Solved

2008 adprep /domainprep

Posted on 2011-03-22
9
612 Views
Last Modified: 2012-05-11
I am attempting to move from a hosed up SBS 2000 domain to 2008 standard.  Am I going to affect logins or password policies by running 2008 adprep /domainprep and other adprep commands?  Trying to do this as seamless as possible.  At what point will password policy come into play.  I know 2008 uses complex passwords, not sure how it will affect existing users?
0
Comment
Question by:marty-240
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35193185
You should be fine. Complex passwords are not configured by default.
0
 
LVL 4

Accepted Solution

by:
philetaylor earned 167 total points
ID: 35193232
the ADPREP /forestprep and /domainprep merely modify the AD schema to allow it to accept 2008 domain controllers, no changes are made to password policies etc.

Cheers

Phil
0
 

Author Comment

by:marty-240
ID: 35193294
Sorry, I wasn't clear on this part of the question.
 During the upgrade process, at what point will password policy come into play?
0
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 167 total points
ID: 35193302
It won't until you decide to implement complex password policies. An upgrade will use your exact same basic password policy.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 77

Expert Comment

by:arnold
ID: 35193566
An upgrade of a hosed AD will get you to a hosted AD with newer interfaces.
I.e. if you have a clunker, putting new paint on it will not change it.

Could you elaborate what you mean that you have a "hosed" SBS 2000 AD.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 166 total points
ID: 35193629
The password policy will take effect immediately for new users,  however any existingnusers will not be forced to use a complex password until their current password expires and must be changed - at that point a complex password must be used
0
 

Author Comment

by:marty-240
ID: 35193818
Domain has 3 DC's(sbs only allows for one), primary dc had crashed and an attempt made at reinserting it into the domain, exchange no longer in use or SQL.  A mess I inherited and we are moving away from.  Attempting to upgrade domain to an 08 domain, establish trusts with the new domain so the move will be less painful as users are moved away from resources, until resources can be moved too.  SBS does not allow trusts.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35194066
SBS can have as many DCs as you want - its not limited to one !
So long as the SBS machine has all the FSMO roles.

As I pointed out earlier SBS does not allow more than one domain (or trusts)
0
 
LVL 77

Expert Comment

by:arnold
ID: 35194909
Sine you have 2 other functional DC, you can use ntdsutils to sieze FSMO, RID and schema master roles.
restoring your domain to a functional level, note that the FAILED SBS must never be joined back without a reinstall if at all.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now