Windows Server 2012: Domain-Wide Updates
Updated: January 31, 2013
Applies To: Windows Server 2012
You can review the following set of changes to help understand the schema updates that are performed by adprep /domainprep in Windows Server 2012 and prepare for them. After the operations that are performed by the domainprep command in Windows Server 2012 (operations 78, 79, 80, and 81) complete, the revision attribute for the CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=ForestRootDomain object is set to 9:
In Windows Server 2012, Adprep commands run automatically as needed during AD DS installation. They can also be run separately in advance of AD DS installation. For more information, see Running Adprep.exe.
For more information about how to interpret the access control entry (ACE) strings, see ACE strings
For more information about how to interpret the security ID (SID) strings, see SID strings
| Operations number and GUID | Description | Attributes | Permissions |
|---|---|---|---|
Operation 78: {c3c927a6-cc1d-47c0-966b-be8f9b63d991} |
Create a new object CN=TPM Devices in the Domain partition. |
|
N/A |
Operation 79: {54afcfb9-637a-4251-9f47-4d50e7021211} |
Created an access control entry for the TPM service. |
N/A |
|
Operation 80: {f4728883-84dd-483c-9897-274f2ebcf11e} |
Grant "Clone DC" extended right to Cloneable Domain Controllers group |
N/A |
|
Operation 81: {ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ff} |
Grant ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity to Principal Self on all objects. |
N/A |
|