Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.
Adding 2008 R2 server to 2003 domain: 2003 DC to 2008 R2 DC
Thank you in advance. I am prepping some 2003 AD dc’s before adding 2008 R2 servers to the domain. Obviously I will need to run adprep on the dc’s before, but wanted to confirm adprep /forestprep and adprep /domainprep. We have 3 domains, parent and 2 child domains. The parent Domain DC has all the roles including the schema master and the child domains only have pdc, rid and infrastructure. It is a while since I have done anything with domains so wanted to run this by someone with more experience/knowledge.
I was going to run Adprep32 /forestprep on the Parent domain (which holds the schema master)
then run Adprep32 /domainprep on each of the child domains
Should I also consider running /gpprep on the child domains?
Does this sound like the correct route? The other thing is I don’t envisage actually setting up a 2008 r2 server to control the parent domain for a short while as it is one of the child domains I am more concerned with at the moment . Can 2008 DC’s sit happily in a child domain when there is no 2008 server in the parent domain (I presume it would be ok if the forest, domain and gpprep went successfully)? Also can i only run 2k8 r2 server in a RODC mode?
As I said many thanks.
Leon
I was going to run Adprep32 /forestprep on the Parent domain (which holds the schema master)
then run Adprep32 /domainprep on each of the child domains
Should I also consider running /gpprep on the child domains?
Does this sound like the correct route? The other thing is I don’t envisage actually setting up a 2008 r2 server to control the parent domain for a short while as it is one of the child domains I am more concerned with at the moment . Can 2008 DC’s sit happily in a child domain when there is no 2008 server in the parent domain (I presume it would be ok if the forest, domain and gpprep went successfully)? Also can i only run 2k8 r2 server in a RODC mode?
As I said many thanks.
Leon
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1st ensure that AD s replicating fine across domains
U can run dcdiag /v on PDC master server of each domain to check if there are any potential replication issues, if tests are satisfactory, then proceed with below
You need to insert 2008 r2 DVD media on 2003 DC and navigate to sources\support\adprep folder from command prompt
In forest root domain where schema master holds run below
adprep32 /forestprep - if 2003 DC is 32bit | adprep /forestprep - if 2003 DC is 64 bit
adprep32 /domainprep /gpprep - if 2003 DC is 32bit | adprep /domainprep /gpprep - if 2003 DC is 64 bit
adprep32 /rodcprep - if 2003 Dc is 32 bit and you want to add RODC in forest | adprep /rodcprep - if 2003 DC is 64 bit
For each child domain:
From child domain PDC, run below commands:
adprep32 /domainprep /gpprep - if 2003 DC is 32bit | adprep /domainprep /gpprep - if 2003 DC is 64 bit
other prerequisites:
domain functional level must be minimum windows 2000 | 2003 domain functional level is recommended
forest functional level must be - windows 2000 | 2003 forest functional level is recommended
you can have RODC in network as long as you have at least one windows 2008 / 2008 R2 read/write DC in each domain
Once schema is updated with forestprep in root domain force AD replication in entire forest by running repadmin /AdePq on root DC
Else lower AD replication interval to 15 minutes before you start schema modification so that changes will get propagated fast
Mahesh.
U can run dcdiag /v on PDC master server of each domain to check if there are any potential replication issues, if tests are satisfactory, then proceed with below
You need to insert 2008 r2 DVD media on 2003 DC and navigate to sources\support\adprep folder from command prompt
In forest root domain where schema master holds run below
adprep32 /forestprep - if 2003 DC is 32bit | adprep /forestprep - if 2003 DC is 64 bit
adprep32 /domainprep /gpprep - if 2003 DC is 32bit | adprep /domainprep /gpprep - if 2003 DC is 64 bit
adprep32 /rodcprep - if 2003 Dc is 32 bit and you want to add RODC in forest | adprep /rodcprep - if 2003 DC is 64 bit
For each child domain:
From child domain PDC, run below commands:
adprep32 /domainprep /gpprep - if 2003 DC is 32bit | adprep /domainprep /gpprep - if 2003 DC is 64 bit
other prerequisites:
domain functional level must be minimum windows 2000 | 2003 domain functional level is recommended
forest functional level must be - windows 2000 | 2003 forest functional level is recommended
you can have RODC in network as long as you have at least one windows 2008 / 2008 R2 read/write DC in each domain
Once schema is updated with forestprep in root domain force AD replication in entire forest by running repadmin /AdePq on root DC
Else lower AD replication interval to 15 minutes before you start schema modification so that changes will get propagated fast
Mahesh.
Thanks Mahesh, just one question, if i don't want to run a RODC can i leave out the "adprep32 /rodcprep - if 2003 Dc is 32 bit and you want to add RODC in forest | adprep /rodcprep - if 2003 DC is 64 bit" bit of the process, or is it just best practise to run that when your running the other prep routines?
thanks
thanks
if you don't want to deploy RODC, you can skip RODC command for now, but anytime you decide to deploy RODC, you need to run RODC command 1st, else you would find difficulties while deploying RODC
The command is not required if you directly started with 2008 and above OS as DC, but you are upgrading from 2003 server and hence command is required if you decide to deploy RODC in feature even if you already decommissioned all 2003 DCs
Hence I always prefer to run the command regardless of RODC is there or not
Check below
https://technet.microsoft.com/en-us/library/cc771055(v=ws.10).aspx
Mahesh
The command is not required if you directly started with 2008 and above OS as DC, but you are upgrading from 2003 server and hence command is required if you decide to deploy RODC in feature even if you already decommissioned all 2003 DCs
Hence I always prefer to run the command regardless of RODC is there or not
Check below
https://technet.microsoft.com/en-us/library/cc771055(v=ws.10).aspx
Mahesh
Premium Content
You need an Expert Office subscription to comment.Start Free Trial