New features in Active Directory Domain Services in Windows Server 2012, Part 3: New Upgrade Process
While a lot of lab environments will be set up as I explained in part 2 of this series (with the New Promotion Process), in the real world a lot of Active Directory environments will be upgraded or transitioned, because they’re already equipped with Domain Controllers running a previous version of Windows Server. In this blogpost I’ll explain the work the Active Directory team has done to make transitioning and upgrading easier by streamlining the Active Directory Preparation process.
The behavior of Windows Server 2012 and the actions needed to prepare an Active Directory environment for Windows Server 2012 only applies to situations where you implement Windows Server 2012-based Domain Controllers. If you merely deploy Windows Server 2012 as File or Print servers, you don’t need to prepare your Active Directory, since Windows Server 2012 member servers work out of the box.
The following topics will be explained in this blogpost:
Goodbye difficult upgrade process
In previous versions of Windows Server, when you would upgrade or transition the Active Directory environment, a couple of manual actions needed to be performed on the old Domain Controllers: You first had to prepare the Active Directory.
Microsoft provided two tools to facilitate this preparation; adprep.exe for 64bit (x64) Domain Controllers and adprep32.exe for 32bit (x86) Domain Controllers. To make things more complex, you needed to run the following commands on typical Domain Controllers in your current Active Directory environment: You needed to run the Forest Preparation (adprep.exe /forestprep) on the Schema Master, run the Domain Preparation (adprep.exe /domainprep) on the Infrastructure Master, and run the (optional) Read-only Domain Controller preparation (adprep.exe /rodcprep) on the Domain Naming Master, etc. After you’re done you needed to check proper replication before you set your next migration step… Long story short: It was a pain.
If you want to know more about transitioning and upgrading Active Directory with previous versions of Windows Server be sure to check out the following blogposts:
In Windows Server 2012, the whole Active Directory preparation process is automated. When you promote a Windows Server 2012-based member server to an additional Domain Controller for a domain or upgrade a Windows Server 2008 x64 or Windows Server 2008 R2-based Domain Controller to Windows Server 2012, the Active Directory Domain Services Configuration Wizard will determine whether the environment needs to be prepared as part of the promotion process.
It will alert you that Preparation is needed as part of the Domain Controller Promotion process:
During the Promotion Process, the Active Directory Domain Services Configuration Wizard will automatically target the Domain Controllers holding the appropriate FSMO roles (independent of their architecture (x86/x64)) as you can see in this screenshot:
When done with the preparation steps, the Active Directory Schema would be at 56. After replication, following actions would be performed, depending on the scenario (e.g. commence Domain Controller promotion in the existing domain.). If the changes don’t get replicated within a reasonable timeframe, the Active Directory Domain Services Configuration Wizard would error out.
Of course, you can also manually check the schema version per Domain Controller with the following command-line one-liner:
repadmin /showattr * "cn=schema,cn=configuration,dc=domain,dc=tld" /atts:objectVersion
When all your Domain Controllers report Schema version 56, the Active Directory preparation has replicated to all Domain Controllers.
The new adprep.exe
In more advanced environments, though, the new automated process will flag serious security and process concerns. In these scenarios you can manually perform the Active Directory preparation steps.
In that case, luckily, you can still revert to adprep.exe.
Just like previous versions of Windows Server, you can find adprep.exe in the \Support\Adprep folder of your Windows Server installation media, together with its suporting *.csv, *.ldf and *.dll files.
New features of adprep.exe itself are:
- Adprep32.exe is no longer available. Preparing your Active Directory is no longer available on 32bit (x86) Windows Operating Systems. On the upside, adprep.exe can be run from any 64bit domain-joined machine and will target the Domain Controller with specific Flexible Single Master Operations (FSMO) roles according to the preparation step chosen. For instance, you can simply run adprep.exe from the fresh Windows Server 2012 installation you intent to promote as a new Domain Controller.
Preparing Active Directory from a domain-joined Windows 8 x64 client is also possible when you use the Remote Server Administration Tools (RSAT).
- Adprep.exe is now multilingual. It supports output localization to help administrators less fluid in the English language, in remote domains to prepare their domains more easily. Language files can be found on the Windows Server installation media in their respective languages.
To be able to introduce Windows Server 2012 Domain Controllers with automatic Active Directory Preparation, the Active Directory forest in which you want to introduce them needs to be running the Windows Server 2003 Forest Functional Level (FFL).
Microsoft has made it easier for admins in existing Active Directory environments to prepare their it for Windows Server 2012 Domain Controllers.
Transitioning your Active Directory to Windows Server 2008 R2
Considerations when upgrading your Active Directory to Windows Server 2008 and 2008 R2
Transitioning your Active Directory to Windows Server 2008
Upgrading your Active Directory to Windows Server 2008
Further reading Windows Server 2012 Simplifies Active Directory Upgrades and Deployments What's New in Active Directory Domain Services Installation and Removal Windows Server 2012: Changes Made by Adprep.exe