Before you start the process of preparing Active Directory Domain Services (AD DS) for Office Communications Server 2007 R2, ensure that your Active Directory infrastructure meets the following prerequisites:
·      All domain controllers in the forest where you deploy Office Communications Server run Windows Server 2003 with SP1, Windows Server 2003 R2, or Windows Server 2008.
Note:
The operating system running on the domain controllers can be either 32-bit edition or 64-bit edition.
·      All global catalog servers in the forest where you deploy Office Communications Server run Windows Server 2003 with SP1, Windows Server 2003 R2, or Windows Server 2008.
·      All domains in which you deploy Office Communications Server are raised to a domain functional level of Windows Server 2003 or Windows Server 2008. You cannot deploy Office Communications Server 2007 R2 in a Microsoft Windows 2000 mixed, Windows 2000 native, or Windows 2003 interim domain.
·      The forest in which you deploy Office Communications Server is raised to a forest functional level of Windows Server 2003 or Windows Server 2008. You cannot deploy Office Communications Server 2007 R2 in a Windows 2000 mixed, Windows 2000 native, or Windows 2003 interim forest.
Note:
To change your domain or forest functional level, see “Raising domain and forest functional levels” at http://go.microsoft.com/fwlink/?LinkId=125762.
 
 
 
Customer has a Windows 2008 x64 server to install OCS R2, before they proceed to install, they need to extend the OCS R2 Schema in AD, but they found they failed to extend the schema due to "Server is not operational". There is a firewall between the OCS Server and Schema Master in root domain, customer wants to  know how to extend the Schema in such a scenario.
The Prep Schema wizard must access the Schema Master, which requires that the remote registry service is running and that the remote registry key is enabled.
Microsoft Office Communications Server 2007 R2
Using Setup to Run Schema Preparation
http://technet.microsoft.com/en-us/library/dd425361(office.13).aspx
The schema preparation step extends the Active Directory schema to include classes and attributes that are specific to Office Communications Server. It is run once, against the schema master, for each Active Directory forest where you plan to deploy Office Communications Server.
Enable the following firewall ports between parent domain and child domain based
on the KB179442
(<http://support.microsoft.com/default.aspx?scid=kb;EN-US;179442>)
179442 How to configure a firewall for domains and trusts
http://support.microsoft.com/default.aspx?scid=kb;EN-US;179442
all ports in this KB are cumulative
this applies to member computers within a domain or forest, not just across
trusts
Suggesting we move the Schema Master Roles to a Child DC long enough to get OCS
installed.

If they want to watch replication of this attribute/role replicate to all DCs in
the forest they can run this command:
repadmin /showattr * CN=Schema,CN=Configuration,DC=fujixerox,DC=net /base
/Filter:"(cn=Schema)" /atts:fSMORoleOwner >> SchemaMove.txt
As agreed there are two options that we have to get the OCS installed:
1) Transfer the Schema Role to another DC in the Root Forest. We tried to do a
repadmin /bind from the OCS Server to another DC in the Root Forest
(sgpaphq-addc09) and it connected fine, so we can transfer the Schema Master to
this DC which allow OCS to use it during installation. The commands to do the
schema master transfer are as below:
ntdsutil
roles
connections
clear creds
set creds domain administrator password
connect to server DCx
q
transfer schema master
 

2) Get the below ports open to avoid this kind of issues in the future.

TCP port 135 (epmap service): FILTERED (this needs to be opened because clients
cannot determine what RPC ports are available on jpnfxhq- addc01.fujixerox.net)
=============
=============
Ports 49152 - 65535 must be opened because this is the new Dynamic RPC port range
for W2K8.
=============
=============
Ports 1024 - 5000 must be opened for W2K3 Dynamic RPC ports
=============
=============
TCP port 3268 (msft-gc service): FILTERED (this needs to be opened because
jpnfxhq-addc01.fujixerox.net is a GC)
=============
=============
TCP port 88 (kerberos service): LISTENING (good)
UDP port 88 (kerberos service): LISTENING or FILTERED (this may be open and is
critical for Kerberos)
=============
=============
TCP port 445 (microsoft-ds service): FILTERED (This should be opened for secure
MSRPC)
=============

============
UDP port 137 (netbios-ns service): LISTENING or FILTERED (Windows computers need to
communicate using this port)
Using ephemeral source port
Attempting NETBIOS adapter status query to UDP port 137...
NETBIOS name for 143.94.219.5 not found (timeout)
Adapter status query failed.
UDP port: FILTERED
=============
=============
UDP port 138 (netbios-dgm service): LISTENING or FILTERED (Windows computers need
to communicate using this port)
portqry.exe -n jpnfxhq-addc01.fujixerox.net -e 138 -p UDP exits with return code
0x00000002.
==============
==============
TCP port 139 (netbios-ssn service): FILTERED (Windows computers need to communicate
using this port)
portqry.exe -n jpnfxhq-addc01.fujixerox.net -e 139 -p TCP exits with return code
0x00000002.
==============
Ref: FSMO placement and optimization on Active Directory domain controllers:
http://support.microsoft.com//kb/223346 <http://support.microsoft.com/kb/223346>

Section 2: OCS
1. The installation document for OCS Enterprise is found in this link. Please
download it.
a. <http://www.microsoft.com/downloads/details.aspx?familyid=53F65DC9-09DC-4748-81F7
-48457469E550&displaylang=en>

Enable ICMP Replies via Windows Firewall
http://crav3n.com/kb/?View=entry&EntryID=124