Wednesday, February 3, 2010

Deploying Your First 2008 Domain Controller

Your looking at deploying your first 2008 DC in your windows domain. Is there anything you need to do before hand. Well the answer is yes there is 4 things, with two optional.

You must run adprep /forestprep to prepare your active directory schema. This should be done on the schema master itself. You should also have Enterprise Admins, Domain Admins and Schema Admins rights to perform this command.

Secondly you must run adprep /domainprep on every domain controller in your forest. You need Domain Admin rights to do this. This command should also be run on the infrastructure master.

The two commands that are optional are:

Group Policy preparation. You run this by typing adprep /domainprep /gpprep. You need to be a domain admin to run this. What it does is add "Enterprise Domain Controllers" security group read permissions to all of your group policy objects. The reason for doing this is to allow administrators to use the resultant set of policy command RSOP. Please note that GPPrep requires at least 2003 DFL and FFL functional level.

The last optional preperation is the RDOC prep. This only needs to be done if your planning to have read only domain controllers. You run this by typing adprep /rodcprep.


Since at the time of running ADPREP you still do not have any Windows Server 2008 Domain Controllers, it should be made clear that these commands MUST be run on EXISTING Windows 2000 or Windows Server 2003 Domain Controllers. That is why you MUST make sure you keep a copy of the 32-bit version of the Windows Server 2008 installation DVD. You cannot use the 64-bit version of the installation media to run ADPREP on 32-bit versions of Windows 2000/2003. Because Windows Server 2008 installation media is 64-bit by default, remember to request the 32-bit version when you get your copy. In case you don't have the 32-bit version available, you can also use the evaluation version of Windows Server 2008 32-bit installation media to run ADPREP, so just download the file from Microsoft's website, and use it to run ADPREP on your 32-bit Windows 2000/2003 DCs.

What about 2008 R2, it only comes in x64?

On 2008 R2 there are two binaries for adprep, one in 32bit and one in 64bit located under D:\support\adprep

