Domain 2008R2

Posted on 2012-03-12
Medium Priority
Last Modified: 2012-03-21
I have a testing AD called qa.com running on windows 2003 (DFL=windows 2003)

I need to create a child domain call test.qa.com but with windows 2008 R2.  I have set up this server with DNS and the like.
Question: Is there a need to upgrade the schema to 2008 on the root domain or all i need to do is prep my DC on the new domain?
Question by:cheto06

Expert Comment

ID: 37712015
You must upgrade the schema in the forest root before you can create any 2008 R2-native domains.
LVL 44

Accepted Solution

Adam Brown earned 2000 total points
ID: 37712018
You have to upgrade the Schema to allow for Windows 2008 R2 domain controllers. You do this by running ADPrep/Forestprep in the Root Domain. http://technet.microsoft.com/en-us/library/cc731728%28v=ws.10%29.aspx has info, you should run through that whole thing.
LVL 57

Expert Comment

by:Mike Kline
ID: 37712025
You need to upgrade your schema forestwide /forestprep on schema master and /domainprep on the domains

Note:   if your current DC is 32 bit then use adprep32

One nice thing is that once your child domain is up you can raise the domain functional level to 2008 R2

You cannot set the domain functional level to a value that is lower than the forest functional level, but you can set it to a value that is equal to or higher than the forest functional level.



Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question