We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
3 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
adprep32, how long to allow replication to finish?
Posted on 2012-12-20
I will soon be running adprep32.exe on a Windows 2000 Server, which is the FSMO DC in the network. I am adding two Windows 2008 R2 servers to become the DCs. The first run is 'adprep32 /forestprep'. Then I read this: '...allow the changes to replicate throughout the forest before you prepare any domains', which refers to the next step 'adprep32 /domainprep /gpprep'.
What's the best way to know when the changes are finished replicating throughout the forest? It's a small, in-house, local network. So, I'm assuming it will be within minutes and not some overnight wait.
Thanks.
What's the best way to know when the changes are finished replicating throughout the forest? It's a small, in-house, local network. So, I'm assuming it will be within minutes and not some overnight wait.
Thanks.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
- +2
9 Comments
You can verify your schema is at 47
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_VerifyForestPrep
I like using adfind with the shortcut to verify http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html
how many sites do you have?
Thanks
Mike
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_VerifyForestPrep
I like using adfind with the shortcut to verify http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html
how many sites do you have?
Thanks
Mike
How many DC's do you currently have? if just one it would basicly be instant, would still give it 10 - 15 minutes.
Joining to the DC for the windows 2008 R2 boxes will take the longest and for the most part depends on how many files it has to replicate on your domain.
To check files you can open run and type - \\domain.name\ and check the folder sizes in there.
Joining to the DC for the windows 2008 R2 boxes will take the longest and for the most part depends on how many files it has to replicate on your domain.
To check files you can open run and type - \\domain.name\ and check the folder sizes in there.
I am aware of the schema version. It is currently 30, but will go to 47 after I run adprep32 from the 2008 R2 DVD. I reckon I can assume that once both current DC's show the Schema Version at 47, then any replication initiated by adprep32 will have been completed?
But, when does the Schema Version change? Is it after /forestprep or after /domainprep?
The current domain controllers are two very old Dell Poweredge tower style Windows 2000 and a Windows 2003 machines. These are the only two in the system. I'm replacing them with two Windows 2008 R2 machines that are HP DL120 G7s. There are currently less than 200 'items' in Active Directory.
The replication here is just for the changes that adprep32 will make after running /forestprep and before running /domainprep. So, I'm thinking this will be in that 10 - 15 minute range... or less, at which time I can then run the /domainprep /gpprep.
The longer process, as mentioned, will be when joining the new DCs to the system with dcpromo.
But, when does the Schema Version change? Is it after /forestprep or after /domainprep?
The current domain controllers are two very old Dell Poweredge tower style Windows 2000 and a Windows 2003 machines. These are the only two in the system. I'm replacing them with two Windows 2008 R2 machines that are HP DL120 G7s. There are currently less than 200 'items' in Active Directory.
The replication here is just for the changes that adprep32 will make after running /forestprep and before running /domainprep. So, I'm thinking this will be in that 10 - 15 minute range... or less, at which time I can then run the /domainprep /gpprep.
The longer process, as mentioned, will be when joining the new DCs to the system with dcpromo.
Active today
Run both commands on the FSMO master and you don't have to wait. At least I've never waited and I've never had a problem I can recall relating to that.
HOWEVER, DO make sure you run DCDIAG /C /E /V on both existing DCs (possible the 2000 DCs won't have those switches and you'll have to install DCDIAG maybe on both). This should check the health of AD and make sure you're ready. If not, correct unexplained issues before proceeding.
AND MAKE A BACKUP FIRST!!!!
HOWEVER, DO make sure you run DCDIAG /C /E /V on both existing DCs (possible the 2000 DCs won't have those switches and you'll have to install DCDIAG maybe on both). This should check the health of AD and make sure you're ready. If not, correct unexplained issues before proceeding.
AND MAKE A BACKUP FIRST!!!!
Ok, back from the holidays...
Speaking of making a backup first, I see a lot of call for that. But, then I never see any examples of what could happen, what errors might pop up, etc., that would require using a backup and then how to actually do the backup.
