In order to get full management of a Windows 7 environment, or to take advantage of the new features in Active Directory Domain Services like Applocker or the AD Recycle Bin, you need to raise the domain functional level of the forest and domain to Server 2008 R2.
- Forefront Endpoint Protection (FEP) 2012 – Part 2: Deployment and configuration - Wed, Jun 29 2011
- Forefront Endpoint Protection 2012 –Part 1: Installation on Configuration Manager 2012 - Wed, Jun 22 2011
- iPad for business? The consumerisation of enterprise - Fri, Nov 19 2010
There are a few upgrade paths available – it is possible to perform an in-place upgrade of Windows Server to Server 2008 R2, but you need to verify that the path you have planned is supported. Here’s a list of supported in-place upgrade paths. However, performing a live upgrade of a domain controller is a gutsy move, so a side-by-side migration is the less dangerous (and recommended) path.
Before raising the Active Directory domain functional level Microsoft recommends that you bring a new Server 2008 R2 domain controller into the AD environment and let it sit quietly for a while, replicating data and interacting with the other DCs. This ensures that any infrastructural issues get resolved before you start modfying existing domain controllers. Before you can do that the existing AD schema needs to be extended to accommodate the new DC. This is done using the adprep tool which is available on the Server 2008 R2 installation media under /support/adprep.
Extract the adprep tool to an existing domain controller. Within the adprep folder there are two main executables – ADPREP.EXE and ADPREP32.EXE. Choose the appropriate version based on the platform of the domain controller – if it’s a 32-bit server, run ADPREP32.EXE. In the following examples I’m assuming a 64-bit platform.
Expand the main Active Directory schema
Extending the schema is a two-stage process. The first step is run from the forest Schema Master, with an account which is a member of both Schema Admins and Enterprise Admins. In a small environment, one main DC is likely to hold all the vital AD roles, but in case you’re not sure which DC is the Schema Master, here’s an extract from the relevant Microsoft Support page that explains how to how to determine the Schema FSMO Holder in a Forest:
1. Click Start, click Run, type mmc, and then click OK.
2. On the Console menu, click Add/Remove Snap-in, click Add, double-click Active Directory Schema, click Close, and then click OK.
3. Right-click Active Directory Schema in the top left pane, and then click Operations Masters to view the server holding the schema master role.
NOTE: For the Active Directory Schema snap-in to be available, you may have to register the Schmmgmt.dll file. To do this, click Start, click Run, type regsvr32 schmmgmt.dll in the Open box, and then click OK. A message is displayed that states the registration was successful.
First, run ADPREP /FORESTPREP on the forest Schema Master. This expands the main AD schema to version 47. Allow replication to take place across all DCs before performing the next step.
Extend the domain schema
Once replication is complete, the next step has to be run on the Infrastructure Master with the logged-in credentials of a member of Domain Admins.
How to verify the domain Infrastructure Master
1. Go to Administrative Tools, Active Directory Users and Computers
2. Right-click the domain and select Operations Masters
3. Select the Infrastructure tab to retrieve the name of the current Infrastructure Master
Run ADPREP /DOMAINPREP on the Infrastructure Master to extend the domain schema. Again, wait for replication to complete.
Subscribe to 4sysops newsletter!
That’s the groundwork done. In Part 2 we’ll bring in our first Server 2008 R2 domain controller – in our case, a virtual DC running on top of Hyper-V (just to make things tricky).
