?
Solved

Extending Active Directory 2003 Schema for windows 2008

Posted on 2009-04-28
14
Medium Priority
?
3,485 Views
Last Modified: 2012-05-06
Has any of you ,experts out there, done the Extend of Active Directory 2003 Schema for windows 2008?
what are the benefits of doing that? how hard or easy to upgrade the schema? If yo have screenshots of schema upgrade operation, that would be great.


Thanks
0
Comment
Question by:jskfan
  • 6
  • 4
  • 2
  • +1
14 Comments
 
LVL 18

Accepted Solution

by:
Americom earned 720 total points
ID: 24254320
Step to add a Windows Server 2008 DC in a Windows 2003 Domain:

Part I--Adrep to extend the AD schema
1. Identify the FSMO roles in your DCs
2. Run adprep with the /ForestPrep switch on the DC w/ schema master operations role [Forest specific]
3. Wait for the schema changes to be replciated to all the DCs that hold the infrastructure operations master roles in all domains
4. Run adprep with the /domainprep switch on the infrastructure master domain controller role in that domain. [Domain Specific]
5. After the changes made by adprep /domainprep have been successfully replicated to all DC in that domain,
      you can proceed w/ installation of a first Win2k8 DC in that domain in Part II below.

Note: The forest preparation step must be performed only once for the entire forest. The domain preprations step mustt be performed only once in a domain
before a first Windows Server 2008 Domain controller in that domain is installed. You do not have to run adprep /domainprep in the same domain
again before installing any subsequent domian controllers. You do not have to prepare those domains where you are not planning to install
Window Server 2008 domain controllers. Finally, first win2k8 DC must be a GC and cannot be RODC.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 640 total points
ID: 24254397
Americom has the steps right as usual and there is more info here:
http://technet.microsoft.com/en-us/library/dd464018.aspx
As for screenshots check back on my blog (in my profile).  I plan on doing a step by step of adding your first 2008 DC to a 2003 domain this weekend.  I'll have detailed screen shots.
Thanks
Mike
0
 

Author Comment

by:jskfan
ID: 24254459
I am not installing windows 2008, just extending the schema of w2003 AD.
I have been told that in order to use a new GPO templates for vista, you need the AD2003 schem extended.

is this the only benefits?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 18

Expert Comment

by:Americom
ID: 24254517
Yes, extending the schema will allow you to have more flexible of managing your GPOs such as Group policy client side extensions etc. It will allow you do more machine configuration including Vista plus other GPO which required you to do the extension such as wire-auto configuration and port authentication and so on.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24254521
Are you trying to use the Wired and Wireless policies?   For that you will need a schema extension
http://technet.microsoft.com/en-us/library/bb727029.aspx
Thanks
Mike
0
 

Author Comment

by:jskfan
ID: 24255002
how can you tell that the schema changes has been replicated to all the DC that hold the infrastructure operations master role?
0
 

Author Comment

by:jskfan
ID: 24255082
this did it
Schupgr.exe
0
 

Author Comment

by:jskfan
ID: 24255223
I am getting this error though.
SSPI Bind succeeded
Current Schema Version is 44
ERROR: Cannot obtain schema version to upgrade to: 1
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24255358
Are you running the adprep from the Schema Master?
0
 

Author Comment

by:jskfan
ID: 24255746
adprep /forestprep
went successful
as well as adprep /domainprep

i din't know about the error message
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24261573
Version 44 means that your schema has already been upgraded to Windows 2008.  Are there any other errors in your adprep log?  

One thing that I ran into that caused an issue with adprep was McAfee 8.5i.  

Another thing to check would be to run repadmin /showreps to verify that replication is working.
0
 

Author Comment

by:jskfan
ID: 24262080
how do you run repadmin.
I did it run it displayed just the help
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24262713
repadmin /showreps or repadmin /showrepl
0
 
LVL 3

Assisted Solution

by:ISWSIMBX
ISWSIMBX earned 640 total points
ID: 24262726
You can also check out this link for extended information on using repadmin for AD Replication troubleshooting.

http://technet.microsoft.com/en-us/library/cc811551.aspx
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question