One of my concerns is exactly that. The current system I am working with doesn't leave me with a lot of confidence that all will go smoothly.
Since I am adding new DC's to replace the old DC's and not doing an upgrade of the current DC's, how likely is it that I will need to recover using a backup? How likely is it that running adprep32 will hose up the Windows 2000 Server DC and that prevents the new Windows 2008 DC's from being promotable and if that happens will the schema version have changed to 47 and then the backup recovery changes it back to 30?
This can be some scary stuff in the mind of a novice like me. :-)
Thanks...
Speaking of making a backup first, I see a lot of call for that. But, then I never see any examples of what could happen, what errors might pop up, etc., that would require using a backup and then how to actually do the backup.
One of my concerns is exactly that. The current system I am working with doesn't leave me with a lot of confidence that all will go smoothly.
Since I am adding new DC's to replace the old DC's and not doing an upgrade of the current DC's, how likely is it that I will need to recover using a backup? How likely is it that running adprep32 will hose up the Windows 2000 Server DC and that prevents the new Windows 2008 DC's from being promotable and if that happens will the schema version have changed to 47 and then the backup recovery changes it back to 30?
This can be some scary stuff in the mind of a novice like me. :-)
Thanks...
Active today
Quite honestly, if you're NEW to this and never have done it before, then YOU shouldn't be doing it. Certainly not on your network. A TEST network, fine. But NOT your production network. If you don't have experience and knowledge, you should be hiring a consultant who does. Would you perform your own Appendectomy (or perform one on a friend) if you didn't have the skills and knowledge to do so? If not, why would you do one to your network?
Warning issued, you asked:
> how likely is it that I will need to recover using a backup?
Not likely at all in my experience. Then again, I've got experience. I've never had to do one related to this procedure. YEARS ago, I did them... but since I'm comfortable with how AD works, It's not something I find the need to do... almost ever. (That said, and to follow my own advice, I probably should do one or two in a test network before the need arises in a real network -- weird things happen).
> How likely is it that running adprep32 will hose up the Windows 2000 Server DC
> and that prevents the new Windows 2008 DC's from being promotable
Never seen it happen. Would say odds are extremely low. That said, you could always be the first.
> and if that happens will the schema version have changed to 47 and then the
> backup recovery changes it back to 30?
That's why you backup BOTH DCs. And if necessary, you would do an Authoritative Restore on the FSMO master. That SHOULD take care of things. OR you would restore one DC after forcibly demoting the other so that there could be no conflict. Again, test environment.
Warning issued, you asked:
> how likely is it that I will need to recover using a backup?
Not likely at all in my experience. Then again, I've got experience. I've never had to do one related to this procedure. YEARS ago, I did them... but since I'm comfortable with how AD works, It's not something I find the need to do... almost ever. (That said, and to follow my own advice, I probably should do one or two in a test network before the need arises in a real network -- weird things happen).
> How likely is it that running adprep32 will hose up the Windows 2000 Server DC
> and that prevents the new Windows 2008 DC's from being promotable
Never seen it happen. Would say odds are extremely low. That said, you could always be the first.
> and if that happens will the schema version have changed to 47 and then the
> backup recovery changes it back to 30?
That's why you backup BOTH DCs. And if necessary, you would do an Authoritative Restore on the FSMO master. That SHOULD take care of things. OR you would restore one DC after forcibly demoting the other so that there could be no conflict. Again, test environment.
Thanks for your input. And I do have a similar test network at home. Things are going pretty smooth with that, but the old DC's in the work system have all sorts of other software and roles and features enabled. All that happened along the way before I got here. That's why I am introducing new servers to be the Domain Controllers.
And, I am the IT guy/department here. I know the basics of what I need to do, but it's those little gotcha's that might pop up along the way... and recovering from them.
That's a good idea about the consultant. I'll have to see if the company will let me contract one.
And, I am the IT guy/department here. I know the basics of what I need to do, but it's those little gotcha's that might pop up along the way... and recovering from them.
That's a good idea about the consultant. I'll have to see if the company will let me contract one.
Featured Post
ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month3 days, 5 hours left to enroll
695 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.