Home > Active Directory > Little bit about ADPrep when upgrading to Active Directory 2008 R2

Little bit about ADPrep when upgrading to Active Directory 2008 R2

Little too often I am asked questions about the beginning process of upgrading Active Directory. After the design and plan is in place for the upgrade, the first step is to run the ADPrep.exe or ADPrep32.exe tool against the forest/domain. ADPrep contains certain components that will update the schema and the permissions to Active Directory application partitions. The ADPrep tool is located on the Windows Server 2008 R2 installation disc under \sources\adprep folder. The tool can either be run straight for the installation disc through the command line or the ADPrep folder can be copied to the Domain Controllers that hold specific FSMO roles pertaining to the environment.

Depending on the operating system of the current Domain Controllers whether they are 32-bit or 64-bit, the equivelant ADPrep tool whether it’s ADPrep.exe for 64-bit DC’s or ADPrep32.exe for 32-bit DC’s will be run from the command line. A little bit about the commands are listed below.

ADPrep.exe /forestprep

This command needs to be run on the Domain Controller that contains the schema master operations master role for the forest. This prepares the forest for the introduction of a domain controller that runs Windows Server 2008 R2. This command only needs to be ran once in the forest. In order to run this command, the user logged on running ADPrep will need to be a member of:

– Enterprise Admins group

– Schema Admins group

– Domain Admins group of the domain that hosts the schema master

ADPrep.exe /domainprep

This command needs to be run on the domain controller that contains the infrastructure master operations master role for the domain. This prepares the domain for the introduction of a domain controller that runs Windows Server 2008 R2. This command needs to be run after the ADPrep.exe /forestprep finishes and after the changes have replicated to all the domain controllers in the forest.

In the situation of multiple sub domains in the forest, this command will need to be run on each sub domain that will contain the new 2008 R2 domain controllers. The ADPrep.exe /domainprep command will need to be run on each infrastructure master in the relevant sub domain.

The user running this command must be part of the Domains Admins.

ADPrep.exe /domainprep /gpprep

This commands performs similar updates that adprep.exe /domainprep does but also provides updates that are necessary to enable Resultant Set of Policy (RSOP) Planning Mode functionality.

This command needs to be run after the ADPrep.exe /forestprep finishes and after the changes have replicated to all the domain controllers in the forest. The command needs to be run on the domain controller that contains the infrastructure master operations master role for the domain. This prepares the domain for the introduction of a domain controller that runs Server 2008 R2.

In the situation of multiple sub domains in the forest, this command will need to be run on each sub domain that will contain the new 2008 R2 domain controllers. The ADPrep.exe /domainprep /gpprep command will need to be run on each infrastructure master in the relevant sub domain.

The user running this command must be part of the Domains Admins group.

ADPrep.exe /rodcprep

This command updates permissions on application directory partitions to enable replication of the partitions to read-only domain controllers (RODCs). The operation runs remotely and contacts the infrastructure master in each domain to update the permissions. This command only needs to be run once per forest. This command can be run on any computer in the forest.

The user running this command must be a member of the Enterprise Admins group.

Advertisements
Categories: Active Directory
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: