The question "Does Exchange setup automatically run /PrepareSchema?" was something that came up many times in the recent Hafnium remediation activities. This was due to many customers not updating Exchange for multiple years, and being extremely behind on updates. In order to get Exchange updated, it was necessary to perform multiple steps in the upgrade process. Sometimes the /PrepareSchema task was required and many folks were surprised to hear that if Exchange is able to run the require prerequisite task it will automatically do so without prompting.
This is not a new behaviour, and this is how Exchange setup operates.
In order for Exchange setup to automatically perform these actions, the account running setup must have the appropriate permissions. For example Schema Admin and Enterprise Admin. A couple of notes on this.
Personally I do not want to let setup perform these tasks as I want to have control. This is for change management, verification and environmental reasons. It may be required that we have to allow time for the schema updates to propagate globally. Additionally in large environments, only the directory services team will have the required permissions. The messaging team will not. In such cases a ticket has to be sent to the directory team to run the preparation. This is a collaborative process, so please tell them in advance about the prerequisites!
In addition, there are nuances around the situations when PrepareAD will run automatically and when it will not. That issue is described in this post which outlines why a new RBAC definition was missing.
Let's walk through an example which shows the /PrepareSchema being performed automatically.
Lab Environment
The below is an ancient lab that was resurrected to provide the screen shots and reference. It was not powered on for 4 years or so, and was initially running Exchange 2010 SP3 RU17 , Exchange 2013 CU17 and Exchange 2016 CU6. Rather outdated, right?
We will focus on the Exchange 2016 server since the latest version has the most recent schema and PrepareAD definitions. If we run /PrepareSchema and /PreparedAD from this version of Exchange, there is no need to perform those steps from older versions as they superseded.
As you see below, Exchange 2016 CU6 is installed.
Windows Update was executed to update the OS, and this is why you see the Hafnium mitigation tool's associated URL Rewrite.
The required components for CU20 were manually installed. They include: Visual C++ 2013 Runtime and .NET 4.8 were also installed along with all Windows Updates.
Note that this particular account is a member of Schema Admins, Enterprise Admins, Domain Admins and Organization Management.
This will NOT be representative of an Exchange administrator in a larger enterprise, but is typical in smaller organisations.
Active Directory is also outdated.
This image was taken immediately after starting the lab back up and is prior to any updates being installed from Microsoft Update or Exchange updates.
For reference the Exchange 2016 schema details are here. The Active Directory version information is in this separate article.
Starting Exchange 2016 CU20 Setup
To recap – AD is outdated, and so is the server.
We will start Exchange 2016 CU20 setup with only the options shown below.
setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Upgrade
Exchange setup completes, and we can review the setup log for the action taken. You will find this in the C:\ExchangeSetupLogs folder. The main log file is the ExchangeSetup.log and this is what we can see below.
At the start of the log, we can see that the command line options above are shown. Just the upgrade and source path. Nothing else.
Exchange will do a check of the environment determining the starting and destination versions. This tells setup that the schema and domain update is needed, so will then add those parameters automatically.
This is seen in the below, but since the line is longer it is harder to read.
To help the text is show afterwards.
[04/27/2021 04:23:03.0238] [0] Setup will run the task 'Install-ExchangeOrganization'
[04/27/2021 04:23:03.0239] [1] Setup launched task 'Install-ExchangeOrganization -DomainController 'DC01.contoso.lab' -OrganizationName 'First Organization' -PrepareSchema $true -PrepareOrganization $true -Industry 'NotSpecified' -ActiveDirectorySplitPermissions $null -PrepareDomain $true'
[04/27/2021 04:23:03.0258] [1] Active Directory session settings for 'Install-ExchangeOrganization' are: View Entire Forest: 'True', Configuration Domain Controller: 'DC01.contoso.lab', Preferred Global Catalog: 'DC01.contoso.lab', Preferred Domain Controllers: '{ DC01.contoso.lab }'
[04/27/2021 04:23:03.0258] [1] User specified parameters: -DomainController:'DC01.contoso.lab' -OrganizationName:'First Organization' -PrepareSchema:'True' -PrepareOrganization:'True' -Industry:'NotSpecified' -ActiveDirectorySplitPermissions:$null -PrepareDomain:'True'
[04/27/2021 04:23:03.0258] [1] Beginning processing Install-ExchangeOrganization
Once done, we can look at the schema information in AD using the steps in this post.
Note that now the schema and directory were updated and are at the CU20 level.
Cheers,
Rhoderick