Solved

upgrading Active Directory Schema

Posted on 2013-06-20
14
638 Views
Last Modified: 2013-06-21
I have two DC controllers. One is win 2003 which is a Schema master and one win 2008. I’d like to take down aging 2003 DC and just installed and DC promo third DC controller on win 2008 R2.
I can see “Active Directory Schema” choice in Add/Remove Snap-in (MMC) only on 2003 box. Both 2008 and 2008 R2 DC don’t have it listed.
What should do I have to do to move the Schema to another DC and to upgrade forest to 2008 R2?
What should be added to 2008 and 2008R to add AD Schema to the list of snap-ins?
How can I roll back schema upgrades in case I have any setbacks?
FYI I still have exchange 2000 box active on my Domain (without mailboxes or public folders  just for relaying some older internal ups)
0
Comment
Question by:leop1212
  • 3
  • 3
  • 3
  • +3
14 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 200 total points
Comment Utility
Since this is your first 2008 R2 DC you will need to update the schema as you have noted.  Do to that you will need adprep32 it is explained in the link below

http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

Windows Server 2008 R2 includes a 32-bit version and a 64-bit version of Adprep.exe. The 64-bit version runs by default. If you want to run one of the Adprep.exe commands on a 32-bit computer, use the 32-bit version of Adprep.exe (Adprep32.exe).

Once you have the new DC up and replication is working and no errors and you want to transfer the schema FSMO role you can register the schema snap in and transfer the role, explained here

http://www.petri.co.il/transferring_fsmo_roles.htm

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
If you are bringing down the 2003 machine you will need to transfer ALL of the FSMO roles.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/53f288ff-2e6e-41d9-ad41-480564a129a4/migrating-fsmo-roles-from-server-2003-to-server-2008-r2

You also need to make sure that DNS and Global Catalog are installed on the new machine

You may also need to install/transfer DHCP and update the DNS servers that its providing to the clients
0
 
LVL 2

Assisted Solution

by:thomasclm
thomasclm earned 100 total points
Comment Utility
What should be added to 2008 and 2008R to add AD Schema to the list of snap-ins?
Run this command "regsvr32 schmmgmt.dll" so that it appears in snap-in.

What should do I have to do to move the Schema to another DC and to upgrade forest to 2008 R2?
If you have not joined the 2008 DC to the domain, first you need to run adprep and this need to be run on the existing 2003 DC using the adprep available in 2008 DVD. In Windows Server 2008 R2, Adprep.exe is located in the \Support\Adprep folder of the operating system disk. In Windows Server 2008, Adprep.exe is located in the \Sources\Adprep folder.

Adprep is executed using the following commands :
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep

for more information :   http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx

Now you add the new 2008R2 DC to the domain.

Then transfer the roles .

How can I roll back schema upgrades in case I have any setbacks?
You can never roll back a schema upgrade.

It is always better to shutdown the 2003 dc for some days before removing it from the domain to check whether there is any impact.

AS suggested earlier by KCTS  "You also need to make sure that DNS and Global Catalog are installed on the new machine"

Regards,
Thomas
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
Just FYI - you will not be able to raise your domain/forest functional level to 2008 or 2008 R2 (once you get that installed) while your 2000 Exchange server exists.  You need to get rid of it or upgrade since it isn't supported.
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 200 total points
Comment Utility
To move the schema FSMO role see this:http://www.petri.co.il/transferring_fsmo_roles.htm.

As you wanted to promote Win2008R2 server you need to upgrade the schema and then promote Win2008 R2 server as DC.


Adding first Windows Server 2008 R2 Domain Controller within Windows 2003 network
http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

How to demote/decommision the Win2003 Servers
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx (how to demote a DC)
http://technet.microsoft.com/en-us/library/cc755937(WS.10).aspx (how to decommisioning a DC)
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx (how to removing a DC from a Domain)

Also dont forget to configure authorative time server on the PDC role holder server below is the KB article for the same. http://support.microsoft.com/kb/816042

Hope this helps
0
 

Author Comment

by:leop1212
Comment Utility
When I tried to run Adprep32.exe /forestprep from addprep folder copied from  w2k8r2
supprot\addprep install CD
on my 2003 DC controller
I  am getting an error that adprep32.exe  is not a valid Win32 applicaiton
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
have you tried running directly from the cd or on another system?  if it still throws that error it could be bad media or drive when the files were copied
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 200 total points
Comment Utility
Adprep.exe is a command-line tool that is available on the Windows Server 2003/2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.

Ensure that you are using correct adprep tool to prepare the forest.If your current DC is 32bit you need to use adprep32.exe else if it is 64bit OS you need to use adprep.exe.Also make sure that you are using Win2008 DVD & run adprep from an elevated command prompt(Run as administrator).

Adprep.exe is a command-line tool that is available on the Windows Server 2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.

Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master, and adprep /domainprep on the infrastructure master.In your case if you have single DC run the commands on same server.
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Is your 2003 box 32 or 64 bit?

Thanks

Mike
0
 

Author Comment

by:leop1212
Comment Utility
2003 R2 32
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
did you try what i suggested?
0
 

Author Comment

by:leop1212
Comment Utility
it was corrupted download
I ran all 3 adprep and all 3  returned me that "schema was already updated". I had done it when I added win 2008 so it loooks like schema 2008 R2 is the same as 20008. Is it true?
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
No schema is different for 2008 R2, you can check versions here

http://adisfun.blogspot.com/2012/09/windows-2012-ad-schema-version.html

Thanks

Mike
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 200 total points
Comment Utility
To check the schema version execute the below query and post the output.Please substitute the domain name and run the query.

dsquery * cn=schema,cn=configuration,dc=domainname,dc=com -scope base -attr objectVersion

If the schema version is 47 then no need to run adprep you can directly promote the new Win2008 R2 server.More on schema version see this http://sandeshdubey.wordpress.com/2011/10/21/how-to-determine-your-ad-and-exchange-schema-version/
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now