Solved

Schema changes to Win2k AD when indrocuding Win2k3 DC?

Posted on 2004-04-08
6
287 Views
Last Modified: 2010-04-13
I currently have a Windows 2000 AD forest and a Windows 2000 native domain.  I'd like to introduce a Windows Server 2003 DC to an existing domain without upgrading the functional level from Win2k native.

I've read in many places that Win2k3 can act as a DC in a 2000 native domain, but when I run dcpromo on the Win2k3 server to promote it, it requires that adprep be run on the forest and domain before it can be added.

Does anyone know what adprep is doing to "prepare" the forest and domain?  My assumption is that the end result will still be a Windows 2000 forest and a Windows 2000 native AD domain, but it obviously did _something_ to the AD structure.  There are services within my company that are heavily integrated with AD , so I can't modify the schema, but I can theoretically extend it so long as all the existing fields do not change.

I'm aware that the Win2k AD schema also has different "levels" within the same functional level; is this what the Win2k3 aprep is changing?  Does anyone know which level it needs to be at for the Win2k3 DC to be present?  Can the Win2k3 adprep only extend the schema (assuming the functional level doesn't change), or can it modify what's already existing?
0
Comment
Question by:dane_m
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Christopher McKay
ID: 10785486
Hi dane_m,
http://www.microsoft.com/resources/documentation/IIS/6/all/proddocs/en-us/Default.asp?url=/resources/documentation/IIS/6/all/proddocs/en-us/adprep.asp
The above link is what Microsoft has to say about Adprep and what it does.

In addition to extending the schema, adprep also updates default security descriptors, and adds new directory objects.

Hope this helps!

:o)

Bartender_1
0
 

Author Comment

by:dane_m
ID: 10788124
Thanks Bartender_1, I love how Microsoft gives enough information just to make users dangerous without really informing them how the product works.

I'm trying to determine what effect the Win2k3 adprep will have on the domain so I can verify my notes with other departments in my company to tell them why this schema extention won't affect their applications (assuming my notes say it doesn't :) ).

I vaguely recall there being different numbered levels of the AD schema that can exist under the "Windows 2000 native" domain functional level.  I'm hoping that this is what the Win2k3 adprep does (ups the "number" of the schema), which _should_ mean that it can't make any changes that would affect/break apps that rely on the Windows 2000 native AD schema for operation.

Do you have any information that would support my theory?
0
 
LVL 22

Accepted Solution

by:
Christopher McKay earned 500 total points
ID: 10788373
dane_m,

While I never "swear" by anything with Microsoft, I would expect that this comment (on the page supplied by the above link) "After you prepare your forests and domains with adprep, you can leave your domain controllers running Windows 2000 for an indefinite length of time, or you can begin the domain controller upgrade immediately. " would mean that it doesn't change anything in AD that would adversly affect Win2K servers (and therefore, software that's been built for AD integration)

Have you checked the websites of the vendors for your applications?
(Search for FAQs or patches, etc.)

My best suggestion at this point (only because it's quicker than scouring the Microsoft site) would be:

Do a complete backup including your system state, etc.
Run the adprep,
Test your applications,
If they work, go celebrate,
If they don't work, then restore from backup.

:o)

Bartender_1
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question