Manual Active Directory schema extension with Windows Server 2012/2012R2 adprep
When you are using Windows Server 2003 or Windows Server 2008 32bit Domain Controllers, it seems that you cannot simply extend schema manually using Windows Server 2012/2012R2 adprep utility. Especially if you do not need to promote new Windows Server 2012/2012R2 Domain Controller.
Previous Windows Server versions like:
- Windows Server 2003
- Windows Server 2008
contained only 32bit adprep utility.
In Windows Server 2008R2 there were two adprep tool versions:
- adprep32.exe for 32bit operating systems
- adprep.exe for 64bit operating systems
When Windows Server 2012 was released only one 64bit adprep version is available. There is no more 32bit tool to extend schema. With this Windows version new feature called transparent adpreping was introduced. This feature allows Active Directory promotion wizard automatically extend schema and prepare Infrastructure Master if it was ran with appropriate credentials:
- Enterprise Admin or Schema Admin to extend schema
- Enterprise or Domain Administrator to prepare Infrastructure Master
But what if you have 32bit Domain Controllers in your environment and you wish to extend schema without implementing Windows Server 2012/2012R2 DC?
You cannot execute adprep tool on 32bit OS directly, because you will get an error message
But new adprep released with Windows Server 2012 supports new switches which can be executed remotely on any 64bit OS.
To check them, mount DVD media or ISO file to any 64bit OS machine in your domain environment. In this example Windows 7 Enterprise 64bit workstation joined to the domain is used.
Go to X:\Support\ADPREP folder where X: is your DVD drive letter. In this example Windows Server 2012R2 adprep is used in environment where only Windows Server 2003 32bit Domain Controller is available.
d: cd support\adprep adprep.exe /?
As you can see there is a lot of new switches but they would not be discussed here. You can now simply start extending schema. Execute elevated command prompt and type
adprep.exe /forestprep /user <EnterpriseOrSchemaAdmin> /userdomain <ForestRootDNSDomainName> /password *
adprep.exe /forestprep /user administrator /userdomain testenv.local /password *
instead of /password * you can simply put account’s password but this might be seen by others, so it’s better to leave * because you will be prompted for the password
type password (it will not show on the screen) and press enter to start the action
adprep will start extension procedure
just wait couple of minutes to complete schema extension
and after all, run ADSI Editor (adsiedit.msc) to verify if schema version has changed
When you are able to see version 69, then Windows Server 2012R2 schema was applied!
Above procedure showed you how to do that for single forest, single domain environment. What if you have multiple forests in your organization? How to handle that scenario? Let’s see how to do that.
You need to add within adprep syntax one more switch /forest and specify for which forest you would like to extend schema. Of course, you need to be a member of Enterprise or Schema Admins group in that forest, to successfully perform an action.
adprep.exe /forestprep /forest <ForestDNSNameToApplySchema> /user <EnterpriseOrSchemaAdminForThatForest> /userdomain <ForestDomainDNSName> /password *
adprep.exe /forestprep /forest testenv.local /user administrator /userdomain testenv.local /password *
Just repeat above step for every forest you need to extend schema in.
Everything was done on a workstation which is added into domain. There is also another possibility. All those steps are available to any 64bit OS which is not joined to the domain.
In this case you need to be sure that NIC is configured properly to pointing on DNS server which is able to resolve forest root domain name
check if you can successfully ping forest DNS name and of course if Schema Master server is available from this network
and use adprep as it was shown for other forests with /forest switch
That’s all! I hope it would help you if you need to extend schema manually on 32bit Domain Controllers.
Author: Krzysztof Pytko