Information Technology Reference
In-Depth Information
CD/DVD in the \sources\adprep folder. Copy this folder to the domain controllers where you need
to run Adprep.
To prepare the forest, first run the adprep /forestprep command on an existing Windows
Server 2003 or Windows 2000 Server domain controller acting as the schema master. To deter-
mine which domain controller has this role, in the Active Directory Schema snap-in, right-click
the Active Directory Schema node and click Operations Master. You must log on to the schema
master DC as a member of all three of these groups: Enterprise Admins, Schema Admins, and
Domain Admins.
After adprep /forestprep runs and changes have been replicated to all DCs in the forest,
you must run adprep /domainprep in each domain where you plan to add a Windows Server
2008 DC. Windows 2000 domains require an extra parameter: adprep /domainprep /gpprep.
The command must be run on the infrastructure master DC for the domain. To determine the
infrastructure master DC, in Active Directory Users and Computers, right-click the domain
node and click Operations Masters. The Infrastructure tab lists the DC with this role. To run
the adprep /domainprep command, you must be logged on as a member of Domain Admins
for the domain.
Before you can install an RODC in an existing domain that isn't running all Windows Server
2008 domain controllers, you must follow these steps:
• Verify that the forest functional level is Windows Server 2003 or higher.
• Prepare the forest by running adprep /forestprep while logged on to any computer as a
user who's a member of Enterprise Admins. It doesn't matter which computer you run this
command from because it contacts the infrastructure master for each domain in the forest
to update its application directory partition.
• Install at least one writeable DC running Windows Server 2008.
• Install an RODC on a full Windows Server 2008 installation or a Server Core installation.
10
Remember, you must first copy the Adprep files from the Windows Server 2008 installation
CD/DVD to the computer on which you'll run it.
You might need to remove a DC from a domain because of server consolidation or upgrades or
remove an entire domain from your network because of company reorganization or a redesign
of your Active Directory infrastructure.
Removing a Domain Controller
Removing a DC from your domain is a straightfor-
ward procedure, but you need to be aware of some potential issues:
• If the DC performs any operations master roles, you must first transfer the role to another
DC (discussed later in “Managing Operations Master Roles”).
• If the DC is a global catalog server, make sure at least one other DC in the domain is a
global catalog server.
• If it's the only DC in the domain, you'll also remove the domain.
To remove a DC, you use Dcpromo to remove domain services from the domain controller.
Dcpromo is used to make a Windows Server 2008 server a DC, but it's also used to make a DC
a regular server. When you run Dcpromo on a DC, the Active Directory Domain Services
Installation Wizard detects that the server is already a domain controller. If it's also a global cat-
alog server, you're warned that global catalog servers are required for user logon and one must
be available in the domain. Figure 10-5 shows the second window of the wizard, where you spec-
ify whether it's the last DC in the domain. Next, you're prompted for an Administrator pass-
word. After domain services have been removed, your server remains a member of the domain
(assuming it wasn't the last DC).
Search WWH ::
Custom Search