Posted by Ståle Hansen on 26/08/2009
Any Post starting with this disclaimer means that this post was not written by me however I liked it and added to my blog to easily find it later. I will also include the link to the original or similar post to provide credit to the original author.
First off, a quick review of AD schema, and what it is and the function it performs. The Schema is essentially the “database” that AD resides in, so when we say things like “extending the schema” we mean the same thing any SQL DBA would mean – we are adding additional objects attributes to AD. These new additions allow for features in products that were not previously there to store their settings in Active Directory. Some of the recent Schema extensions you will see:
- Exchange 2007 SP2 requires schema extension.
- Exchange 2010 requires schema extension.
- OCS 2007 R1 or R2 require schema extension.
Additionally, while not an extension, these best practices also apply before raising your forest or domain functional levels.
Step One – Determine your Schema Master FSMO role holder
- On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
- Type roles, and then press ENTER.
- Type connections, and then press ENTER.
- Type connect to server <servername>, where servername is the name of the server you want to use, and then press ENTER.
- At the server connections prompt, type q, and then press ENTER again
- At the FSMO maintenance prompt, type Select operation target, and then press ENTER again.
- At the select operation target prompt, type List roles for connected server, and then press ENTER again.
- This will display all 5 FSMO roles. The one that has Schema is the one we need to back up.
- Type q 3 times to exit the Ntdsutil prompt.
Step Two – Ensure you have your DSRM password
- Most of the time, even if this is known, it has not been changed in a long time and is likely due.
- Follow instructions to reset DSRM password from KB322672
- This allows your backup to be authoritatively restored in the case you need to. Without this password being correct, your backup may not be usable.
Step Three – Take a system state backup (or two)
- Take an ntbackup.exe (Windows 2003) or Windows Server Backup (Windows 2008) if you are more comfortable with Microsoft restore procedures.
- Take another backup using whatever third party vendor product you typically use, if you are more comfortable with their restore procedures.
- It is recommended taking BOTH of the above for the Schema Master FSMO role holder.
While I have YET to run into any issues or problems with Schema extensions, if I ever did, I know I want a really good backup or two!
Posted in Active Directory | Tagged: backup, Exchange 2007, Exchange 2010, OCS 2007, OCS 2007 R2 | 1 Comment »
Posted by Ståle Hansen on 19/05/2009
I was doing some research before a domain migration at a customer site when I found this great forum post over at the techarena forum. http://forums.techarena.in/server-migration/1010582.htm
The general steps to migrate from Windows Server 2000 to Windows Server 2008 is almost the same as the steps to migrate from Windows Server 2003 to Windows Server 2008.
Old server: Windows Server 2000 box
New server: Windows Server 2008 box
- Verify that Windows 2000 SP4 have been installed on the old server and Windows Server 2008 SP1 have been installed on the new server. Note: the domain functional level should be in Windows 2000 native mode for the Windows 2000 domain
- Upgrade the Windows 2000 forest schema by running “adprep /forestprep” command on old server. Note: you can copy the adprep folder from the Windows Server 2008 installation disc to the old server to run “adprep /forestprep”. The location is \source\adprep on the installation disc.
- Upgrade the Windows 2000 domain schema by running “adprep /domainprep” command on old server
- Verify the new server’s TCP/IP configuration has been pointed to existing DNS server.
- Add new server to existing Windows 2000 domain as a member server.
- Run dcpromo on new server to promote it as an additional domain controller in existing Windows 2000 domain, afterwards you may verify the installation of Active Directory.
- Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication to synchronize Active Directory database between 2 replica.
- Disable Global Catalog on old server.
- Use NTDSUTIL utility to transfer all the 5 FSMO roles from old server to new server. You’d better transfer FSMO roles via GUI method instead of using NTDSUTIL.
- Install DNS component on new server and configure it as a new DNS Server(Active Directory Integrated-Zone is preferred). Note: all the DNS configuration need to be transferred from the existing DNS Server.
- Migrate DHCP service from Windows Server 2000 to Windows Server 2008. Migrate File Sharing service. You can also use robocopy.exe from the Windows Server Resource kit to copy the files and maintain NTFS permissions.
For the shares, the shares definitions and permissions are stored in the following registry key on the server: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares”. If you export out the whole key and import in the new server, and if you have the files and folders in the same path as in the old server, then you will retain all you shares and share permissions.
- It’s better to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
For more information, please refer to:
Posted in Active Directory | Tagged: Migrate from Server 2000 to Server 2008, Windows Server 2008 | 3 Comments »
Posted by Ståle Hansen on 02/05/2009
To find out what Windows server you are logged on:
- Open Command Prompt
- type: set logonserver
Posted in Active Directory | Tagged: Logonserver | Leave a Comment »
Posted by Ståle Hansen on 17/04/2009
Trouble finding the correct FSMO role holder or specifically the schema master, check the knowledge base at petri.co.il and this post
Posted in Active Directory | Tagged: Active Directory, FSMO roles, Schema master | 1 Comment »