Adding 2008 R2 server to 2003 domain: 2003 DC to 2008 R2 DC

Thank you in advance.  I am prepping some 2003 AD dc’s before adding 2008 R2 servers to the domain.  Obviously I will need to run adprep on the dc’s before, but wanted to confirm adprep /forestprep and adprep /domainprep.  We have 3 domains, parent and 2 child domains.  The parent Domain DC has all the roles including the schema master and the child domains only have pdc, rid and infrastructure.  It is a while since I have done anything with domains so wanted to run this by someone with more experience/knowledge.

I was going to run Adprep32  /forestprep on the Parent domain (which holds the schema master)
then run Adprep32  /domainprep on each of the child domains
Should I also consider running  /gpprep on the child domains?

Does this sound like the correct route?  The other thing is I don’t envisage actually setting up a 2008 r2 server to control the parent domain for a short while as it is one of the child domains I am more concerned with at the moment .  Can 2008 DC’s sit happily in a child domain when there is no 2008 server in the parent domain (I presume it would be ok if the forest, domain and gpprep went successfully)?  Also can i only run 2k8 r2 server in a RODC mode?

As I said many thanks.

leon thompsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1st ensure that AD s replicating fine across domains
U can run dcdiag /v on PDC master server of each domain to check if there are any potential replication issues, if tests are satisfactory, then proceed with below

You need to insert 2008 r2 DVD media on 2003 DC and navigate to sources\support\adprep folder from command prompt

In forest root domain where schema master holds run below
adprep32 /forestprep  - if 2003 DC is 32bit | adprep /forestprep - if 2003 DC is 64 bit
adprep32 /domainprep /gpprep - if 2003 DC is 32bit  | adprep /domainprep /gpprep - if 2003 DC is 64 bit
adprep32 /rodcprep - if 2003 Dc is 32 bit and you want to add RODC in forest | adprep /rodcprep - if 2003 DC is 64 bit

For each child domain:
From child domain PDC, run below commands:
adprep32 /domainprep /gpprep - if 2003 DC is 32bit  | adprep /domainprep /gpprep - if 2003 DC is 64 bit

other prerequisites:
domain functional level must be minimum windows 2000 | 2003 domain functional level is recommended
forest functional level must be  - windows 2000 | 2003 forest functional level is recommended

you can have RODC in network as long as you have at least one windows 2008 / 2008 R2 read/write DC in each domain

Once schema is updated with forestprep in root domain force AD replication in entire forest by running repadmin /AdePq on root DC
Else lower AD replication interval to 15 minutes before you start schema modification so that changes will get propagated fast


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leon thompsonAuthor Commented:
Thanks Mahesh, just one question, if i don't want to run a RODC can i leave out the  "adprep32 /rodcprep - if 2003 Dc is 32 bit and you want to add RODC in forest | adprep /rodcprep - if 2003 DC is 64 bit"  bit of the process, or is it just best practise to run that when your running the other prep routines?

if you don't want to deploy RODC, you can skip RODC command for now, but anytime you decide to deploy RODC, you need to run RODC command 1st, else you would find difficulties while deploying RODC

The command is not required if you directly started with 2008 and above OS as DC, but you are upgrading from 2003 server and hence command is required if you decide to deploy RODC in feature even if you already decommissioned all 2003 DCs

Hence I always prefer to run the command regardless of RODC is there or not

Check below

Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

leon thompsonAuthor Commented:
Thanks again Mahesh
leon thompsonAuthor Commented:
Many thanks Mahesh, i'm not sure how the points system works here, so didn't know how to rate the question when i wrote the query.  I hope thats ok.
That's not an problem
You are welcome
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.