Schema Upgrade from Windows Server 2003 to Windows Server
advertisement
Schema Upgrade Testing Plane in ISONet Network 2011 Schema Upgrade from Windows Server 2003 to Windows Server 2008 R2 Testing Plan in ISONet Network Schema Upgrade from Windows Server 2003 to Windows Server 2008 R2 for Testing purpose in ISONet Network. Here we are only performing Schema Preparation, Domain Preparation and Group Policy Preparation for Windows Server 2008 R2 (Read Only Domain controller Preparation will be done later during the Upgrade to Windows Server 2008 R2). Requirements 1. Replica of the Active Directory Forest in ISONet Network. 2. If you have multiple Domains in the Forest, we need at least one Domain Controller from each Domain in ISONet Network (better if we have 2 Domain Controllers from Root of the Forest). 3. Full Successful Tested Backup of Active Directory Forest with all the Domains. 4. Windows Server 2008 R2 Media (ADPREP.exe from Windows Server 2008 R2). 5. Windows Server 2003 Support Tools for testing the Schema preparation, Domain preparation and Group Policy preparation. 6. If the Domain Controller is Windows Server 2000 then it should have SP4 Installed. 7. We can prepare the Schema using ADPREP.exe (for Domain Controllers with 64 bit) or ADPREP32.exe(for Domain Controllers with 32 bit), but Windows Server 2008 R2 is one support x64 base platform. 8. Domain Functional Level should be Windows 2000 Native or Higher for preparing the Domain using ADPREP.exe and Windows Server 2003 or Higher Forest Functional Level for Promoting RODC. 9. Credentials to be set proper for executing ADPREP.exe as per the table below. Adprep.exe command adprep /forestprep Credentials that are required to run the command Schema Admins Enterprise Admins adprep /domainprep adprep /domainprep /gpprep For Public Use Domain Admins of the domain that hosts the schema master Domain Admins Domain Admins Page 1 Schema Upgrade Testing Plane in ISONet Network 2011 adprep /rodcprep Enterprise Admins 10. ADPREP.exe execution order as per the table below. Command Number of times to run the command adprep /forestprep Must be run on the schema Once for the entire forest operations master for the forest. adprep /domainprep Must be run on the Once in each domain where infrastructure operations you plan to install an additional master for the domain. domain controller that runs a later version of Windows Server than the latest version that is running in the domain. adprep /domainprep Must be run on the Once in each domain within the /gpprep infrastructure operations forest master for the domain. adprep /rodcprep Domain controller If you already ran the /gpprep parameter for Windows Server 2003, you do not have to run it again for Windows Server 2008 or Windows Server 2008 R2. Can be run from any computer. Once for the entire forest This command performs operations remotely. For the operations to complete successfully, the domain naming operations master for the forest and the infrastructure operations master for each application directory partition and each domain partition must be accessible. If you already ran this command for Windows Server 2008, you do not have to run it again for Windows Server 2008 R2. Plan for Schema Upgrade For Public Use Page 2 Schema Upgrade Testing Plane in ISONet Network 2011 1. Forest Replica to be ready with at least two Domain Controllers from Root of the Forest and one Domain Controller from each Domain. 2. Assigning the FSMO Roles properly to the Domain Controllers in each Domain (Forest wide roles on one Domain Controller and Domain wide roles on one Domain Controller in Root of the Forest). Using Ntdsuitl.exe, DSA.msc, Domain.msc and Active Directory Schema MMC. 3. Verifying the Forest and Domain Functional Levels. Using Domain.msc or Replmon.exe 4. Verifying the FSMO Roles for the Domain Controllers. Using command “Netdom query fsmo” or Replmon.exe 5. Backing up Active Directory Using Ntbackup or Third party backup tools. 6. Checking the entire Forest Replication Status Using Repadmin.exe or Replmon.exe 7. Running ADPREP /Forestprep a. Now we are ready to prepare your forest. This procedure takes a while depending on the speed of your computer so do not interrupt it. Insert your Windows Server 2008 DVD into the DVD drive on the schema master. b. Open a command prompt. c. Change your drive letter to the DVD drive. If you do not have a DVD drive on your schema master you can copy the Sources\Adprep folder to your local drive and run it from the copy. d. Change into the Sources\Adprep directory. e. Run ADPREP /forestprep. f. You will get a warning that you need to be running Windows 2000 SP4 or later. g. Type C and press Enter. h. You will see a series of updates from LDF files. i. For Public Use If all goes well, you will see ADPREP successfully