Windows 2003 ADPrep
What do I need to do to prepare my Windows 2000 forest for the installation of the first Windows Server 2003 DC?
Before you can introduce Windows Server 2003 domain controllers, you must prepare the forest and domains with the ADPrep utility.
- ADPrep /forestprep on the schema master in your Windows 2000 forest.
- ADPrep /domainprep on the Infrastructure Master in each AD domain.
ADPrep is located in the i386 directory of the Windows Server 2003 install media.
UPDATE: For Windows Server 2008, please refer to our Windows Server 2008 ADPrep article
Note: In Windows Server 2003 R2, ADPrep is not located in the same folder as in the older Windows Server 2003 media, and instead you need to look for it in the second CD. You see, Windows Server 2003 R2 comes on two installation disks. Installation disk 1 contains a slip-streamed version of Windows Server 2003 with Service Pack 2 (SP2). Installation disk 2 contains the Windows Server 2003 R2 files.
The correct version of the ADPrep.exe tool for Windows Server 2003 R2 is 5.2.3790.2075.
You can find the R2 ADPrep tool in the following folder on the second CD:
(where drive is the drive letter of your CD-Rom drive)
Read more about ADPrep and Windows Server 2003 R2 in KB 917385
Exchange 2000 note: Please make sure you read Windows 2003 ADPrep Fix for Exchange 2000 before installing the first Windows Server 2003 DC in your existing organization.
Microsoft recommends that you have at least Service Pack (SP) 2 installed on your domain controllers before running ADPrep. SP2 fixed a critical internal AD bug, which can manifest itself when extending the schema. There were also some fixes to improve the replication delay that can be seen when indexing attributes.
Similar to the Exchange setup.exe /forestprep and /domainprep switches.
- The Exchange /forestprep command extends the schema and adds some objects in the Configuration Naming Context.
- The Exchange / domainprep command adds objects within the Domain Naming Context of the domain it is being run on and sets some ACLs.
The ADPrep command follows the same logic and performs similar tasks to prepare for the upgrade to Windows Server 2003.
The ADPrep /forestprep command extends the schema with quite a few new classes and attributes. These new schema objects are necessary for the new features supported by Windows Server 2003.
You can view the schema extensions by looking at the .ldf files in the \i386 directory on the Windows Server 2003 CD. These files contain LDIF entries for adding and modifying new and existing classes and attributes.
Since the schema is extended and objects are added in several places in the Configuration NC, the user running /forestprep must be a member of both the Schema Admins and Enterprise Admins groups.
The ADPrep /domainprep creates new containers and objects, modifies ACLs on some objects, and changes the meaning of the Everyone security principal.
Before you can run ADPrep /domainprep, you must be sure that the updates from /forestprep have replicated to all domain controllers in the forest.
/domainprep must be run on the Infrastructure Master of a domain and under the credentials of someone in the Domain Admins group.
You can view detailed output of the ADPrep command by looking at the log files in the %Systemroot%\system32\debug\adprep\ogs directory.
Each time ADPrep is executed, a new log file is generated that contains the actions taken during that particular invocation. The log files are named based on the time and date ADPrep was run.
Once you’ve run both /forestprep and /domainprep and allowed time for the changes to replicate to all domain controllers, you can then start upgrading your domain controllers to Windows Server 2003 or installing new Windows Server 2003 domain controllers.
Upgrading to Windows Server 2003
How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003 – 325379
Hotfixes to Install on Windows 2000 Domain Controllers Before Running Adprep /Forestprep – 331161
More in Active Directory
How to Fix the "An Active Directory Domain Controller for the Domain Could Not Be Contacted" Error
Jun 20, 2022 | Michael Reinders
How to Delete a Protected OU in Active Directory
Jun 8, 2022 | Michael Reinders
Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory
Jun 7, 2022 | Russell Smith
Microsoft Announces Entra, A New Identity and Access Management Suite
May 31, 2022 | Rabia Noureen
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Most popular on petri