Prepare your Domain for the Windows Server 2008 R2 Domain Controller

Prepare your Domain for the Windows Server 2008 R2 Domain Controller

Before installing the first Windows Server 2008 R2 domain controller (DC) into an existing Windows 2000, Windows Server 2003 or Windows Server 2008 domain, you must prepare the AD forest and domain. You do so by running a tool called ADPREP.

What does ADPREP do? ADPREP has parameters that perform a variety of operations that help prepare an existing Active Directory environment for a domain controller that runs Windows Server 2008 R2. Not all versions of ADPREP perform the same operations, but generally the different types of operations that ADPREP can perform include the following:

    Updating the Active Directory schema
    Updating security descriptors
    Modifying access control lists (ACLs) on Active Directory objects and on files in the SYSVOL shared folder
    Creating new objects, as needed
    Creating new containers, as needed
   
    To prepare the forest and domain for the installation of the first Windows Server 2008 R2 domain controller
    The following tasks are required ONLY before adding the first Windows Server 2008 R2 domain controller
   
    you cannot join a Windows Server 2008 R2 server to a Windows NT 4.0 domain
  If any domain controllers in the forest are running Windows 2000 Server, they must be running Service Pack 4 (SP4).
 
  You should test the ADPREP schema updates in a lab environment to ensure that they will not conflict with any applications that run in your environment.
  You must make a system state backup for your domain controllers, including the schema master and at least one other domain controller from each domain in the forest
  make sure that you can log on to the schema master with an account that has sufficient credentials to run adprep /forestprep.
  You must be a member of the Schema Admins group, the Enterprise Admins group, and the Domain Admins group of the domain that hosts the schema master, which is, by default, the forest root domain.
 
  Browse to the X:\support\adprep folder, where X: is the drive letter of your DVD drive. Find a file called adprep.exe or adprep32.exe.
  Windows Server 2008 R2 ADPREP is available in a 32-bit version and a 64-bit version
 
  In the Command Prompt window, type the following command:
    adprep /forestprep
 
  ADPREP will take several minutes to complete. During that time, several LDF files will be imported into the AD Schema, and messages will be displayed in the Command Prompt window. File sch47.ldf seems to be the largest one.
  ADPREP should only be run on an existing DC.
  Allow the operation to complete, and then allow the changes to replicate throughout the forest
 
  In the Command Prompt window, type the following command
  adprep /domainprep
 
  If you’re running a Windows 2008 Active Directory domain, that’s it, no additional tasks are needed.
 If you’re running a Windows 2000 Active Directory domain, you must also the following command:
    adprep /domainprep /gpprep
    If you’re running a Windows 2003 Active Directory domain, that’s it, no additional tasks are needed. However, if you’re planing to run Read Only Domain controllers (RODCs), you must also type the following command:
    adprep /rodcprep
 

To verify that adprep /forestprep completed successfully please perform these steps:

1. Log on to an administrative workstation that has ADSIEdit installed. ADSIEdit is installed by default on domain controllers that run Windows Server 2008 or Windows Server 2008 R2. On Windows Server 2003 you must install the Resource Kit Tools.

2. Click Start, click Run, type ADSIEdit.msc, and then click OK.

3. Click Action, and then click Connect to.

4. Click Select a well known Naming Context, select Configuration in the list of available naming contexts, and then click OK.

5. Double-click Configuration, and then double-click CN=Configuration,DC=forest_root_domain where forest_root_domain is the distinguished name of your forest root domain.

6. Double-click CN=ForestUpdates.

7. Right-click CN=ActiveDirectoryUpdate, and then click Properties.

8. If you ran adprep /forestprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK.

9. Click ADSI Edit, click Action, and then click Connect to.

10. Click Select a Well known naming context, select Schema in the list of available naming contexts, and then click OK.

11. Double-click Schema.

12. Right-click CN=Schema,CN=Configuration,DC=forest_root_domain, and then click Properties.

13. If you ran adprep /forestprep for Windows Server 2008 R2, confirm that the objectVersion attribute value is set to 47, and then click OK.  
https://www.petri.com/prepare-for-server-2008-r2-domain-controller