Active Directory upgrade from Win 2008 to Win 2008 R2

Posted on 2011-11-01
Last Modified: 2012-05-12
Hi, we have a Win 2008 (NOT R2) forest root with four Win 2003 R2 child domains under it.

We want to introduce a Win 2008 R2 domain controller into one of the child domains so we will need to update the schema with Adprep /forest and adprep /domain commands.

If I understand correctly, this will update the AD schema on the forest and all child domains.

However, I am wondering what testing we would need to do? We have Exchange, domino, ISA, IIS and other applications in our environment and obviously updating the AD schema will affect the underlying domain security for all of these.

Should we be performing an extensive test of everything, or am I being overly cautious??

Question by:paulo999
    LVL 4

    Accepted Solution

    Hi Paulo,
    Upgrading AD scheme will not affect domain security and definitely not affect any Microsoft application servers like Exchange or ISA.
    Procedure is very common and the only thing you should do before upgrading schema is to perform system state backup in case of a failure, which is very rare for this procedure.


    Assisted Solution

    Hi Paulo,

    The upgrade is not changing any permission model in the forest. Preparing the schema only extends the schema configuration with new attributes for windows server 2008 R2.

    For more details,


    Author Comment

    Thank you both for the fast responses.

    What are the back out procedures available if it does all go badly wrong? Is it to ensure that you have system state backups of the domain controllers updated to restore if needed?

    LVL 10

    Assisted Solution

    ADPREP extends the Active Directory schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the Windows Server 2008 operating system.

    It does not give any problem with current environment but for safer side please do take a system state backup of DC and go ahead for further steps.

    You need to run below commands on 2003 DC.
    adprep /forestprep
    -Must be run on the schema operations master for the forest.
    -Once for the entire forest

    adprep /domainprep
    -Must be run on the infrastructure operations master for the domain.
    -Once in each domain where you plan to install an additional domain controller that runs a later version of Windows Server than the latest version that is running in the domain.

    adprep /domainprep /gpprep
    -Must be run on the infrastructure operations master for the domain.
    -Once in each domain within the forest

    You mentioned the server is 2008-
    -If its a windows 2008 then use ADPREP.
    -In Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe (Adprep32.exe).

    Assisted Solution

    Hi Paulo,

    System state back up of the DC which hold the schema role is a must. Apart from that you can have backup of other primary domain controller in each domain.

    LVL 4

    Assisted Solution

    Hi Paulo,

    Just run the ADPREP cmdlets and everything will be fine :)
    If you are performing regular backups, then you don't need to worry about damage to your AD environment.

    When you run this commands just look at white dots and think positive :)



    Author Closing Comment

    Thanks for all comments

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Event 9327, MSExchangeSA 1 24
    Exchange 2007 13 18
    internet access from windows servers 4 34
    JItbit AD intergration 4 19
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now