upgrading Active Directory Schema

I have two DC controllers. One is win 2003 which is a Schema master and one win 2008. I’d like to take down aging 2003 DC and just installed and DC promo third DC controller on win 2008 R2.
I can see “Active Directory Schema” choice in Add/Remove Snap-in (MMC) only on 2003 box. Both 2008 and 2008 R2 DC don’t have it listed.
What should do I have to do to move the Schema to another DC and to upgrade forest to 2008 R2?
What should be added to 2008 and 2008R to add AD Schema to the list of snap-ins?
How can I roll back schema upgrades in case I have any setbacks?
FYI I still have exchange 2000 box active on my Domain (without mailboxes or public folders  just for relaying some older internal ups)
leop1212Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Since this is your first 2008 R2 DC you will need to update the schema as you have noted.  Do to that you will need adprep32 it is explained in the link below

http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe (Adprep32.exe).

Once you have the new DC up and replication is working and no errors and you want to transfer the schema FSMO role you can register the schema snap in and transfer the role, explained here

http://www.petri.co.il/transferring_fsmo_roles.htm

Thanks

Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian PiercePhotographerCommented:
If you are bringing down the 2003 machine you will need to transfer ALL of the FSMO roles.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/53f288ff-2e6e-41d9-ad41-480564a129a4/migrating-fsmo-roles-from-server-2003-to-server-2008-r2

You also need to make sure that DNS and Global Catalog are installed on the new machine

You may also need to install/transfer DHCP and update the DNS servers that its providing to the clients
0
thomasclmCommented:
What should be added to 2008 and 2008R to add AD Schema to the list of snap-ins?
Run this command "regsvr32 schmmgmt.dll" so that it appears in snap-in.

What should do I have to do to move the Schema to another DC and to upgrade forest to 2008 R2?
If you have not joined the 2008 DC to the domain, first you need to run adprep and this need to be run on the existing 2003 DC using the adprep available in 2008 DVD. In Windows Server 2008 R2, Adprep.exe is located in the \Support\Adprep folder of the operating system disk. In Windows Server 2008, Adprep.exe is located in the \Sources\Adprep folder.

Adprep is executed using the following commands :
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep

for more information :   http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

Now you add the new 2008R2 DC to the domain.

Then transfer the roles .

How can I roll back schema upgrades in case I have any setbacks?
You can never roll back a schema upgrade.

It is always better to shutdown the 2003 dc for some days before removing it from the domain to check whether there is any impact.

AS suggested earlier by KCTS  "You also need to make sure that DNS and Global Catalog are installed on the new machine"

Regards,
Thomas
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Seth SimmonsSr. Systems AdministratorCommented:
Just FYI - you will not be able to raise your domain/forest functional level to 2008 or 2008 R2 (once you get that installed) while your 2000 Exchange server exists.  You need to get rid of it or upgrade since it isn't supported.
0
SandeshdubeySenior Server EngineerCommented:
To move the schema FSMO role see this:http://www.petri.co.il/transferring_fsmo_roles.htm.

As you wanted to promote Win2008R2 server you need to upgrade the schema and then promote Win2008 R2 server as DC.


Adding first Windows Server 2008 R2 Domain Controller within Windows 2003 network
http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

How to demote/decommision the Win2003 Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)

Also dont forget to configure authorative time server on the PDC role holder server below is the KB article for the same. http://support.microsoft.com/kb/816042

Hope this helps
0
leop1212Author Commented:
When I tried to run Adprep32.exe /forestprep from addprep folder copied from  w2k8r2
supprot\addprep install CD
on my 2003 DC controller
I  am getting an error that adprep32.exe  is not a valid Win32 applicaiton
0
Seth SimmonsSr. Systems AdministratorCommented:
have you tried running directly from the cd or on another system?  if it still throws that error it could be bad media or drive when the files were copied
0
SandeshdubeySenior Server EngineerCommented:
Adprep.exe is a command-line tool that is available on the Windows Server 2003/2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.

Ensure that you are using correct adprep tool to prepare the forest.If your current DC is 32bit you need to use adprep32.exe else if it is 64bit OS you need to use adprep.exe.Also make sure that you are using Win2008 DVD & run adprep from an elevated command prompt(Run as administrator).

Adprep.exe is a command-line tool that is available on the Windows Server 2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.

Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep on the infrastructure master.In your case if you have single DC run the commands on same server.
0
Mike KlineCommented:
Is your 2003 box 32 or 64 bit?

Thanks

Mike
0
leop1212Author Commented:
2003 R2 32
0
Seth SimmonsSr. Systems AdministratorCommented:
did you try what i suggested?
0
leop1212Author Commented:
it was corrupted download
I ran all 3 adprep and all 3  returned me that "schema was already updated". I had done it when I added win 2008 so it loooks like schema 2008 R2 is the same as 20008. Is it true?
0
Mike KlineCommented:
No schema is different for 2008 R2, you can check versions here

http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html

Thanks

Mike
0
SandeshdubeySenior Server EngineerCommented:
To check the schema version execute the below query and post the output.Please substitute the domain name and run the query.

dsquery * cn=schema,cn=configuration,dc=domainname,dc=com -scope base -attr objectVersion

If the schema version is 47 then no need to run adprep you can directly promote the new Win2008 R2 server.More on schema version see this http://sandeshdubey.wordpress.com/2011/10/21/how-to-determine-your-ad-and-exchange-schema-version/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.