Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Server TechCenter
Click to Rate and Give Feedback

  Switch on low bandwidth view
Prepare Your Infrastructure for Upgrade

Updated: April 11, 2008

Preparing your Active Directory infrastructure for upgrade to Windows Server 2008 includes the following tasks:

ImportantImportant
Review the list of operations that Adprep.exe performs in Windows Server 2008, and test the schema updates in a lab environment to ensure that they will not conflict with any applications that run in your environment. There should not be any conflicts if your applications use RFC-compliant object and attribute definitions. For a list of specific operations that are performed when you update the Active Directory schema, see Appendix of Changes to Adprep.exe to support AD DS in Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkID=122499).

Prepare a Windows 2000 or Windows Server 2003 forest schema for a domain controller that runs Windows Server 2008

Before you can add a domain controller that is running Windows Server 2008 to an Active Directory environment that is running Windows 2000 Server or Windows Server 2003, you must update the Active Directory schema. You must update the schema from the domain controller that hosts the schema operations master role (also known as flexible single master operations or FSMO). If you are performing an unattended installation of Active Directory Domain Services (AD DS) with Windows Server 2008, you must update the schema before you install the operating system. For normal installations, you must update the schema after you run Setup and before you install AD DS.

Use the following procedure to update the Windows Server 2003 or Windows 2000 Server Active Directory schema for Windows Server 2008.

Membership in Enterprise Admins, Schema Admins, and Domain Admins for the domain that contains the schema master, or equivalent, is required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To prepare the forest schema for Windows Server 2008

  1. Log on to the schema master as a member of the Enterprise Admins, Schema Admins, and Domain Admins groups.

  2. Insert the Windows Server 2008 DVD into the CD or DVD drive. Copy the content of the \sources\adprep folder to an Adprep folder on the schema master.

  3. Open a command prompt, and then change directories to the Adprep folder.

  4. At the command prompt, type the following command, and then press ENTER:

    adprep /forestprep

  5. If you plan to install a read-only domain controller (RODC) in any domain in the forest, type the following command, and then press ENTER:

    adprep /rodcprep

    noteNote
    For more information about RODCs, see the Step-by-Step Guide for Read-only Domain Controllers (http://go.microsoft.com/fwlink/?LinkId=92728).

  6. Allow the operation to complete, and then allow the changes to replicate throughout the forest before you prepare any domains for a domain controller that runs Windows Server 2008.

Prepare a Windows 2000 or Windows Server 2003 domain for a domain controller that runs Windows Server 2008

After you prepare the forest, you need to prepare any domain for which you plan to install a domain controller that runs Windows Server 2008.

Use the following procedure to prepare a Windows 2000 or Windows Server 2003 domain for Windows Server 2008.

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To prepare a Windows 2000 or Windows Server 2003 domain for Windows Server 2008

  1. Identify the domain infrastructure operations master role holder as follows:

    • In the Active Directory Users and Computers snap-in, right-click the domain object, click Operations Masters, and then click Infrastructure.

  2. Log on to the infrastructure master as a member of the Domain Admins group.

  3. Insert the Windows Server 2008 DVD into the CD or DVD drive. Copy the content of the \sources\adprep folder to an Adprep folder on the infrastructure master.

  4. Open a command prompt, and then change directories to the Adprep folder.

  5. Type the following command, and then press ENTER:

    adprep /domainprep /gpprep

  6. Allow the operation to complete, and then allow the changes to replicate throughout the forest before you install a domain controller that runs Windows Server 2008.

Resolve Adprep.exe compatibility problems

ImportantImportant
The following section contains information that is relevant only to the Windows 2000 Active Directory infrastructure upgrade to Windows Server 2008 Active Directory Domain Services (AD DS).

Preparing your Windows 2000 Active Directory infrastructure for upgrade also involves resolving any AD DS schema compatibility issues such as issues that might occur with Microsoft Exchange 2000 Server and Windows Services for UNIX 2.0. Before you upgrade the first Windows 2000–based domain controller to Windows Server 2008 AD DS, you must complete the following tasks:

Resolve Adprep.exe compatibility problems with Exchange 2000 Server

When you prepare the forest by using the Active Directory preparation tool (Adprep.exe) in a Windows 2000 forest containing the Exchange 2000 Server schema, the Lightweight Directory Access Protocol (LDAP) display names of the three Windows Server 2003 InetOrgPerson attributes Secretary, labeledURI, and houseIdentifier conflict with the non–Request for Comment (RFC)–compliant versions that are added by Exchange 2000 Server. On the domain controller that receives the Windows Server 2003 schema updates, the lDAPDisplayName attributes for the Exchange 2000 Server definitions of these attributes are modified to prevent a conflict. However, when the changes are replicated in Active Directory, the additional domain controllers inadvertently detect the changes as a schema collision because duplicate names are present.

When AD DS detects a duplicate name, it modifies the name of one of the objects by adding "Dup" and some unique characters to the beginning of the name. For example, the Secretary, labeledURI, and houseIdentifier name collisions appear similar to the following:

lDAPDisplayName: DUP-labeledURI-9591bbd3-d2a6-4669-afda-48af7c35507d
lDAPDisplayName: DUP-secretary-c5a1240d-70c0-455c-9906-a4070602f85f
lDAPDisplayName: DUP-houseIdentifier-e7c5d1bd-a422-4b9e-b4db-ecad2b6839cf

If you are already running Exchange 2000 Server, run the fix-up script in article 314649 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=106341).

If you have not yet deployed Exchange 2000 Server in your environment, you can avoid name collisions by preparing the AD DS forest by using adprep /forestprep to create the initial definition of the Secretary, labeledURI, and houseIdentifier attributes before installing Exchange 2000 Server. Specifically, you can avoid LDAP display-name collision problems by doing one of the following:

  • Run the Active Directory preparation tool (Adprep.exe) in a Windows 2000 forest before you install Exchange 2000 Server.
  • Add Exchange 2000 Server to an existing Windows Server 2003 forest.

Resolve Adprep.exe compatibility problems with Windows Services for UNIX 2.0

The Active Directory preparation tool (adprep.exe) prepares the forest or domain with the schema attribute CN=uid, which is compliant with RFC 2307 for use by the Server for Network Information Service (NIS) component of Windows Services for UNIX. However, in Windows Services for UNIX 2.0, the Server for NIS component uses a different attribute schema: CN-uid,CN=msSFUName. This discrepancy can cause the upgrade to Windows Server 2003 or Windows Server 2008 to fail. To solve this problem, either upgrade to Windows Services for UNIX 3.0 or install the Q293783_sfu_2_x86_en.exe hotfix.

To resolve Server for NIS compatibility issues with Windows Server 2003

  1. Run Q293783_sfu_2_x86_en.exe on the domain controller that holds schema master role.

  2. Review the Hotfix.txt file that is included with the hotfix for installation specifics.

  3. Verify end-to-end Active Directory replication of the schema throughout the forest.

For more information about Windows Services for UNIX 2.0 application compatibility issues and the hotfix installation file, see article 293789 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=106317).

Tags What's this?: ad (x) Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Invalid location for Adprep for 7100 build      vroxx   |   Edit   |   Show History
If you're using Win2k8 R2 (7100) Adprep is found in \support\adprep not in \sources\adprep like the document describes.
Tags What's this?: Add a tag
Flag as ContentBug
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker