Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.
adprep32, how long to allow replication to finish?
I will soon be running adprep32.exe on a Windows 2000 Server, which is the FSMO DC in the network. I am adding two Windows 2008 R2 servers to become the DCs. The first run is 'adprep32 /forestprep'. Then I read this: '...allow the changes to replicate throughout the forest before you prepare any domains', which refers to the next step 'adprep32 /domainprep /gpprep'.
What's the best way to know when the changes are finished replicating throughout the forest? It's a small, in-house, local network. So, I'm assuming it will be within minutes and not some overnight wait.
Thanks.
What's the best way to know when the changes are finished replicating throughout the forest? It's a small, in-house, local network. So, I'm assuming it will be within minutes and not some overnight wait.
Thanks.
Who is Participating?
You can verify your schema is at 47
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_VerifyForestPrep
I like using adfind with the shortcut to verify http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html
how many sites do you have?
Thanks
Mike
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx#BKMK_VerifyForestPrep
I like using adfind with the shortcut to verify http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html
how many sites do you have?
Thanks
Mike
How many DC's do you currently have? if just one it would basicly be instant, would still give it 10 - 15 minutes.
Joining to the DC for the windows 2008 R2 boxes will take the longest and for the most part depends on how many files it has to replicate on your domain.
To check files you can open run and type - \\domain.name\ and check the folder sizes in there.
Joining to the DC for the windows 2008 R2 boxes will take the longest and for the most part depends on how many files it has to replicate on your domain.
To check files you can open run and type - \\domain.name\ and check the folder sizes in there.
I am aware of the schema version. It is currently 30, but will go to 47 after I run adprep32 from the 2008 R2 DVD. I reckon I can assume that once both current DC's show the Schema Version at 47, then any replication initiated by adprep32 will have been completed?
But, when does the Schema Version change? Is it after /forestprep or after /domainprep?
The current domain controllers are two very old Dell Poweredge tower style Windows 2000 and a Windows 2003 machines. These are the only two in the system. I'm replacing them with two Windows 2008 R2 machines that are HP DL120 G7s. There are currently less than 200 'items' in Active Directory.
The replication here is just for the changes that adprep32 will make after running /forestprep and before running /domainprep. So, I'm thinking this will be in that 10 - 15 minute range... or less, at which time I can then run the /domainprep /gpprep.
The longer process, as mentioned, will be when joining the new DCs to the system with dcpromo.
But, when does the Schema Version change? Is it after /forestprep or after /domainprep?
The current domain controllers are two very old Dell Poweredge tower style Windows 2000 and a Windows 2003 machines. These are the only two in the system. I'm replacing them with two Windows 2008 R2 machines that are HP DL120 G7s. There are currently less than 200 'items' in Active Directory.
The replication here is just for the changes that adprep32 will make after running /forestprep and before running /domainprep. So, I'm thinking this will be in that 10 - 15 minute range... or less, at which time I can then run the /domainprep /gpprep.
The longer process, as mentioned, will be when joining the new DCs to the system with dcpromo.
Run both commands on the FSMO master and you don't have to wait. At least I've never waited and I've never had a problem I can recall relating to that.
HOWEVER, DO make sure you run DCDIAG /C /E /V on both existing DCs (possible the 2000 DCs won't have those switches and you'll have to install DCDIAG maybe on both). This should check the health of AD and make sure you're ready. If not, correct unexplained issues before proceeding.
AND MAKE A BACKUP FIRST!!!!
HOWEVER, DO make sure you run DCDIAG /C /E /V on both existing DCs (possible the 2000 DCs won't have those switches and you'll have to install DCDIAG maybe on both). This should check the health of AD and make sure you're ready. If not, correct unexplained issues before proceeding.
AND MAKE A BACKUP FIRST!!!!
Ok, back from the holidays...
Speaking of making a backup first, I see a lot of call for that. But, then I never see any examples of what could happen, what errors might pop up, etc., that would require using a backup and then how to actually do the backup.
One of my concerns is exactly that. The current system I am working with doesn't leave me with a lot of confidence that all will go smoothly.
Since I am adding new DC's to replace the old DC's and not doing an upgrade of the current DC's, how likely is it that I will need to recover using a backup? How likely is it that running adprep32 will hose up the Windows 2000 Server DC and that prevents the new Windows 2008 DC's from being promotable and if that happens will the schema version have changed to 47 and then the backup recovery changes it back to 30?
This can be some scary stuff in the mind of a novice like me. :-)
Thanks...
Speaking of making a backup first, I see a lot of call for that. But, then I never see any examples of what could happen, what errors might pop up, etc., that would require using a backup and then how to actually do the backup.
One of my concerns is exactly that. The current system I am working with doesn't leave me with a lot of confidence that all will go smoothly.
Since I am adding new DC's to replace the old DC's and not doing an upgrade of the current DC's, how likely is it that I will need to recover using a backup? How likely is it that running adprep32 will hose up the Windows 2000 Server DC and that prevents the new Windows 2008 DC's from being promotable and if that happens will the schema version have changed to 47 and then the backup recovery changes it back to 30?
This can be some scary stuff in the mind of a novice like me. :-)
Thanks...
Quite honestly, if you're NEW to this and never have done it before, then YOU shouldn't be doing it. Certainly not on your network. A TEST network, fine. But NOT your production network. If you don't have experience and knowledge, you should be hiring a consultant who does. Would you perform your own Appendectomy (or perform one on a friend) if you didn't have the skills and knowledge to do so? If not, why would you do one to your network?
Warning issued, you asked:
> how likely is it that I will need to recover using a backup?
Not likely at all in my experience. Then again, I've got experience. I've never had to do one related to this procedure. YEARS ago, I did them... but since I'm comfortable with how AD works, It's not something I find the need to do... almost ever. (That said, and to follow my own advice, I probably should do one or two in a test network before the need arises in a real network -- weird things happen).
> How likely is it that running adprep32 will hose up the Windows 2000 Server DC
> and that prevents the new Windows 2008 DC's from being promotable
Never seen it happen. Would say odds are extremely low. That said, you could always be the first.
> and if that happens will the schema version have changed to 47 and then the
> backup recovery changes it back to 30?
That's why you backup BOTH DCs. And if necessary, you would do an Authoritative Restore on the FSMO master. That SHOULD take care of things. OR you would restore one DC after forcibly demoting the other so that there could be no conflict. Again, test environment.
Warning issued, you asked:
> how likely is it that I will need to recover using a backup?
Not likely at all in my experience. Then again, I've got experience. I've never had to do one related to this procedure. YEARS ago, I did them... but since I'm comfortable with how AD works, It's not something I find the need to do... almost ever. (That said, and to follow my own advice, I probably should do one or two in a test network before the need arises in a real network -- weird things happen).
> How likely is it that running adprep32 will hose up the Windows 2000 Server DC
> and that prevents the new Windows 2008 DC's from being promotable
Never seen it happen. Would say odds are extremely low. That said, you could always be the first.
> and if that happens will the schema version have changed to 47 and then the
> backup recovery changes it back to 30?
That's why you backup BOTH DCs. And if necessary, you would do an Authoritative Restore on the FSMO master. That SHOULD take care of things. OR you would restore one DC after forcibly demoting the other so that there could be no conflict. Again, test environment.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
And, I am the IT guy/department here. I know the basics of what I need to do, but it's those little gotcha's that might pop up along the way... and recovering from them.
That's a good idea about the consultant. I'll have to see if the company will let me contract one.