What do I need to do to prepare my
Windows 2000 forest for the installation of the first Windows Server
2003 DC? Before you can
introduce Windows Server 2003 domain controllers, you must prepare
the forest and domains with the ADPrep utility.
- ADPrep /forestprep on
the schema master in your Windows 2000 forest.
- ADPrep /domainprep on
the Infrastructure Master in each AD domain.
ADPrep is located in the i386
directory of the Windows Server 2003 install media.
Exchange 2000 note: Please make sure you
read Windows 2003 ADPrep Fix for Exchange 2000 before installing the
first Windows Server 2003 DC in your existing organization.
Microsoft recommends that you have
at least Service Pack (SP) 2 installed on your domain controllers
before running ADPrep. SP2 fixed a critical internal AD bug, which
can manifest itself when extending the schema. There were also some
fixes to improve the replication delay that can be seen when
indexing attributes.
Similar to the Exchange setup.exe
/forestprep and /domainprep switches.
-
The Exchange
/forestprep command extends the schema and adds some objects in
the Configuration Naming Context.
-
The Exchange /
domainprep command adds objects within the Domain Naming Context
of the domain it is being run on and sets some ACLs.
The ADPrep command
follows the same logic and performs similar tasks to prepare for the
upgrade to Windows Server 2003.
The ADPrep /forestprep
command extends the schema with quite a few new classes and
attributes. These new schema objects are necessary for the new
features supported by Windows Server 2003.
You can view the schema
extensions by looking at the .ldf files in the \i386 directory on
the Windows Server 2003 CD. These files contain LDIF entries for
adding and modifying new and existing classes and attributes.
Since the schema is
extended and objects are added in several places in the
Configuration NC, the user running /forestprep must be a member of
both the Schema Admins and Enterprise Admins groups.
The ADPrep /domainprep
creates new containers and objects, modifies ACLs on some objects,
and changes the meaning of the Everyone security principal.
Before you can run ADPrep
/domainprep, you must be sure that the updates from /forestprep have
replicated to all domain controllers in the forest.
/domainprep must be run on the
Infrastructure Master of a domain and under the credentials of
someone in the Domain Admins group.
You can view detailed output of the
ADPrep command by looking at the log files in the
%Systemroot%\system32\debug\adprep\logs
directory.
Each time ADPrep is executed, a new
log file is generated that contains the actions taken during that
particular invocation.
The log files are named based on the time and date ADPrep was run.
Once you’ve run both /forestprep
and /domainprep and allowed time for the changes to replicate to all
domain controllers, you can then start upgrading your domain
controllers to Windows Server 2003 or installing new Windows Server
2003 domain controllers.
|