Solved

Schema changes to Win2k AD when indrocuding Win2k3 DC?

Posted on 2004-04-08
6
282 Views
Last Modified: 2010-04-13
I currently have a Windows 2000 AD forest and a Windows 2000 native domain.  I'd like to introduce a Windows Server 2003 DC to an existing domain without upgrading the functional level from Win2k native.

I've read in many places that Win2k3 can act as a DC in a 2000 native domain, but when I run dcpromo on the Win2k3 server to promote it, it requires that adprep be run on the forest and domain before it can be added.

Does anyone know what adprep is doing to "prepare" the forest and domain?  My assumption is that the end result will still be a Windows 2000 forest and a Windows 2000 native AD domain, but it obviously did _something_ to the AD structure.  There are services within my company that are heavily integrated with AD , so I can't modify the schema, but I can theoretically extend it so long as all the existing fields do not change.

I'm aware that the Win2k AD schema also has different "levels" within the same functional level; is this what the Win2k3 aprep is changing?  Does anyone know which level it needs to be at for the Win2k3 DC to be present?  Can the Win2k3 adprep only extend the schema (assuming the functional level doesn't change), or can it modify what's already existing?
0
Comment
Question by:dane_m
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Bartender_1
Comment Utility
Hi dane_m,
http://www.microsoft.com/resources/documentation/IIS/6/all/proddocs/en-us/Default.asp?url=/resources/documentation/IIS/6/all/proddocs/en-us/adprep.asp
The above link is what Microsoft has to say about Adprep and what it does.

In addition to extending the schema, adprep also updates default security descriptors, and adds new directory objects.

Hope this helps!

:o)

Bartender_1
0
 

Author Comment

by:dane_m
Comment Utility
Thanks Bartender_1, I love how Microsoft gives enough information just to make users dangerous without really informing them how the product works.

I'm trying to determine what effect the Win2k3 adprep will have on the domain so I can verify my notes with other departments in my company to tell them why this schema extention won't affect their applications (assuming my notes say it doesn't :) ).

I vaguely recall there being different numbered levels of the AD schema that can exist under the "Windows 2000 native" domain functional level.  I'm hoping that this is what the Win2k3 adprep does (ups the "number" of the schema), which _should_ mean that it can't make any changes that would affect/break apps that rely on the Windows 2000 native AD schema for operation.

Do you have any information that would support my theory?
0
 
LVL 22

Accepted Solution

by:
Bartender_1 earned 500 total points
Comment Utility
dane_m,

While I never "swear" by anything with Microsoft, I would expect that this comment (on the page supplied by the above link) "After you prepare your forests and domains with adprep, you can leave your domain controllers running Windows 2000 for an indefinite length of time, or you can begin the domain controller upgrade immediately. " would mean that it doesn't change anything in AD that would adversly affect Win2K servers (and therefore, software that's been built for AD integration)

Have you checked the websites of the vendors for your applications?
(Search for FAQs or patches, etc.)

My best suggestion at this point (only because it's quicker than scouring the Microsoft site) would be:

Do a complete backup including your system state, etc.
Run the adprep,
Test your applications,
If they work, go celebrate,
If they don't work, then restore from backup.

:o)

Bartender_1
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
auto copy 8 610
Question about teaming two NIC's on Server 2012 2 556
ClamAV for Old Windows 2000 Server 7 1,916
Screen Mirroring 7 37
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now