Forestprep and Domainprep 2008

I'm about to get ready to install a Windows 2008 server into a 2003 mixed mode domain, making it a domain controller as soon as I can.  I know I have to run (the 32 bit versions) of adprep for forest and domain on the current domain controller.  My question is, will this take the domain down for users while the changes are being made?  Can they still work in their files while it is running?

There are about 20 workstations on the network.  Also 3 servers are running, two already domain controllers.  The two DCs are old and rather bad shape, and want to get this new server in pronto.

Anyway, I believe I have all the step by step instructions, but just not clear if adprep will stall out the network and users will be forced to sign off.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

No it will not. I would suggest running a dcdiag and a netdiag and try to remove all errors first if any.
No effect.It would be transperent to users.Adprep will add some attributes & classes  to your schema . it will not touch the data. in other words : it's like adding columns in an excel sheet , the exisited data will not be affected.
 You can do it during working hours.

But Microsoft recommendations is to do the following:
backup your domain controllers ( System State).
disconnect the network cable the Server hold Schema Master .
extend the schema .
If everything is OK, then reconnect the domain controller. otherwise you have to restore the system state in DSRM.
User will not come to know even there something cooking in the background running ADprep..:)

Adprep /forestprep & adprep /domainprep only add extra classes & attribute along with the permission to ensure that higher windows version is well supported with all the option.

i would suggest taking system state backup which is best with Ntback in case of restore required & also check any legacy application which might be not as compatible with schema ext as i didn't realize doing for hundred upgrade till now.

There is no requirement to do it in offline mode as there is no issue reported for upgradation as it add classes & attributes.

As there is few dc still i would suggest give some time to complete the replication & run dcdiag to ensure all is well.

Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Adprep /forestprep & adprep /domainprep only add extra classes & attribute along with the permission to ensure that higher windows version is well supported with all the option so as per my experience this never effects to the daily business but you must take care of one thing that there must not any other ad appending/editing/backup/restore of ad server is going on the same time if they are running then the adprep and domainprep will stop running with an error but this will also never harm your current infrastructure.
shonadleAuthor Commented:
Thanks for your help.  I am getting error messages on adprep32 about call to function.  I'm curious, the server is actually overheating (I've been on them about this)  Can that cause adprep to fail as looking at technet's listings of normal call to function errors already check out.

I guess I just don't want to spin my wheels messing with the sysvol folders/permissions if it's the fact the server is running dangerously hot.
Can u please post detailed error also check the event viewer for any errors related to adprep and post them as well.
shonadleAuthor Commented:
Glad to...

I have removed the AV. I will say the scripts folder is missing from the root of the shared SysVol.  Not sure how to put it there.

I did get domainprep without gpprep finished just when you add the gpprep it will fail.  Does this mean that the group policy might not necesarily carry over and I could move forward with setting up the 2008 server as a domain server?
You can use D4 & D2 method.

  1. Stop the File Replication service on the problem domain controller.
   2. Start Registry Editor (Regedt32.exe).
   3. Locate and then click the BurFlags value under the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
   4. On the Edit menu, click DWORD, click Hex, type D2, and then click OK.
   5. Quit Registry Editor.
   6. Move data out of the PreExisting folder.
   7. Restart the File Replication Service.
Above article works for all dc.

Note: D2 has to be set as burflag on problem DC.

Gpprep error can be ignored, as i did that error comes but never had any issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I hope you followed the link.

Is adprep /forestprep & adprep /domainprep
completed successfully w/o any error.
shonadleAuthor Commented:
Yes, forestprep and domainprep were updated successfully.  When I tried to do a adprep /domainprep /gpprep I get the call back function error.

Would it be better to just try to promote the 2008 server now or attempt to do the D2 fix?
Untill all the errors are gone, dcpromo might not work properly so its better to do D2 fix.

Run dcdiag & check there is no error event then only dcpromo 2008 dc.

Gpprep error you can ignore.

shonadleAuthor Commented:
I get dcdiag errors.  Will the above fix this do you think?
Oh, my mistake the gpprep error is due to script folder is missing, id didn't noticed the error which is trying to assign the permission on sysvol folder.

First correct the sysvol issue & run adprep /domainprep /gpprep again.
Your dc1 doesn't have netlogons shared so thats the reason & it will not allow to configure 2008 as an DC until you rectify the sysvol error.

Use Burflag to copy the sysvol completely from other dc so it should have all the folder with proper permission.

Sysvol can take time to replicate the data from other dc.

shonadleAuthor Commented:
The problem is I can't add a SCRIPTS folder to the sysvol shared.  I can add a new folder but it won't let me rename it.  Is it safe to give myself rights on that folder (administrator)?
You don't do it manually as scripts folder is shared netlogon, which can break the sysvol, follow the article & it will do it automatically & if there is no dc, copy the sysvol folder with scripts & policy folder & after doing D2, it will share automatically, don't change anything manual which can cause serious damage.

shonadleAuthor Commented:
Ok, just one final question.  The directions say to move data out of the preexisting folder before I restart the service.  What is the folder it's speaking of?
shonadleAuthor Commented:
Actually a second question, because I want to do this right.  I have to do this on both DCs, the one that is holding the netlogon and sysvol folders should have the D4 registry add and the other server (where it will replicate to) should have the D2?
Dc which is having healthy sysvol with no FRS error in event log don't need any settings on that, the D2 is only required on problem domain controller.

So just do D2 on problem dc or else copy the files shown in technet link.

shonadleAuthor Commented:
Thank you.  It turned out to be a wrap error that was causing replication issues.  But the D2 fixed it.

Now the new 2008 domain controller is up and the FSMO roles have been transferred.  Something you said has made me nervous though so I wanted to ask.  

There are 2 scripts in the SCRIPTS folder.  One is outdated and needs to be removed as it's calling up instation of software we no longer use.  The other needs to be edited for network mappings to connect to the new server.  My question is, am I safe to just edit the script files (will make a backup) using notepad and save or should this be done another way?
Scripts in SCRIPTS folder can be removed but SCRIPTS folder which is shared as netlogon should not be touched.

Glad, everything is working fine now, yes due to journal wrap error it happens, windows 2008 is better to overcome Journal wrap condition.
I mean you can safely remove content inside the script folder like old scripts or bat file or any other..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.