Steps for Extending the Schema

Applies To: Windows Server 2003 R2

Before you install one of the new features that is described in Active Directory Schema Update or before you add a domain controller running Windows Server 2003 R2 to a forest for the first time (unless it is the first domain controller in a new forest), you must first extend the schema with the Adprep tool. Perform the following steps to extend the schema:

  • Verify Active Directory functionality before you apply the schema extension

  • Apply the schema extension

  • Verify the schema extension

Verify Active Directory functionality before you apply the schema extension

Verify Active Directory functionality before you update the schema to help ensure that the schema extension proceeds without error. At a minimum, ensure that all domain controllers for the forest are online and performing inbound replication.

To verify Active Directory functionality before you apply the schema extension

  1. Log on to an administrative workstation that has the Windows Support Tool Repadmin.exe installed.

    Note

    The Support Tools are located on the operating system installation media in the Support\Tools folder.

  2. Open a command prompt, and then change directories to the folder in which the Windows Support Tools are installed.

  3. At a command prompt, type the following, and then press ENTER:

    repadmin /replsum /bysrc /bydest /sort:delta

    All domain controllers should show 0 in the Fails column, and the largest deltas (which indicate the time that has elapsed since the last successful replication) should be less than or roughly equal to the replication frequency of the site link that is used by the domain controller for replication. The default replication frequency is 180 minutes.

For more information about additional steps that you can take to verify Active Directory functionality before you apply the schema extension, see article 325379 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=71057).

Apply the schema extension

Use the following procedure to apply the Windows Server 2003 R2 schema extension to the Active Directory schema. In this procedure, you run the version of Adprep.exe that is included in the Windows Server 2003 R2 installation media on an existing domain controller (the schema operations master) in your forest.

To apply the Windows Server 2003 R2 schema extension to the Active Directory schema

  1. Log on to the computer that holds the schema master operations role (also known as flexible single master operations or FSMO) as a member of the Schema Admins group and the Enterprise Admins group. If you are not sure which computer holds the schema master operations role, type the following at a command prompt, and then press ENTER:

    netdom query FSMO

    Note

    The built-in Administrator account in the forest root domain is a member of the Schema Admins group by default.

  2. Verify that the schema master has performed inbound replication of the schema directory partition since the last time that the server restarted. Type the following at a command prompt, and then press ENTER:

    repadmin /showrepl

  3. Locate the version of Adprep, either in the \cmpnents\R2 folder of the Windows Server 2003 R2 Disc 2 or from Microsoft hotfix 919151, that is compatible with the version of Windows that runs on your schema master.

    Each version of Windows Server 2003 R2 (x86-based or x64-based) ships with a single version of Adprep on Disc 2 that is compatible only with operation masters that run that version of Windows Server 2003 R2 (x86-based or x64-based).

    If your schema master is running run an x86-based version of Windows, run the x86-based version of Adprep.

    If your schema master is running run an x64-based version of Windows, run the x64-based version of Adprep.

    If your schema master does not run a version of Windows that is compatible with the version of Adprep that you plan to run, but your forest contains a domain controller that does run a compatible version of Windows, transfer the schema master role to that domain controller. Continue to step 4, and transfer the role back to the original role holder after the schema update is complete.

    If you do not have a compatible domain controller, obtain the hotfix described in article 919151 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=82345).

    To determine the version of the Windows operating system that is running on the schema master, type the following at a command prompt, and then press ENTER:

    winver

    Important

    Be sure to use the version of Adprep that is on Windows Server 2003 R2 Disc 2 or hotfix 919151, not the version of Adprep that is on Windows Server 2003 R2 Disc 1.

  4. Run adprep /forestprep. Change directories to the location that contains the appropriate Adprep version. Type the following command at the command prompt, and then press ENTER:

    cd cmpnents\R2\ADPREP

    adprep /forestprep

Note

When you change the schema on the schema master, the changes are automatically propagated to all other domain controllers in the forest. Therefore, it is not necessary to perform this operation on other domain controllers. Also, there is no need to run adprep /domainprep in any child domain where you have already installed a domain controller running Windows Server 2003 with Service Pack 1 (SP1). The necessary domain partition updates were performed when the domain controller running Windows Server 2003 SP1 was installed.

Verify the schema extension

After you run Adprep, you can use the Windows Support tool ADSI Edit to verify the schema extension.

To verify the schema extension

  1. Log on to an administrative workstation that has ADSI Edit installed.

  2. Click Start, click Run, type adsiedit.msc, and then click OK.

  3. Double-click Configuration Container, and then double-click **CN=Configuration,DC=**forest_root_domain

    where forest_root_domain is the fully qualified domain name (FQDN) of your forest root domain.

  4. Double-click CN=ForestUpdates.

  5. Right-click CN=Windows2003Update, and then click Properties.

  6. Verify that the Revision attribute value is 9, and then close the Properties dialog box.

  7. Double-click Schema.

  8. Right-click **CN=Schema,CN=Configuration,DC=**forest_root_domain

    where forest_root_domain is the FQDN of your forest root domain.

  9. Click Properties.

  10. On the Attribute Editor tab, for Select a property to view, select objectVersion, and verify that the attribute Value(s) equals 31.