Posted on by Ace Fekay

AD Upgrade Checklist and Procedure

AD migration checklist and procedure:
Technet Thread: "Migrating from AD 2003 to AD 2008 R2:"
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/906266b9-62c9-462f-b16e-3b801c7e2fc3/

Here’s a quick summary from:
Transitioning your Active Directory to Windows Server 2008 R2
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/26/transitioning-your-active-directory-to-windows-server-2008-r2.aspx
 

ADPREP

Run adprep with the following switches.  
If you are running it on a 32 bit machine, use the adprep32.exe version.
 
adprep /forestprep
adprep /domainprep /gpprep      Run after the foresprep and in each domain on the IM Role (enable Resultant Set of Policy (RSOP) Planning Mode functionality)
adprep /domainprep              Run after the forestprep and in each domain
adprep /rodcprep                Run on the DNM Role. Optional only if you expect to install an RODC.
 
You can also use the /wssg switch so you can get a detailed result code instead of a 0 for success, or 1 for an error.
 
Alllow replication time. Go get a cup of coffee, cold refreshment, or a beer.

 

Then check your schema version:

repadmin /showattr * "cn=schema,cn=configuration,dc=domain,dc=tld" /atts:objectVersion

Run it on all DCs. You can use PSEXEC – Microsoft Technet to remotely run it in a command prompt, or create a script.
 
When all your Domain Controllers report Schema version 47, you’re good to go. If not, check the event logs and the C:\Windows\Debug\Adprep\Logs\adprep.log.

More info if needed:
Troubleshooting ADPREP Errors
http://blogs.technet.com/b/askds/archive/2008/12/15/troubleshooting-adprep-errors.aspx

 

Then raise the Domain Functional Level.

This adds two features:
1. Authentication Mechanism Assurance – Type of authentication is added to the user’s Kerb ticket.
2. Automatic SPN Management – Allows the use of Managed Service Accounts (MSAs) instead of Domain User accounts to run a service under.
Allow a bit of time to replicate. Go get a cup of coffee, a beer, whatever.
 

Then raise the Forest Functional Level.

This basically adds one thing:
1. The ability to enable the new Active Directory Recycle Bin feature.
 
If you want to enable it, go to Start, Programs AD Powershell, then run:
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=domain,DC=tld’ -Scope ForestOrConfigurationSet -Target ‘domain.local’
 
Allow replication time, too. Go get another beer.
 

Run the AD BPA

1. Server Manager, expand the Roles node
2. Select the Active Directory Domain Services role.
3. Scroll down to the Best Practice Analyzer section.
4. Click on the Scan This Role link on the right hand side.

Windows Server 2008 R2 Upgrade Paths
http://technet.microsoft.com/en-us/library/dd979563(WS.10).aspx

How to upgrade Windows Server 2003 R2 to Windows Server 2008 on a computer that includes a Baseboard Management Controller and a root-enumerated IPMI device
http://support.microsoft.com/kb/953224

 

Ace Fekay

Corrections, suggestions, & comments are welcomed

Leave a Reply