Windows 7 / Getting Started

Installing Additional Domain Controllers in a Domain

If you have a domain with at least one domain controller running Windows 2000 Server, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 you can create additional domain controllers to distribute authentication, create a level of fault tolerance in the event that any one DC fails, or provide authentication in remote sites.

Installing the First Windows Server 2008 R2 Domain Controller in an Existing Forest or Domain

If you have an existing forest with domain controllers running a previous version of Windows Server, you must prepare them before you create your first Windows Server 2008 R2 domain controller. That's because Windows Server 2008 R2 adds objects and attributes to the directory that previous versions of Windows don't understand. Therefore, the schema must be updated. The schema is the definition of the attributes and object classes that can exist within a domain. It is like the catalog for what can be created in other directory partitions.

The ADPrep command prepares Active Directory for a DC that is running a version of Windows Server that is newer than the existing DCs in the forest or domain. Adprep.exe is a command-line tool that is included on the installation disk of each version of Windows Server. Adprep.exe performs operations that must be completed in an existing Active Directory environment before you can add a DC that runs that version of Windows Server.

Adprep.exe has parameters that perform a variety of operations to help prepare an existing Active Directory environment for a DC that runs a later version of Windows Server. Not all versions of Adprep.exe perform the same operations, but Adprep.exe can generally:

  • Update the Active Directory schema.
  • Update security descriptors.
  • Modify access control lists (ACLs) on Active Directory objects and on files in the SYSVOL shared folder.
  • Create new objects, as needed.
  • Create new containers, as needed.

To prepare the forest schema for Windows Server 2008 R2, follow these steps:

  1. Log on to the schema master as a member of the Enterprise Admins, Schema Admins, and Domain Admins groups.
  2. Copy the contents of the \Sources\Adprep folder from the Windows Server 2008 R2 DVD to a folder on the schema master.
  3. Open an elevated Command Prompt and change directories to the Adprep folder.
  4. Type adprep /forestprep and press Enter.

You must allow time for the operation to complete. After the changes have replicated throughout the forest, you can continue to prepare the domains for Windows Server 2008 R2. To prepare a domain for the first Windows Server 2008 R2 domain controller, perform these steps:

  1. Log on to the domain infrastructure operations master as a member of the Domain Admins group.
  2. Copy the contents of the \Sources\Adprep folder from the Windows Server 2008 R2 DVD to a folder on the infrastructure master.
  3. Open an elevated Command Prompt and change directories to the Adprep folder.
  4. Type adprep /domainprep /gpprep and press Enter.
    On Windows Server 2003, you might receive an error message stating that updates were unnecessary. You can ignore this message.

Allow the change to replicate throughout the forest before you install a domain controller that runs Windows Server 2008 R2.

To prepare AD DS for the first RODC, follow these steps:

  1. Log on to any computer as a member of the Enterprise Admins group.
  2. Copy the contents of the \sources\adprep folder from the Windows Server 2008 R2 DVD to a folder on the computer.
  3. Open an elevated command prompt, and change directories to the adprep folder.
  4. Type adprep /rodcprep, and then press ENTER.
Note:
If you plan to install an RODC in any domain in the forest, run adprep /rodcprep. You can run Adprep /rodcprep from any DC as long as you are logged on as a member of the Enterprise Admins group. Wait to allow its changes to replicate throughout the forest before you install the first RODC. You can run Adprep /rodcprep at any time in a Windows 2000 Server or Windows Server 2003 forest. It does not have to run in conjunction with /forestprep.
Tip
The Adprep /rodcprep command is required before installing an RODC into any domain in an existing forest with Windows Server 2003 or Windows 2000 Server domain controllers. It is not necessary if the forest is a new forest consisting only of Windows Server 2008 domain controllers.
[Previous] [Contents] [Next]

In this tutorial:

  1. Administering Domain Controllers
  2. Deploying Domain Controllers
  3. Unattended Installation Options and Answer Files
  4. Installing a New Windows Server 2008 R2
  5. Installing Additional Domain Controllers in a Domain
  6. Installing an Additional Domain Controller
  7. Installing a New Windows Server 2008 Child Domain
  8. Staging the Installation of an RODC
  9. Installing AD DS from Media
  10. Managing Operations Masters
  11. Domain-Wide Operations Master Roles
  12. Optimizing the Placement of Operations Masters
  13. Transferring Operations Master Roles
  14. Seizing Operations Master Roles
  15. Configuring DFS Replication of SYSVOL
  16. Understanding Migration Stages