC)” `r
$ADSchema = repadmin /showattr $PDC “cn=Schema,cn=Configuration,$ADDomainDistinguishedName” /atts:ObjectVersion

$ADSchemaArray = $ADSchema  -split “:”
[int]$ADSchemaNum = $ADSchemaArray[4] ## -replace(” “,””)

Switch ($ADSchemaNum)
 { ## OPEN Switch
   13 { $ADSchemaVersion = “Windows 2000 Forest Functional Mode” }
   30 { $ADSchemaVersion = “Windows 2003 Forest Functional Mode” }
   31 { $ADSchemaVersion = “Windows 2003 R2 Forest Functional Mode” }
   44 { $ADSchemaVersion = “Windows 2008 Forest Functional Mode” }
   47 { $ADSchemaVersion = “Windows 2008 R2 Forest Functional Mode” }
 } ## CLOSE Switch

Exchange Schema Version Check

Using the Powershell AD Schema Version Check as a template, I made a few simple modifications to get it to provide the Exchange Schema Version:

Import-Module ActiveDirectory

$ADInfo = Get-ADDomain
$PDC = $ADInfo.PDCEmulator
$ADDomainDistinguishedName = $ADInfo.DistinguishedName

write-output “Checking Exchange Schema version on the PDC ($PDC)” `r
$ExchangeSchemaVer = repadmin /showattr $PDC “cn=ms-exch-schema-version-pt,cn=Schema,cn=Configuration,$ADDomainDistinguishedName” /atts:rangeupper
$ExchangeSchemaArray = $ExchangeSchemaVer -split (“rangeUpper: “)
$ExchangeSchemaVersion = $ExchangeSchemaArray[3]

switch ($ExchangeSchemaVersion)
 {  ## OPEN Switch ExchangeSchemaVersion
   4397 { “Exchange 2000 RTM Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2000 RTM Schema” }
   4406 { “Exchange 2000 SP3 Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2000 SP3″ }
   6870 { “Exchange 2003 RTM Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2003 RTM Schema” }
   6936 { “Exchange 2003 SP3 Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2003 SP3 Schema” }
   10628 { “Exchange 2007 RTM Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2007 RTM Schema” }  
   11116 { “Exchange 2007 RTM Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2007 RTM Schema” }
   14622 { “Exchange 2007 SP3 & Exchange 2010 RTM Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2007 SP3 & Exchange 2010 RTM Schema” }   
   14726 { “Exchange 2010 SP1 Schema discovered…” ; $ExchangeSchemaVersionName = “Exchange 2010 SP1 Schema” }
   default {“unknown value” ; $ExchangeSchemaVersionName = “unknown value” }
 }  ## CLOSE Switch ExchangeSchemaVersion

In order to perform Schema Version checks using Powershell after performing a schema update using adprep /forestprep for Active Directory or Exchange, simply use the blocks of code above in a ForEach loop ($DC in $DomainControllers), replacing $PDC with $DC.

UPDATE: Here’s an alternative method (querying RootDSE) for getting the AD Schema version:

Import-Module ActiveDirectory

$ADRootDSE = Get-ADRootDSE -Properties *

$ADdomainControllerFunctionality = $ADRootDSE.domainControllerFunctionality
$ADdomainFunctionality = $ADRootDSE.domainFunctionality
$ADforestFunctionality = $ADRootDSE.forestFunctionality

Write-Output “AD Domain Controller Functionality: $ADdomainControllerFunctionality `r”
Write-Output “AD Domain Functionality: $ADdomainFunctionality `r”
Write-Output “AD Forest Functionality: $ADforestFunctionality `r”

Cheers,
Sean

 

Share

1 ping

  1. Powershell Code: Get AD & Exchange Schema Version Using Hashtable – Technical posts about IT

    […] posted before about using repadmin to get the Active Directory schema version and the Exchange schema version, […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>