Archive: Posts Tagged ‘adprep’

ADPREP

No comments February 5th, 2011 Rune

If you’re going to prepare your domain/forest for 2008/2008R2 domain controllers, you’ve to run ADPREP before you can promote them. If your existing domain consists of 32-bits 2003 DC’s, you have to run the 32-bit version of ADPREP, named adprep32.exe.

Let’s say you have 3 domains in your forest and you want to raise the Forest Functional Level (FFL) and Domain Functional Level (DFL) to 2008R2.

1. Verify replication health (important):

The first thing you have to make sure of is that your replication is working. To get a quick forest wide overview, you can use a tool called repadmin.exe. (run it from cmd)

repadmin /replsum * /bysrc /bydest /sort:delta

Look at the output and if all DC’s shows “Fails” = 0, you’re ready to move on. If it report errors, you have to look into those before proceeding.

2. Extend the schema:

Log into the DC holding the Schema Master. If you don’t know who that is, run “netdom query fsmo” from any DC. Have the 2008R2 media reachable from the Schema Master.

If the Schema Master DC is a 2003 32-bit run:

adprep32 /forestprep

If you want to be 100 per cents sure that the extensions are replicated to all DC’s before move on to the next step:

Open ADSIedit.msc and navigate to:

Schema > (Properties on) “CN=Schema,CN=Configuration,DC=domain,DC=com

Check “objectVersion” value. Value should be “47” if it has replicated.

Also verify this on the PDCe DC in the other domains. If the value is “30” (2003 level), the change has not been replicated yet. To trigger a replication:

On the PDCe DC: “repadmin /syncall /A /P /e”

When all DC’s got the correct value you can;

 3.  Prepare the domain:

Run “adprep32 /domainprep” on each DC holding the Infrastructure Master (IM) FSMO. One IM in each domain. If you don’t plan to add 2008 DC’s to i.e. Domain C, you don’t have to run this on the IM in Domain C.

 4. If you have a Windows 2000 domain, you have to run:

“adprep32 /domainprep /gpprep”

It will not hurt to run this on a 2003 domain, as you can run the adpreps so many times you want.

5. RODC’s

If you plan to apply RODC’s into your domain, run:

“adprep32 /rodcprep”

 If you’ll never add RODC’s you can skip this, but DCDIAG will report an error regarding “NCSecDesc”. You can ignore the error, but who likes to do that?

 
FAQ’s and common errors regarding ADPREP from the Technet Wiki:

http://social.technet.microsoft.com/wiki/contents/articles/troubleshooting-adprep-exe-errors-dsforum2wiki.aspx

AD in general