techlauve.com – a knowledge base for IT professionals.

Adding a server running Windows 2008 to a domain that is running Windows 2000/2003 servers is no big deal until you try to promote the 2008 (or 2008R2) server to a domain controller.  Active Directory must be updated to accommodate changes to the schema in 2008 and 2008R2.

1. The first thing that I would do before attempting any of this is to back up the server(s) that are already domain controllers, paying special attention to backing up the system state.
2. Once you have a good backup, it might be worth checking your logs for any lingering issues with the directory.  Make sure that your Directory Service and File Replication Service logs are clean in particular.  Of course, your System log should also be glanced at to check for anything that you may have overlooked during normal maintenance.
3. If your domain has (and has always had) only one server, then skip to step 4.  If you have multiple servers, figure out which server holds the Infrastructure Operations Master FSMO role.  This role is probably held by the first server that was promoted to a domain controller on your domain.  If you are at all unsure:
   – Open up Active Directory Users and Computers on a domain controller.
   – Right-click on the domain object and select Operations Masters.
   – Go to the Infrastructure tab.
   – The server holding the role will be shown there.

   The rest of the instructions assume that you are at the console of the Infrastructure Operations Master.

4. Insert your Windows Server 2008 (R2) CD (DVD), click OK if a message appears telling you that this disc in not compatible with your version of Windows.
5. Open a command prompt and run the following commands:
6. – Where “D:\” is the path to your DVD drive and your existing server is 32bit: (if your server is 64bit, leave off the “32” at the end of adprep32)
   D:\support\adprep\adprep32.exe /forestprep

   – Press C, then Enter at the prompt if your domain meets the criteria specified.

   – Now run: (assuming 32bit as stated above)

   – D:\support\adprep\adprep32.exe /domainprep /gpprep

   – If you received the following output, then move on to step 7.
   Adprep successfully updated the domain-wide information.
Adprep successfully updated the Group Policy Object (GPO) information.

   Mine didn’t say that!

   If you received the following message:

   Adprep detected that the domain is not in native mode...

   …then you need to raise your domain’s functional level.

   – Go to Active Directory Domains and Trusts.
   – Right-click on the domain object and choose “Raise Domain Functional Level…”
   – Choose “Windows Server 2003” and click Raise.

7. Now switch over to your new 2008(R2) server.  Make sure that the server is a member of the domain.
8. Go to Roles in the Server Manager and select Add Roles.
9. Place a checkmark next to Active Directory Domain Services and click Next.
10. Confirm your decision by clicking Install on the next page.
11. Once this wizard is complete, close it and open up a command prompt.
12. At the command prompt run dcpromo
13. This will launch the Active Directory Domain Services Installation Wizard.  Click Next twice.
14. At the Choose a Deployment Configuration page, select Existing forest and Add a domain controller to an existing domain and click Next.
15. At the Network Credentials page, verify that the domain name and current credentials are correct.  Ensure that you have supplied credentials to a user account that is a member of the Domain Admins group before clicking Next.
16. On the next page confirm the domain and forest and click Next.
17. Assuming you are not trying to install a read-only domain controller, you can click Yes on the dialog box that pops up informing you that adprep /rodcprep was not run.
18. Confirm the site name and click Next.
19. After using DNS to snoop around your network for a minute, the wizard will prompt you for additional options.  I would recommend making sure that both DNS Server and Global catalog are selected and click Next.
20. On this screen you are prompted to confirm the locations of the various files that house Active Directory.  Once satisfied with their locations, click Next.
21. The next screen prompts you for a restore mode password and is very important!  Carefully choose, enter and write down your restore mode password, then click Next.
22. This screen prompts you to review all of your selections, and I would recommend taking the time to do so.  When satisfied, click Next.
23. Sit back, relax and enjoy for a few minutes while Active Directory is configured on your new server.  When you are informed that the wizard is done, click Finish.
24. You will now be prompted to restart your server.  Do so.

Once your server reboots you should be done.  Log in and check all of your event logs, paying the closest attention to the Directory Service, DNS, and File Replication Service logs.  Almost all problems related to promotion of a domain controller will end up in here.

To quickly confirm that everything went smoothly you can do three things:

– Open Active Directory Users and Computers and confirm that the information there matches your old server.

– Open the DNS console and make sure that there is a forward lookup zone that matches your domain.

– Navigate to “C:\windows\SYSVOL\sysvol\<your-domain-name>” and make sure you have “policies” and “scripts” folders.  The “scripts” folder should contain any logon scripts that were on the old server.

Allow a few minutes for your DNS zones, SYSVOL and AD Users/Computers to replicate as this is replicated on an interval and not always immediate.  If you are impatient you can stop and start the NTFRS service.

-n