1. Modifying the Schema with adprep
There are occasions when you need to modify the
schema. For example, if you originally created your forest and domain by
promoting a Windows Server 2003 server to a domain controller (DC), the
forest and domain will not support Windows Server 2008 DCs. However,
you can easily resolve this by modifying the schema with the adprep tool. The adprep tool is available on the installation DVD.
Tip
The adprep
executable file is stored in the \sources\adprep folder on the Windows
Server 2008 installation DVD. It’s stored in the \support \adprep folder
on the Windows Server 2008 R2 installation DVD.
The following table shows common uses of the adprep command.
Note
It’s not necessary to run adprep if the forest was created on a Windows Server 2008 server. However, it doesn’t cause any problems if you try.
| adprep Command | Comments |
|---|
Prepare a forest for Windows Server 2008.
C:\>d:\sources\adprep\
adprep /forestprep
| This command updates the schema information used for the forest. It must be run before the adprep / domainprep command.
Tip
You must run this command on the server hosting the schema master role.
Note
You must be a member of both the Enterprise Admins and Schema Admins groups to run this command.
In the example, the installation DVD is in the D: drive. If your
installation DVD is in a different drive, you’ll need to substitute the
drive letter. |
Prepare a domain for Windows Server 2008 DCs.
C:\>d:\sources\adprep\
adprep /domainprep
| After adprep /forestprep
is run, you can run this command. It prepares the domain for both
Windows Server 2008 and Windows Server 2008 R2 domain controllers.
Tip
You should run this command on the DC hosting the Infrastructure Master role.
Note
You must be a member of the Domain Admins group to run this command.
|
C:\>d:\sources\adprep\
adprep /domainprep
/gpprep
| This command is similar to the adprep /domainprep command, but it also provides updates to the schema for the Resultant Set of Policy (RSoP) tool.
Note
You must be a member of the Domain Admins group to run this command.
Tip
The /gpprep switch is needed if the
current domain is running on a Windows 2000 domain controller. It’s not
needed if the current domain is running on Windows Server 2003 domain
controllers.
|
Prepare the forest for RODCs.
C:\>d:\sources\adprep\
adprep /rodcprep
| If you also want to add Read-only Domain Controllers (RODC), you need to run this command.
Note
You must be a member of the Enterprise Admins group to run this command.
|
Tip
After running adprep,
ensure that you give it enough time to replicate the changes to all
domain controllers before making changes. For example, if you’re running
adprep /domainprep to prepare a
Windows Server 2003 domain to host Windows Server 2008 domain
controllers, give replication enough time to replicate the changes to
all DCs in the domain.
2. Registering the Active Directory Schema Snap-In
You can’t access the Active Directory Schema snap-in
by default. This is to provide an extra layer of protection so that
someone doesn’t accidentally modify the schema causing problems. You can
access the schema only after you register the schmmgmt.dll for the
Active Directory Schema snap-in.
The command to register the Active Directory Schema is
After you register the snap-in, the Active Directory
Schema will be available as a snap-in that you can add to an MMC as
shown in Figure 1.
