Windows Server 2008 Adprep Encountered

Active6 years, 5 months ago

• If you have an AD environment in which all DCs run Server 2008 or Windows 2003, and you want to add the first DC that runs Server 2008 R2, then you need to run certain Adprep commands: 1. Run adprep /forestprep on the schema master.
• Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts.
• ADPREP.exe is a command-line tool that is available on the Windows Server 2008 installation disc in the ‘sources’adprep folder. When you run it, it must be run ADPREP from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
• I am trying to add a server 2008 R2 machine to be another domain controller, with the intention of promoting it to be the primary, and taking off the server 2003 machine. I am required to run adprep /forestprep on the Server 2003 machine.
• Instead, I used the adprep on the Windows Server 2008 media on > the > 2003 DC and everything is now working. > > 'Agendum' wrote: > >> Thanks very much for the quick response. I just tried this and it. I was running adprep on the DC from the Windows Server 2003 >>>> R2 media. Instead, I used the adprep on the Windows Server.

I have a single domain server running Server 2003 running a 2003 functional level domain. I am trying to add a server 2008 R2 machine to be another domain controller, with the intention of promoting it to be the primary, and taking off the server 2003 machine.

I am required to run adprep /forestprep on the Server 2003 machine. When I run it, it fails with the following errors:

'To install a domain controller into this Active Directory forest, you must first prepare using 'adprep /forestprep'. The Adprep utility is available on the Windows Server 2008 R2 installation media in the support adprep folder.' Mount the CD -> Run adprep for forest and domain and notes that no changes needed. Prepare Active Directory Windows Server 2016 DC Adprep. In my lab setup, I have an existing Windows Server 2012 R2 domain controller running a domain called TESTLAB.LOCAL. This is a single forest, single domain environment for testing purposes. The one Windows Server 2012 R2 DC holds all the FSMO roles. The DCPromo Process.

I have confirmed that the user account I am using to run ADPREP, mydomainadministrator, is in the Schema Admins, Enterprise Admins, and Domain admins group.

Attempting to figure out what is with the replication, running repadmin /showrepl

Anyone know how to fix this error? Would raising the domain and forest to a 2003 functional level have any likelihood of working? While just making a new domain from scratch and typing in all the user names and stuff again isn't a deal breaker because we only have about 15 users, it would still be a big pain.

Thanks

whatsisname

whatsisnamewhatsisname

1 Answer

The adprep error mentions ldap access rights...

The problem was that local administrators of that child domain did not have any permissions on Group Policy object of the domain controller. By default they should have Full Control. (Admins of root domain did have this permission.) So when local 'domain admins' were added in the Security tab of Group Policy, ADPrep /domainprep could run without a problem.

Lifted from here.

AblueAblue

74511 gold badge99 silver badges2828 bronze badges

Not the answer you're looking for? Browse other questions tagged windows-server-2008windows-server-2003active-directorydomain-controller or ask your own question.

Hi all, Rob Newhouse here and today I am talking about upgrading your domain to Windows Server 2008 and what you may see in the process, plus a couple of tips to make your transition a smooth one.

This post will show the proper use of ADPREP and what to expect when you are running it.

ADPREP is broken down into four stages with Windows Server 2008, instead of the two that most of you may be familiar with when you upgraded to Windows Server 2003. The four steps include Forest Preparation, Domain Preparation, Group Policy Preparation and Read-Only Domain Controller (RODC) Preparation (which you have to run if you want to add a RODC to your environment). You will use ADPREP.exe to perform all of these steps.

Preparing to Run ADPREP /forestprep

ADPREP /forestprep makes modifications to the schema. In order to successfully run it you should:

1. Have a good system state backup for every domain controller in your forest, or at the very least a good system state backup for one domain controller for each domain in the forest.
2. Be logged on as a user that belongs to the Domain Admin, Schema Admin and Enterprise Admin groups in the forest root domain.
3. Ensure that you are running Windows 2000 SP4 or later on all domain controllers in the forest.
4. You must run ADPREP /forestprep on your schema master.
5. If you are running Exchange 2000 in your environment refer to KB article 325379 How to upgrade Windows 2000 domain controllers to Windows Server 2003.
6. Ensure replication is working throughout the entire forest, including that all domain controllers are up and running and that the schema master has been up long enough for a complete replication cycle to happen for the Schema partition.

Windows Server 2008 Adprep Encountered A Win32 Application

So let’s go through all these preparatory steps in detail

1. First you should perform a system state backup on all of your domain controllers using either Windows Backup (NTBackup) or a third-party backup tool. This step is necessary if you find that your schema is incompatible and you need to roll back to a previous state.
2. Next, check to see if your account has the appropriate group memberships. Open Active Directory Users and Computers, right-click the account you are using to do the upgrade and choose Properties. Select the Member Of tab. If you do not see Domain Admins, Enterprise Admins and Schema Admins, add the ones you are missing. Log off and back on, then run whoami /groups in a command prompt to verify the groups are in your security token.

   
   

3. ADPREP /forestprep will check to see if you are running at least Windows 2000 SP4. If you have Windows 2000 domain controllers in your environment you should upgrade them all to SP4. You can download SP4 from here – Windows 2000 Service Pack 4 for IT professionals.
4. Next, check to see if you are logged on to your schema master. There are two ways to accomplish this. One is to run regsvr32 schmmgmt.dll so you can load the Active Directory Schema snap-in. Open a new MMC and add Active Directory Schema. Right-click on the words Active Directory Schema and choose Operations Master.

   Another alternative is to run netdom query fsmo from a command prompt. Netdom is part of the Windows Server 2003 Support Tools.

