Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

The things that are better left unspoken

a blog by Sander Berkouwer

Related

AD Manager Plus
 

Blog roll

News



Archives

New features in Active Directory Domain Services in Windows Server 2012, Part 3: New Upgrade Process

While a lot of lab environments will be set up as I explained in part 2 of this series (with the New Promotion Process), in the real world a lot of Active Directory environments will be upgraded or transitioned, because they’re already equipped with Domain Controllers running a previous version of Windows Server. In this blogpost I’ll explain the work the Active Directory team has done to make transitioning and upgrading easier by streamlining the Active Directory Preparation process.

Note:
The behavior of Windows Server 2012 and the actions needed to prepare an Active Directory environment for Windows Server 2012 only applies to situations where you implement Windows Server 2012-based Domain Controllers. If you merely deploy Windows Server 2012 as File or Print servers, you don’t need to prepare your Active Directory, since Windows Server 2012 member servers work out of the box.

The following topics will be explained in this blogpost:

 

What's New

Goodbye difficult upgrade process

In previous versions of Windows Server, when you would upgrade or transition the Active Directory environment, a couple of manual actions needed to be performed on the old Domain Controllers: You first had to prepare the Active Directory.

Microsoft provided two tools to facilitate this preparation; adprep.exe for 64bit (x64) Domain Controllers and adprep32.exe for 32bit (x86) Domain Controllers. To make things more complex, you needed to run the following commands on typical Domain Controllers in your current Active Directory environment: You needed to run the Forest Preparation (adprep.exe /forestprep) on the Schema Master, run the Domain Preparation (adprep.exe /domainprep) on the Infrastructure Master, and run the (optional) Read-only Domain Controller preparation (adprep.exe /rodcprep) on the Domain Naming Master, etc. After you’re done you needed to check proper replication before you set your next migration step… Long story short: It was a pain.

Tip!
If you want to know more about transitioning and upgrading Active Directory with previous versions of Windows Server be sure to check out the following blogposts:

Automation

In Windows Server 2012, the whole Active Directory preparation process is automated. When you promote a Windows Server 2012-based member server to an additional Domain Controller for a domain or upgrade a Windows Server 2008 x64 or Windows Server 2008 R2-based Domain Controller to Windows Server 2012, the Active Directory Domain Services Configuration Wizard will determine whether the environment needs to be prepared as part of the promotion process.

It will alert you that Preparation is needed as part of the Domain Controller Promotion process:

Preparation Options screen of the Active Directory Domain Services Configuration Wizard (click for larger screenshot)

During the Promotion Process, the Active Directory Domain Services Configuration Wizard will automatically target the Domain Controllers holding the appropriate FSMO roles (independent of their architecture (x86/x64)) as you can see in this screenshot:

Forest Preparation by the Active Directory Domain Services Configuration Wizard (click for larger screenshot)

When done with the preparation steps, the Active Directory Schema would be at 56. After replication, following actions would be performed, depending on the scenario (e.g. commence Domain Controller promotion in the existing domain.). If the changes don’t get replicated within a reasonable timeframe, the Active Directory Domain Services Configuration Wizard would error out.  

Of course, you can also manually check the schema version per Domain Controller with the following command-line one-liner:

repadmin /showattr * "cn=schema,cn=configuration,dc=domain,dc=tld" /atts:objectVersion

When all your Domain Controllers report Schema version 56, the Active Directory preparation has replicated to all Domain Controllers.

  

The new adprep.exe

In more advanced environments, though, the new automated process will flag serious security and process concerns. In these scenarios you can manually perform the Active Directory preparation steps.

In that case, luckily, you can still revert to adprep.exe.

Tip!
Just like previous versions of Windows Server, you can find adprep.exe in the \Support\Adprep folder of your Windows Server installation media, together with its suporting *.csv, *.ldf and *.dll files.

New features

New features of adprep.exe itself are:

  • Adprep32.exe is no longer available. Preparing your Active Directory is no longer available on 32bit (x86) Windows Operating Systems. On the upside, adprep.exe can be run from any 64bit domain-joined machine and will target the Domain Controller with specific Flexible Single Master Operations (FSMO) roles according to the preparation step chosen. For instance, you can simply run adprep.exe from the fresh Windows Server 2012 installation you intent to promote as a new Domain Controller.

    Tip!
    Preparing Active Directory from a domain-joined Windows 8 x64 client is also possible when you use the Remote Server Administration Tools (RSAT).
     
  • Adprep.exe is now multilingual. It supports output localization to help administrators less fluid in the English language, in remote domains to prepare their domains more easily. Language files can be found on the Windows Server installation media in their respective languages.

   

Requirements

To be able to introduce Windows Server 2012 Domain Controllers with automatic Active Directory Preparation, the Active Directory forest in which you want to introduce them needs to be running the Windows Server 2003 Forest Functional Level (FFL).

   

Concluding

Microsoft has made it easier for admins in existing Active Directory environments to prepare their it for Windows Server 2012 Domain Controllers.

Related posts

Transitioning your Active Directory to Windows Server 2008 R2  
Considerations when upgrading your Active Directory to Windows Server 2008 and 2008 R2 
Transitioning your Active Directory to Windows Server 2008   
Upgrading your Active Directory to Windows Server 2008

Further reading

Windows Server 2012 Simplifies Active Directory Upgrades and Deployments 
What's New in Active Directory Domain Services Installation and Removal 
Windows Server 2012: Changes Made by Adprep.exe
Posted: Monday, September 03, 2012 9:41 AM by Sander Berkouwer

Comments

The things that are better left unspoken said:

Recently, Microsoft released KnowledgeBase article 2743367 with the ominous title Adprep "not a valid Win32 application" error on Windows Server 2003, 64-bit version.

When you’ve been reading this blog, you might have already guessed what might be causing this issue, even though adprep.exe on the Windows Server 2012 DVD is a perfectly fine Windows 64bit application.

In Windows Server 2012, Active Directory Domain Services features a new upgrade process.

# October 2, 2012 11:25 AM

FMustafa said:

Windows Server 2012 can be seen as a major release for Windows Server. Not just in terms of virtualization (Hyper-V 3.0), storage (SMB 3.0 and Storage Spaces) or manageability, but also in terms of Active Directory. There’s a load of new features, improving the lives of many Active Directory admins!
# October 5, 2012 6:20 PM
Anonymous comments are disabled