dane_m
asked on
Schema changes to Win2k AD when indrocuding Win2k3 DC?
I currently have a Windows 2000 AD forest and a Windows 2000 native domain. I'd like to introduce a Windows Server 2003 DC to an existing domain without upgrading the functional level from Win2k native.
I've read in many places that Win2k3 can act as a DC in a 2000 native domain, but when I run dcpromo on the Win2k3 server to promote it, it requires that adprep be run on the forest and domain before it can be added.
Does anyone know what adprep is doing to "prepare" the forest and domain? My assumption is that the end result will still be a Windows 2000 forest and a Windows 2000 native AD domain, but it obviously did _something_ to the AD structure. There are services within my company that are heavily integrated with AD , so I can't modify the schema, but I can theoretically extend it so long as all the existing fields do not change.
I'm aware that the Win2k AD schema also has different "levels" within the same functional level; is this what the Win2k3 aprep is changing? Does anyone know which level it needs to be at for the Win2k3 DC to be present? Can the Win2k3 adprep only extend the schema (assuming the functional level doesn't change), or can it modify what's already existing?
I've read in many places that Win2k3 can act as a DC in a 2000 native domain, but when I run dcpromo on the Win2k3 server to promote it, it requires that adprep be run on the forest and domain before it can be added.
Does anyone know what adprep is doing to "prepare" the forest and domain? My assumption is that the end result will still be a Windows 2000 forest and a Windows 2000 native AD domain, but it obviously did _something_ to the AD structure. There are services within my company that are heavily integrated with AD , so I can't modify the schema, but I can theoretically extend it so long as all the existing fields do not change.
I'm aware that the Win2k AD schema also has different "levels" within the same functional level; is this what the Win2k3 aprep is changing? Does anyone know which level it needs to be at for the Win2k3 DC to be present? Can the Win2k3 adprep only extend the schema (assuming the functional level doesn't change), or can it modify what's already existing?
ASKER
Thanks Bartender_1, I love how Microsoft gives enough information just to make users dangerous without really informing them how the product works.
I'm trying to determine what effect the Win2k3 adprep will have on the domain so I can verify my notes with other departments in my company to tell them why this schema extention won't affect their applications (assuming my notes say it doesn't :) ).
I vaguely recall there being different numbered levels of the AD schema that can exist under the "Windows 2000 native" domain functional level. I'm hoping that this is what the Win2k3 adprep does (ups the "number" of the schema), which _should_ mean that it can't make any changes that would affect/break apps that rely on the Windows 2000 native AD schema for operation.
Do you have any information that would support my theory?
I'm trying to determine what effect the Win2k3 adprep will have on the domain so I can verify my notes with other departments in my company to tell them why this schema extention won't affect their applications (assuming my notes say it doesn't :) ).
I vaguely recall there being different numbered levels of the AD schema that can exist under the "Windows 2000 native" domain functional level. I'm hoping that this is what the Win2k3 adprep does (ups the "number" of the schema), which _should_ mean that it can't make any changes that would affect/break apps that rely on the Windows 2000 native AD schema for operation.
Do you have any information that would support my theory?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.microsoft.com/resources/documentation/IIS/6/all/proddocs/en-us/Default.asp?url=/resources/documentation/IIS/6/all/proddocs/en-us/adprep.asp
The above link is what Microsoft has to say about Adprep and what it does.
In addition to extending the schema, adprep also updates default security descriptors, and adds new directory objects.
Hope this helps!
:o)
Bartender_1