5. There are known issues with upgrading a Windows 2000 domain with Exchange 2000 running in the environment. There are different scenarios with different steps in KB article 325379 to address problems that have been encountered in the upgrade process. You will be performing one of the scenarios regardless. It is just a matter of which scenario you will have to perform.
6. The final verification is to check and make sure replication is working. To do this install the Windows Server 2003 Support Tools if you do not have them already installed. Run repadmin /showreps from a command prompt.

   You are looking for Last attempt @ datetime was successful. Any errors should be addressed before attempting to run ADPREP /forestprep.
   
   NOTE: ADPREP /forestprep will only check to see if replication is working on your schema master. It will not check the replication status of all DCs in your environment. Repadmin /showreps will only check the DC that you focus it on. In order to check the entire environment you will want to run repadmin /replsum. This command will give you the status of your entire environment. You will want to fix any errors you have with replication prior to running ADPREP /forestprep.

Running ADPREP /forestprep

1. Now you are ready to prepare your forest. This procedure takes a while depending on the speed of your computer so do not interrupt it. Insert your Windows Server 2008 DVD into the DVD drive on the schema master.
2. Open a command prompt.
3. Change your drive letter to the DVD drive. If you do not have a DVD drive on your schema master you can copy the SourcesAdprep folder to your local drive and run it from the copy.
4. Change into the SourcesAdprep directory.
5. Run ADPREP /forestprep.
   
6. You will get a warning that you need to be running Windows 2000 SP4 or later.
7. Type C and press Enter.
   
8. You will see a series of updates from LDF files.
9. If all goes well, you will see ADPREP successfully updated the forest-wide information.

Preparing to Run ADPREP /domainprep

After a successful completion of ADPREP /forestprep, you will be ready to run ADPREP /domainprep. ADPREP /domainprep must be run against each domain that you wish to upgrade.

Prerequisites

In order to run ADPREP /domainprep you should:

Windows Server 2008 R2 Update

1. Have successfully completed ADPREP /forestprep.
   
2. Be a domain admin for the domain you are running it on.
3. Be at Windows 2000 Native Mode Domain Functional level.
4. Have access to the Infrastructure Master.
5. Wait for the schema changes to replicate throughout the environment, or at least the Infrastructure Master must have the schema updates replicated to it.

Note: Upgrading from Windows 2000 is not supported. For more information see Guide for Upgrading to Windows 2008.

Running ADPREP /Domainprep

1. Insert the Windows Server 2008 DVD.
   Open a command prompt.
2. Change your drive letter to the DVD drive.
3. Change your directory to SourcesAdprep.
4. Run ADPREP /domainprep.

For a better understanding of what will occur running the ADPREP /Domainprep command, I have referenced the KB article Enhancements to ADPREP.exe in Windows Server 2003 Service Pack 1(Q324392). The More Information section describes the functionality post-Windows 2003 SP1, including the Windows 2008 ADPREP.

Preparing to Run ADPREP /domainprep /gpprep

ADPREP /domainPrep /gpprep only adds the inheritable access control entries on Group Policy objects in the Sysvol share. If you run it prior to running adprep /domainprep it will run both functions, first the domain prep and then the GP prep.

Prerequisites

In order to run ADPREP /domainprep /gpprep you should:

P73-04755

1. Have completed the prerequisites for ADPREP /domainprep.
2. Have SysvolSysvolPolicies{Default Domain and Default Domain Controller GPO guids} in place.

   a. In Windows Explorer Navigate to your SysvolSysvolDomainPolicies folder

   b. Verify the following GUIDs are inplace

   {31B2F340-016D-11D2-945F-00C04FB984F9}
   {6AC1786C-016F-11D2-945F-00C04FB984F9}

Note Upgrading from Windows 2000 is not supported. For more information see Guide for Upgrading to Windows 2008.

Running ADPREP /domainprep /gpprep

1. Insert the Windows Server 2008 DVD.
2. Open a command prompt.
3. Change your drive letter to the DVD drive.
4. Change your directory to SourcesAdprep.
5. Run ADPREP /domainprep /gpprep.

ADPREP /domainprep /gpprep without running adprep /domainprep first.

ADPREP /domainprep /gpprep after running adprep /domainprep

Preparing to Run ADPREP /rodcprep

RODC’s (Read-Only Domain Controllers) are a cool new feature added in Windows Server 2008. The benefits of a RODC in certain domain configurations are well worth the effort of learning and implementing them. For more information on the benefits, see RODC Features on TechNet. If you intend to introduce them into your environment you will have to run ADPREP /rodcprep. This command prepares partitions in Active Directory so RODC’s can be used by adding security to the ForestDNS, DomainDNS, and Domain partitions.

Prerequisites

Windows Server 2008 R2 Update History

In order to run ADPREP /domainprep /rodcprep you should:

1. Be a Domain Admin and Enterprise Admin.
2. Be able to contact all Infrastructure Master role holders in the forest.

Note ADPREP /rodcprep will let you run without first running ADPREP /forestprep and ADPREP /domainprep, however it is not recommended.

Windows Server 2008 Iso Free Download

Running ADPREP /rodcprep

Windows Exchange Server

1. Insert the Windows Server 2008 DVD.
2. Open a command prompt.
3. Change your drive letter to the DVD drive.
4. Change your directory to SourcesAdprep.
5. Run ADPREP /domainprep /rodcprep.

That concludes this post on running ADPREP. Running through the steps in order should eliminate many of the problems you might otherwise encounter.

How To Install Windows Server 2008

– Rob Newhouse