updated the forest-wide information. Page 3 Schema Upgrade Testing Plane in ISONet Network 2011 For Public Use Page 4 Schema Upgrade Testing Plane in ISONet Network 2011 8. Verifying that adprep /forestprep completed successfully When the adprep /forestprep command completes, a message appears in the Command Prompt window to indicate that Adprep has successfully updated the forest-wide information. We can also use the following procedure to verify that adprep /forestprep completed successfully. To verify that adprep /forestprep completed successfully a. Log on to an administrative workstation that has ADSIEdit installed. b. Click Start, click Run, type ADSIEdit.msc, and then click OK. c. Click Action, and then click Connect to. d. Click Select a well known Naming Context, select Configuration in the list of available naming contexts, and then click OK. e. Double-click Configuration, and then double-click CN=Configuration,DC=forest_root_domain Where forest_root_domain is the distinguished name of your forest root domain. f. Double-click CN=ForestUpdates. g. Right-click CN=ActiveDirectoryUpdate, and then click Properties. h. Adprep /forestprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK. i. Click ADSI Edit, click Action, and then click Connect to. j. Click Select a Well known naming context, select Schema in the list of available naming contexts, and then click OK. k. Double-click Schema. l. Right-click CN=Schema,CN=Configuration,DC=forest_root_domain, and then click Properties where forest_root_domain is the distinguished name of your forest root domain. m. Adprep /forestprep for Windows Server 2008 R2, confirm that the objectVersion attribute value is set to 47, and then click OK. For Public Use Page 5 Schema Upgrade Testing Plane in ISONet Network 2011 9. Running ADPREP /domainprep /gpprep a. Insert the Windows Server 2008 DVD. b. Open a command prompt. c. Change your drive letter to the DVD drive. d. Change your directory to Sources\Adprep. e. Run ADPREP /domainprep /gpprep. 10. Verifying adprep /domainprep /gpprep When we run adprep /domainprep /gpprep we see a message that indicates that adprep /domainprep successfully updated the domain-wide information, followed by a message that indicates that Adprep successfully updated the GPO information. To verify that adprep /domainprep completed successfully a. Log on to an administrative workstation that has ADSIEdit installed. b. Click Start, click Run, type ADSIEdit.msc, and then click OK. c. Click Action, and then click Connect to. d. Click Select a well known Naming Context, select Default naming context in the list of available naming contexts, and then click OK. For Public Use Page 6 Schema Upgrade Testing Plane in ISONet Network 2011 e. Double-click Default naming context, double-click the container that is the distinguished name of the domain, and then double-click CN=System. f. Double-click CN=DomainUpdates, right-click CN=ActiveDirectoryUpdate, and then click Properties. g. If you ran adprep /domainprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK. To verify that adprep /gpprep completed successfully We can verify that the operation added the Read permission for the Enterprise Domain Controllers group on all GPOs. Running adprep /rodcprep Running the adprep /rodcprep command is optional. It is required only if you want to install an RODC in the forest. This command can be executed later once we deiced to go for RODC in the Forest/Domain and it requires Forest Functional Level to be Windows Server 2003 or Higher at the time of RODC promotion. This command updates the security descriptors for application directory partitions to give RODCs permission to replicate updates to the partitions. Each application directory partition has an infrastructure master. The adprep /rodcprep command must update the security descriptor for each application directory partition on the infrastructure master for that partition. There are two application directory partitions that are created by default for Domain Name System (DNS) data: DomainDNSZones and ForestDNSZones. If the infrastructure master for either of these partitions is offline or if it has been forcefully removed from the forest, adprep /rodcprep fails with an error. In addition, this command must contact the domain naming operations master to obtain a list of the application and domain directory partitions that are in the forest. Therefore, the domain naming master must be accessible when you run this command. Conclusion Once Verifications are met as mentioned above in the Document “Plan for Schema Upgrade” Schema Upgrade is Successful. If errors we have to fine the Solutions to fix and repeat the Schema Upgrade Steps and Incase of Issue with Schema Upgrade we can also test for Roll back using the Backup. For Public Use Page 7
