Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

adprep32, how long to allow replication to finish?

Posted on 2012-12-20
9
Medium Priority
?
235 Views
Last Modified: 2013-03-09
I will soon be running adprep32.exe on a Windows 2000 Server, which is the FSMO DC in the network.  I am adding two Windows 2008 R2 servers to become the DCs. The first run is 'adprep32 /forestprep'.  Then I read this: '...allow the changes to replicate throughout the forest before you prepare any domains', which refers to the next step 'adprep32 /domainprep /gpprep'.

What's the best way to know when the changes are finished replicating throughout the forest?  It's a small, in-house, local network. So, I'm assuming it will be within minutes and not some overnight wait.

Thanks.
0
Comment
Question by:bs_ssg
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38711198
You can verify your schema is at 47

http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_VerifyForestPrep

I like using adfind with the shortcut to verify   http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html

how many sites do you have?

Thanks

Mike
0
 
LVL 10

Expert Comment

by:jramsier
ID: 38711199
How many DC's do you currently have? if just one it would basicly be instant, would still give it 10 - 15 minutes.  

Joining to the DC for the windows 2008 R2 boxes will take the longest and for the most part depends on how many files it has to replicate on your domain.

To check files you can open run and type - \\domain.name\ and check the folder sizes in there.
0
 

Author Comment

by:bs_ssg
ID: 38711306
I am aware of the schema version.  It is currently 30, but will go to 47 after I run adprep32 from the 2008 R2 DVD.  I reckon I can assume that once both current DC's show the Schema Version at 47, then any replication initiated by adprep32 will have been completed?
But, when does the Schema Version change?  Is it after /forestprep or after /domainprep?

The current domain controllers are two very old Dell Poweredge tower style Windows 2000 and a Windows 2003 machines.  These are the only two in the system.  I'm replacing them with two Windows 2008 R2 machines that are HP DL120 G7s.  There are currently less than 200 'items' in Active Directory.

The replication here is just for the changes that adprep32 will make after running /forestprep and before running /domainprep.  So, I'm thinking this will be in that 10 - 15 minute range... or less, at which time I can then run the /domainprep /gpprep.

The longer process, as mentioned, will be when joining the new DCs to the system with dcpromo.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38711730
so better run adprep and the repadmin /syncall then wait for 10-15 Mins
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 2000 total points
ID: 38712288
Run both commands on the FSMO master and you don't have to wait.  At least I've never waited and I've never had a problem I can recall relating to that.

HOWEVER, DO make sure you run DCDIAG /C /E /V on both existing DCs (possible the 2000 DCs won't have those switches and you'll have to install DCDIAG maybe on both).  This should check the health of AD and make sure you're ready.  If not, correct unexplained issues before proceeding.

AND MAKE A BACKUP FIRST!!!!
0
 

Author Comment

by:bs_ssg
ID: 38740590
Ok, back from the holidays...

Speaking of making a backup first, I see a lot of call for that.  But, then I never see any examples of what could happen, what errors might pop up, etc., that would require using a backup and then how to actually do the backup.

One of my concerns is exactly that.  The current system I am working with doesn't leave me with a lot of confidence that all will go smoothly.

Since I am adding new DC's to replace the old DC's and not doing an upgrade of the current DC's, how likely is it that I will need to recover using a backup?  How likely is it that running adprep32 will hose up the Windows 2000 Server DC and that prevents the new Windows 2008 DC's from being promotable and if that happens will the schema version have changed to 47 and then the backup recovery changes it back to 30?

This can be some scary stuff in the mind of a novice like me.  :-)

Thanks...
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 2000 total points
ID: 38740730
Quite honestly, if you're NEW to this and never have done it before, then YOU shouldn't be doing it.  Certainly not on your network.  A TEST network, fine.  But NOT your production network.  If you don't have experience and knowledge, you should be hiring a consultant who does.  Would you perform your own Appendectomy (or perform one on a friend) if you didn't have the skills and knowledge to do so?  If not, why would you do one to your network?  

Warning issued, you asked:
> how likely is it that I will need to recover using a backup?  
Not likely at all in my experience.  Then again, I've got experience.  I've never had to do one related to this procedure.  YEARS ago, I did them... but since I'm comfortable with how AD works, It's not something I find the need to do... almost ever.  (That said, and to follow my own advice, I probably should do one or two in a test network before the need arises in a real network -- weird things happen).

> How likely is it that running adprep32 will hose up the Windows 2000 Server DC
> and that prevents the new Windows 2008 DC's from being promotable
Never seen it happen.  Would say odds are extremely low.  That said, you could always be the first.

> and if that happens will the schema version have changed to 47 and then the
> backup recovery changes it back to 30?
That's why you backup BOTH DCs.  And if necessary, you would do an Authoritative Restore on the FSMO master.  That SHOULD take care of things.  OR you would restore one DC after forcibly demoting the other so that there could be no conflict.  Again, test environment.
0
 

Accepted Solution

by:
bs_ssg earned 0 total points
ID: 38740765
Thanks for your input.  And I do have a similar test network at home.  Things are going pretty smooth with that, but the old DC's in the work system have all sorts of other software and roles and features enabled.  All that happened along the way before I got here.  That's why I am introducing new servers to be the Domain Controllers.

And, I am the IT guy/department here.  I know the basics of what I need to do, but it's those little gotcha's that might pop up along the way... and recovering from them.

That's a good idea about the consultant.  I'll have to see if the company will let me contract one.
0
 

Author Closing Comment

by:bs_ssg
ID: 38968883
I was laid off and I'm no longer working this issue.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question