Get Active Directory schema versions (update)

This month the page on “How to determine the current Active Directory or Exchange Server schema version”, – –, has been updated to reflect the new version of Exchange. Unfortunately the KB article doesn’t provide guidance using powershell,…but the Hey Scripting Guy, Ed Wilson and Ashley McGlone published last year what was required and known at that time on “How to Find Active Directory Schema Update History by Using PowerShell

Now, it’s my turn to publish an updated version of code that adds Exchange 2013, Windows Server 2012 and Lync Server 2013 😀

#Requires -Version 2.0            
Function Get-ADSchemaVersions {            
Begin {            
    # First we load the Active Directory module if required                        
    if ((Get-Module -Name ActiveDirectory).Name -ne "ActiveDirectory") {                        
        Write-Verbose -Message "Attempting to load Active Directory module for Powershell"                        
        Import-Module -Name ActiveDirectory -ErrorAction SilentlyContinue                        
        if ( (Get-PSDrive -PSProvider ActiveDirectory -ErrorAction SilentlyContinue).Name -ne "AD") {                        
            Write-Warning -Message "Failed to load the ActiveDirectory Module"                  
    $KownSchema = DATA {            
    ConvertFrom-StringData @'
    13=Windows 2000 Server
    30=Windows Server 2003
    31=Windows Server 2003 R2
    44=Windows Server 2008
    47=Windows Server 2008 R2 
    56=Windows Server 2012 RTM
    4397=Exchange Server 2000 RTM
    4406=Exchange Server 2000 SP3
    6870=Exchange Server 2003 RTM
    6936=Exchange Server 2003 SP3
    10628=Exchange Server 2007 RTM
    10637=Exchange Server 2007 RTM
    11116=Exchange 2007 SP1
    14622=Exchange 2007 SP2 or Exchange 2010 RTM
    14726=Exchange 2010 SP1
    14732=Exchange 2010 SP2
    15137=Exchange 2013 RTM
    1006=LCS 2005
    1007=OCS 2007 R1
    1008=OCS 2007 R2
    1100=Lync Server 2010
    1150=Lync Server 2013
Process {            
    try {            
        $SchemaPartition = (Get-ADRootDSE -ErrorAction Stop).NamingContexts | Where-Object {$_ -like "*Schema*"}             
    } catch {            
        Write-Warning -Message "Failed to find the AD naming context"            
    if ($SchemaPartition) {            
        # Get the version of AD schema            
        try {            
            $SchemaVersionAD = (Get-ADObject $SchemaPartition -Property objectVersion -ErrorAction Stop).objectVersion            
            New-Object -TypeName psobject -Property @{            
                ProductName = "Active Directory"            
                Version = $SchemaVersionAD            
                Description = $KownSchema[$SchemaVersionAD.ToString()]            
        } catch {            
            Write-Warning -Message "Failed to query the AD schema version"            
        # Get the version of Exchange            
        try {            
            $SchemaVersionExchange = (Get-ADObject "CN=ms-Exch-Schema-Version-Pt,$SchemaPartition" -Property rangeUpper -ErrorAction Stop).rangeUpper            
            New-Object -TypeName psobject -Property @{            
                ProductName = "Exchange"            
                Version = $SchemaVersionExchange            
                Description = $KownSchema[$SchemaVersionExchange.ToString()]            
        } catch {            
            Write-Warning -Message "Schema version for Exchange not found"            
        # Get the version of Lync            
        try {            
            $SchemaVersionLync = (Get-ADObject "CN=ms-RTC-SIP-SchemaVersion,$SchemaPartition" -Property rangeUpper -ErrorAction Stop).rangeUpper            
            New-Object -TypeName psobject -Property @{            
                ProductName = "Lync"            
                Version = $SchemaVersionLync            
                Description = $KownSchema[$SchemaVersionLync.ToString()]            
        } catch {            
            Write-Warning -Message "Schema version for Lync not found"            
End {}            
} # end of function

Here’s how to use the above function:

Get-ADSchemaVersions | Select ProductName,Version,Description | ft -AutoSize

This was the easy part. Now, let’s try to answer the following question: “I’d like to deploy System Center Configuration Manager 2012 SP1. How do I check if the Active Directory schema of the forest is ready?”

Microsoft has published the following technet page for this purpose: Determine Whether to Extend the Active Directory Schema for Configuration Manager

Even if the update of the schema is not strictly required, Powershell can help us check for additions of SMS v4 attributes. What are these new SMS V4 attributes ? The information is located in the file SMSSETUP\BIN\X64\ConfigMgr_ad_schema.ldf of the System Center 2012 ConfigMgr installation media.

The following piece of code allows to quickly check for 3 of these new attributes:

try {            
    ipmo -Name ActiveDirectory -ErrorAction Stop            
    $SchemaPartition = (Get-ADRootDSE -ErrorAction Stop).NamingContexts | Where-Object {$_ -like "*Schema*"}            
    Get-ADObject "CN=mS-SMS-Version,$SchemaPartition" -ErrorAction Stop            
    Get-ADObject "CN=mS-SMS-Capabilities,$SchemaPartition" -ErrorAction Stop            
    Get-ADObject "CN=mS-SMS-Source-Forest,$SchemaPartition" -ErrorAction Stop            
} catch {            
    Write-Warning -Message "Failed to find SMS v4 new attributes because $($_.Exception.Message)"            

As these attributes exist and are displayed in the above image, it means that my AD schema is ready for System Center 2012 Configuration Manager SP1 😎

1 thought on “Get Active Directory schema versions (update)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.