February 26, 2008, 8:14 pm
Updating schema for your forest is not something you do very often, however, it is a requirement when you introduce a Windows server 2003 DC in a Windows 2000 domain or when you introduce the first Windows Server 2008 in your Windows Server 2003 domain. (There may be other times when you have to do this such as when adding Exchange to your environment). Nonetheless it is a very simple and easy task.
I recently added a Windows Server 2008 domain tree to my existing Windows Server 2003 forest in my lab environment and here is how you do it. You start out by putting Windows Server 2008 DVD (in my case it was mounting the ISO image to the VM) on your schema master DC and from the command prompt you go to the (D:\Sources\adprep\) you can run the help option “/?” to know the syntaxes that apply here.
I ran the “adprep /forestprep”, you will have to hit C and ENTER to give assurance that all your DCs are at Windows 2000 SP4 level or above. In my case it imported about 14 new schema files “.ldf” files and successfully finished.
The next step is to run the “domainprep” syntax from within the same location and that is to be done on your infrastructute master FSMO role. (See FSMO). In my case it was a different DC, so same steps from above except for this time we only had to run the “domainprep” part.
In my case I also ran “adprep /domainprep /gpprep” to update the permissions on my existing GPOs. In future I may write a FAQ or memory refresher about FSMO roles as it is imperative to know the importance of these rules and to understand what we did here and why it could only be done on certain FSMO holders.
February 21, 2008, 6:15 pm
Apart from great tools such as command line Repadmin and GUI based Replmon, Dsastat (Windows Support Tool) is a command line utility that allows you to check your DCs replications, it compares and detects differences between directory partitions on domain controllers. The tool retrieves capacity statistics such as megabytes per server, objects per server, and megabytes per object class. Then, the tool compares the attributes of replicated objects. You can use the tool to compare two directory trees across replicas in the same domain or, for a global catalog, across different domains.
Following is an end result from the simple command with -s syntax for server names; i.e
dsastat -s:dc1;dc2
For more information, see this
February 18, 2008, 9:35 am
Distributed File System Replication was a major improvement over DFS and FRS, and also an intended seller feature of the R2 of Windows Server 2003. I came across a great article that describes what the DFRS does and how easily it can be setup. In domain environment, prior to installing DFSR the schema must be updated to the R2 version with the ADPREP utility from the CD2 of the Windows Server 2003 R2.
“DFSR is a multimaster replication engine used to distribute copies of data across multiple servers. It can run with or without DFS Namespaces, but its most popular use is to ensure that every member of a set of servers—a replica set—contains identical data and that replication is fast and bandwidth-efficient. It has many features, including bandwidth management, replication scheduling, and an innovative compression algorithm, that together dramatically decrease the amount of network bandwidth needed to keep data synchronized across your network. Microsoft reports that using DFSR results in up to a 300 percent improvement in the speed of large-file replication and 40 percent less administrative time spent managing the replication set.”
http://www.windowsitpro.com/Article/ArticleID/95223/95223.html
February 8, 2008, 9:55 am
A perfect tool for System Administrators who often spend too much time in Visio diagramming their Active Directory Infrastructure
“The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using ActiveX Data Objects (ADO), and then automatically generates a Visio diagram of your Active Directory and /or your Exchange 200x Server topology. The diagramms include domains, sites, servers, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.”
It is a freebie.
Download it here..
February 7, 2008, 12:58 pm
What was previously the Micrsoft Active Directory Health Check Program is now the Active Directory Risk Assessment Program (ADRAP).
“Microsoft ADRAP provides critical insight into the health of your directory services. Microsoft’s own experience internal engineers utilize our own IT department’s tool to take a snapshot of your production Active Directory (AD) environment”.
Under ADRAP the new program/utility is called Active Directory Snapshot tool (ver 5.0.1) that you install in your environment to run the analysis prior to having the Microsoft’s internal engineer coming out to do the assessment and recommendation for the cleanups/fixes. Our ADRAP project is due to take place in July this year, I am told we were heavily benefited last year by this program and we made several improvements in our AD infrastructure.
Note that the ADST is a diagnostic tool, not a monitoring tool. Thus it is not intended as a replacement for a enterprise class monitoring solution such as MOM, or System Center Operation Manager. There are some requirements for this program, for details take a look at the attached white papers.
ADRAP Datasheet v1.0
ADRAP Datasheet v1.5
