Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

upgrading Active Directory Schema

Posted on 2013-06-20
14
Medium Priority
?
658 Views
Last Modified: 2013-06-21
I have two DC controllers. One is win 2003 which is a Schema master and one win 2008. I’d like to take down aging 2003 DC and just installed and DC promo third DC controller on win 2008 R2.
I can see “Active Directory Schema” choice in Add/Remove Snap-in (MMC) only on 2003 box. Both 2008 and 2008 R2 DC don’t have it listed.
What should do I have to do to move the Schema to another DC and to upgrade forest to 2008 R2?
What should be added to 2008 and 2008R to add AD Schema to the list of snap-ins?
How can I roll back schema upgrades in case I have any setbacks?
FYI I still have exchange 2000 box active on my Domain (without mailboxes or public folders  just for relaying some older internal ups)
0
Comment
Question by:leop1212
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +3
14 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 800 total points
ID: 39262372
Since this is your first 2008 R2 DC you will need to update the schema as you have noted.  Do to that you will need adprep32 it is explained in the link below

http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe (Adprep32.exe).

Once you have the new DC up and replication is working and no errors and you want to transfer the schema FSMO role you can register the schema snap in and transfer the role, explained here

http://www.petri.co.il/transferring_fsmo_roles.htm

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39262399
If you are bringing down the 2003 machine you will need to transfer ALL of the FSMO roles.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/53f288ff-2e6e-41d9-ad41-480564a129a4/migrating-fsmo-roles-from-server-2003-to-server-2008-r2

You also need to make sure that DNS and Global Catalog are installed on the new machine

You may also need to install/transfer DHCP and update the DNS servers that its providing to the clients
0
 
LVL 2

Assisted Solution

by:thomasclm
thomasclm earned 400 total points
ID: 39262483
What should be added to 2008 and 2008R to add AD Schema to the list of snap-ins?
Run this command "regsvr32 schmmgmt.dll" so that it appears in snap-in.

What should do I have to do to move the Schema to another DC and to upgrade forest to 2008 R2?
If you have not joined the 2008 DC to the domain, first you need to run adprep and this need to be run on the existing 2003 DC using the adprep available in 2008 DVD. In Windows Server 2008 R2, Adprep.exe is located in the \Support\Adprep folder of the operating system disk. In Windows Server 2008, Adprep.exe is located in the \Sources\Adprep folder.

Adprep is executed using the following commands :
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep

for more information :   http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

Now you add the new 2008R2 DC to the domain.

Then transfer the roles .

How can I roll back schema upgrades in case I have any setbacks?
You can never roll back a schema upgrade.

It is always better to shutdown the 2003 dc for some days before removing it from the domain to check whether there is any impact.

AS suggested earlier by KCTS  "You also need to make sure that DNS and Global Catalog are installed on the new machine"

Regards,
Thomas
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39262554
Just FYI - you will not be able to raise your domain/forest functional level to 2008 or 2008 R2 (once you get that installed) while your 2000 Exchange server exists.  You need to get rid of it or upgrade since it isn't supported.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 800 total points
ID: 39262843
To move the schema FSMO role see this:http://www.petri.co.il/transferring_fsmo_roles.htm.

As you wanted to promote Win2008R2 server you need to upgrade the schema and then promote Win2008 R2 server as DC.


Adding first Windows Server 2008 R2 Domain Controller within Windows 2003 network
http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

How to demote/decommision the Win2003 Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)

Also dont forget to configure authorative time server on the PDC role holder server below is the KB article for the same. http://support.microsoft.com/kb/816042

Hope this helps
0
 

Author Comment

by:leop1212
ID: 39263195
When I tried to run Adprep32.exe /forestprep from addprep folder copied from  w2k8r2
supprot\addprep install CD
on my 2003 DC controller
I  am getting an error that adprep32.exe  is not a valid Win32 applicaiton
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39263217
have you tried running directly from the cd or on another system?  if it still throws that error it could be bad media or drive when the files were copied
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 800 total points
ID: 39263247
Adprep.exe is a command-line tool that is available on the Windows Server 2003/2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.

Ensure that you are using correct adprep tool to prepare the forest.If your current DC is 32bit you need to use adprep32.exe else if it is 64bit OS you need to use adprep.exe.Also make sure that you are using Win2008 DVD & run adprep from an elevated command prompt(Run as administrator).

Adprep.exe is a command-line tool that is available on the Windows Server 2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.

Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep on the infrastructure master.In your case if you have single DC run the commands on same server.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39263248
Is your 2003 box 32 or 64 bit?

Thanks

Mike
0
 

Author Comment

by:leop1212
ID: 39263307
2003 R2 32
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39263360
did you try what i suggested?
0
 

Author Comment

by:leop1212
ID: 39264322
it was corrupted download
I ran all 3 adprep and all 3  returned me that "schema was already updated". I had done it when I added win 2008 so it loooks like schema 2008 R2 is the same as 20008. Is it true?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39264343
No schema is different for 2008 R2, you can check versions here

http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html

Thanks

Mike
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 800 total points
ID: 39265402
To check the schema version execute the below query and post the output.Please substitute the domain name and run the query.

dsquery * cn=schema,cn=configuration,dc=domainname,dc=com -scope base -attr objectVersion

If the schema version is 47 then no need to run adprep you can directly promote the new Win2008 R2 server.More on schema version see this http://sandeshdubey.wordpress.com/2011/10/21/how-to-determine-your-ad-and-exchange-schema-version/
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question