- This topic has 0 replies, 1 voice, and was last updated 5 years, 9 months ago by
.
-
Posts
-
-
Applies To:Windows Server 2003 with SP1
What does ADPrep.exe do?
Adprep.exeis a command-linetool used to preparea Microsoft Windows 2000 forest or a Windows 2000 domain for the
installation of Windows Server 2003 domain controllers.
Who does this feature apply to?
Thechanges in ADPrep.exefor Windows Server 2003 Service Pack 1 will be of interest to:
IT professionals who support Active Directory, such as Active Directory administrators, Active Directory Schema
administrators, Domain NameSystem (DNS) administrators,and domain controller administrators.
Help desk professionals.
Application developers.
System integrators.
What new functionality is added to this feature in Windows Server 2003 Service Pack 1?
Adprep.exe enhancement to detect conflicting Exchange Server schema objects
Detailed description
When MicrosoftExchangeServer is deployed in an organization,ExchangeServer uses Active Directory as a data storeand it
extends the Windows 2000 Active Directory schema to enableit to store objects specific to ExchangeServer.The
ldapDisplayName of theattributeschema ms-Exch-Assistant-Name, ms-Exch-LabeledURI,and ms-Exch-House-Identifier
defined by ExchangeServer conflicts with the iNetOrgPerson schema that Active Directory uses in Windows Server 2003.
When Windows Server 2003 Service Pack 1 is installed, Adprep.exe will beableto detect the presence of theschema conflict
and block the upgrade of theschema until theissue has been resolved.
Why is this change important?
Upgrading the Active Directory schema from Windows 2000 to Windows 2003 when theseschema objects are present causes
the ldapDisplayName to becomecorrupted and results in issues with Active Directory replication.Fixing theExchangeServer
schema objects beforethe upgrade occurs results in a much smoother upgradeexperience.
What works differently?
The Windows 2000 Active Directory schema cannot be upgraded to the Windows Server 2003 schema until therequired
ExchangeServer schema objects arefixed.
How do I resolve these issues?
If Adprep.exe detects the presence of theconflicting ExchangeServer schema objects,you can usethefollowing procedureto
fix these objects and enable Adprep.exeto successfully upgradeyour Active Directory schema.
To fix conflicting Exchange Server schema objects
1. Log on to thecomputer that holds theSchema Operation Master role. By default, thefirst domain controller thatyou
install in your forest is theSchema Operation Master. You must log on using an account that is a member of theSchema
Admins security group.
2. Click Start,click Run, type notepad.exe in the Open box,and then click OK.
3. CreatetheInetOrgPersonPrevent.ldf script by copying thefollowing text including thetrailing hyphen after
“schemaUpdateNow: 1” to Notepad:
dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace:LDAPDisplayName
LDAPDisplayName: msExchAssistantName
–
dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: LDAPDisplayName
LDAPDisplayName: msExchLabeledURI
–
dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=X
changetype: Modify
replace: LDAPDisplayName
LDAPDisplayName: msExchHouseIdentifier
–
dn:
changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1
–
4. On theFile menu,click Save. In the Save As dialog box, follow thesesteps to savetheInetOrgPersonPrevent.ldf script:
In File name, typethefollowing:
\%userprofile%\InetOrgPersonPrevent.ldf
In Save as type,click All Files.
In Encoding,click Unicode.
Click Save.
Close Notepad.
5. Run theInetOrgPersonPrevent.ldf script using thefollowing steps:
Click Start,click Run, typecmd in the Open box,and then click OK.
Ata command prompt, typethefollowing,and then press ENTER:
cd %userprofile%
Typethefollowing command
c:\documents and settings\%username%ldifde -i -f inetorgpersonprevent.ldf -v -c DC=X
“domain_name_path_for_forest_root_domain”
6. Verify that the ldapDisplayNames for the CN=ms-Exch-Assistant-Name, CN=ms-Exch-LabeledURI,and CN=ms-Exch-HouseIdentifier
attributes in theschema naming context now appear as msExchAssistantName, msExchLabeledURI,and
msExchHouseIdentifier.
Note
In step 5 of the previous procedure notethefollowing details:
DC=X is a case-sensitiveconstant.
The domain name path for theroot domain must beenclosed in quotation marks.For example, thecommand syntax for an
Active Directory forest whoseforest root domain is Contoso.com would be:
c:\documents and settings\administrator>ldifde -i -f inetorgpersonprevent.ldf -v -c DC=X “dc=contoso,dc=com”
Adprep.exe enhancement to detect other conflicting schema objects
Detailed description
Many applications use Active Directory as a data storeand extend the Windows 2000 Active Directory schema to enableit to
store objects specific to theapplication. If an application defined a non-RFC compliant schema object, such that the
ldapDisplayName, object identifier (OID) or other schema attributes conflict with the Windows 2003 Active Directory schema,
when Adprep.exeis run it will detect theconflictand display a genericerror.
Why is this change important?
Upgrading the Active Directory schema from the Windows 2000 Server schema to the Windows Server 2003 schema when
theseschema objects are present causes the object to becomecorrupted and results in issues with Active Directory replication.
Fixing theschema objects beforethe upgrade occurs results in a much smoother upgradeexperience.
What works differently?
The Windows 2000 Active Directory schema cannot be upgraded to the Windows Server 2003 schema until theconflicting
schema objects arefixed. In Windows Server 2003 Service Pac 1, Adprep.exe will identify thata conflicting schema object
exists, prevent thecorruption of theschema object by blocking the upgrade,and if possibleidentify which objects arein
conflict so thatyou can resolvetheconflict.
Adprep.exe enhancement to perform SYSVOL operations in a separate step
Detailed description
In previous versions of Windows Server 2003 running adprep /domainprep resulted in theaddition of an inheritableaccess
control entry (ACE) to all Group Policy objects (GPOs) in theSYSVOL folder.This ACE gives Enterprise domain controllers read
access to the GPOs to support ResultantSet of Policy (RSoP) functionality for site base policy.Theaddition of this ACE is
detected by thefilereplication service(FRS) and initiates an FRS synchronization of all GPOs in theSYSVOL folder.
In Windows Server 2003 Service Pack 1, theaddition of the ACE to the GPOs in theSYSVOL folder is not performed while
running adprep /domainprep. Instead,a new switch (/gpprep) has been added to adprep to add theinheritable ACE to the
GPO folders in theSYSVOL directory.This allows administrators to updatethe ACE of the GPO objects at their convenience.
Why is this change important?
If an organization has a large number of files contained in the GPOs or slow links to replication servers, theFRS
synchronization triggered by the/domainprep operation could adversely affect the deployment schedulefor Windows
Server 2003. By putting this operation at the discretion of theadministrator, theimpact of this operation can be planned and
scheduled as part of the deployment.
What works differently?
The deployment of a Windows Server 2003 domain controller can occur after running adprep /forestprep and adprep
/domainprep. ResultantSet of Policy (RSoP) functionality will only be operational after running adprep /domainprep
/gpprep.
-
- You must be logged in to reply to this topic.