ADPrep

[w33mhz]

Does anyone know if it is good idea or not to run adprep on a domain before adding a 2k8 server. The 2k8 server is not an Exchange server or Domain Controller.

The reason I ask is that there are some group policy features in 2k8 that I would like to configure and I wasn't sure if I just ran adprep if that would add those options to my existing domain enviorment. Currently I have a mix of 2000 and 2k3 domain controllers. Or should I only run that if I am going to add a 2k8 domain controller or exchange server?

 

[58sniper]

adprep is for DCs, not Exchange. Exchange runs setup /forestprep, or setup /domainprep, or ......


Pat Richard MVP

 

[w33mhz]

oh yea thats right my bad, well anyways I was just wondering if I had to have a 2K8 DC up. I don't really want to have a bunch of domain controllers is all. I only have 1 2000 left but it is a 2000 TS license server/Citrix license server as well.

 

[w33mhz]

Doesn't matter now, I am setting one up now.

 

[sdibias]

If you are going to install server 2008 into your existing 2000 or 2003 domain as a member server you don't have to do anything. If on the other hand you are planning on installing server 2008 as a Domain Controller you will need to extend the AD schema prior to bringing the DC online.

The commands you will need in this case are as follows

adprep /forestprep
adprep /domainprep /gpprep

and if you wanted to run an RODC use the following

adprep /rodcprep

Please see the following for more information

http://technet2.microsoft.com/windo...7771-4a31-8113-6e57c090987b1033.mspx?mfr=true

Visit www.netwerkin.com
MCSE MCSA MCTS MCITP MCP CCNA CCA A+ N+

 

[w33mhz]

Yes Yes, thank you. I was just kind of trying to cheap the system so to speak. I am curious about the RODC, I haven't read up on a Read-Only Domain Controller. How does that work?

 

[w33mhz]

I was just kind of trying to cheap the system so to speak

should be cheat the system

 

[sdibias]

An RODC is similar to the NT4 BDC's which were non-writable Domain Controllers. I know a few people at Microsoft that would be mad at me for comparing an RODC to A BDC but they are similar however different...

One of the primary purposes of the RODC is for security reasons. Lets say that you install a writable DC as a Global Catalog in a remote office that has little security with not IT personnel. In the event that the DC was stolen you would have to expire the passwords of every single user on your domain, whether that's 10 people or 50,000 your entire domain has now been compromised.

Using an RODC we could specify that only the local sites accounts are cached on the Domain Controller by using a Password Replication Policy. If we didn't specify this policy the local users and computers would have to traverse the slow WAN links to authenticate to the domain.

Now lets assume the same scenario as before, the office was broken into and the DC was stolen. Since we had used an RODC and a Password Replication Policy on the users of this site would need to change there passwords, much better!

Also an RODC is a great candidate for BitLocker, consider this when you are designing or implementing your network infrastructure!

Hope that helps...

Visit www.netwerkin.com
MCSE MCSA MCTS MCITP MCP CCNA CCA A+ N+

 

[sdibias]

On the second to last paragraph I mean to say

"only the users of this site would need to change there passwords, much better!"

I'm tired <g>


Visit www.netwerkin.com
MCSE MCSA MCTS MCITP MCP CCNA CCA A+ N+

 

[w33mhz]

That's great info thanks. I don't see a need in my senerio for an RODC, but that is something to think about.

 

[dennydd]

Are you looking into new Server 2008 Group Policy features?

check out Server 2008 Group Policy in depth