Error seen when attempting to add a new domain controller to an existing domain;
Verification of replica failed. The specified domain {Domain-Name} is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is depreciated.
The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.
You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.
Solution: FRS is Depreciated
Before proceeding you MUST ensure all your existing domain controllers are AT LEAST Windows Server 2008. Your domain and forest functional levels should be at Windows Server 2008 (AL LEAST). It would also be a good move, to make sure all your DCs are replicating cleanly.
You need to go to one of your legacy (existing) domain controllers, and carry out the following PowerShell procedure.
First make sure that no one’s messed about with this before, issue the following command and make sure the migration process has not been previously started;
[box]
dfsrmig /getglobalstate
[/box]
Start the process.
[box]
dfsrmig /setglobalstate 1
[/box]
It can take a while, (even if you only have one Domain Controller!) Keep checking the status, with the command ‘dfsrmig /getmigrationstate’ until it says all the domain controllers have migrated to global state ‘Prepared‘.
Change the process to state 2 (Redirected).
[box]
dfsrmig /setglobalstate 2
[/box]
This typically completes a bit faster than the first state. Keep checking the status, with the command you originally used, until it says all the domain controllers have migrated to global state ‘Redirected‘.
Change the process to state 3 (Eliminated).
[box]
dfsrmig /setglobalstate 3
[/box]
As before, keep checking the status, with the command you originally used, until it says all the domain controllers have migrated to global state ‘Suceeded‘.
On the ‘Old‘ domain controllers, you need to disable the NTFRS service and stop it.
This is considerably less painfull than adding a 2008/2008 R2 domain controller to a 2003 domain was. You dont have to maually prep the schema on the schema master, or run forestprep and domainprep. The wizard does everything for you.
Solution
1. Launch server manager from the taskbar > Select Local Server > Manage > Add Roles and Features.
2. Role Based… > Next.
3. Select local server > Next.
4. Tick ‘Active Directory Domain Service’ > Next.
5. Accept the defaults > Next.
6. Next.
7. Install.
8. Installation may take a while.
9. When finished nothing appears to change, but it does say “Suceeded” > Close.
10. Now the role is on the server you just need to promote it, you can do this by selecting AD DS in the left hand menu > and click ‘More’.
11. ‘Promote the server to a domain controller’
12. By default it will fill in the domain you are already a member of > Next
13. Enter your directory servies restore mode password (DON’T ever lose this password!) > Next.
14. I dont want anyone outside my domain browsing my domain so I don’t care about the delegation error > Next.
15. If you want to reboot as soon at it’s finished tick the box, and (optionally) select a Dc to replicate from > Next.
16. Accept or change the paths as required > Next.
17. Heres a nice touch, now it preps the forest, schema, and domain for you > Next.
18. Next.
19. Install (I’d suggest a reboot when its done).
Related Articles, References, Credits, or External Links
But if you attempt to run ‘dcpromo’ from command line, you will see this error, and a link to a Technet article. (Perhaps a clickable link to a picture showing where dcpromo now lives would be better!)
Solution
Note: I’m assuming you have already added the Active Directory Domain Services Role? If not do that first.
1. From Server Manager (ServerManager.exe) > ADDS > There should be a warning triangle at the top of the window > Select it > ‘Promote this server to a domain controller’
Related Articles, References, Credits, or External Links
For everyone that’s ever sat in a server room/cupboard and had to wait for a server to replicate active directory from a remote site, you will appreciate just how helpful the /ADV switch is when creating a domain controller.
What does it do? Well Basically it lets you build a domain controller from a backed up copy of active directory, so after a reboot the new domain controller only has to replicate the changes from a distant server (which is good if you only have a 512Kb connection and a dozen people are also using it)
Solution
1. First you need to get a backup of active directory, Go to an existing domain controller, and click Start > Run > ntbackup {enter}.
2. Untick “Always start in wizard mode” and click Next.
3. Select “Backup files and settings” click Next.
4. Select “Let me choose what to backup” Click Next.
5. Expand the server and select “System State”, Click Next.
6. Click the Browse button.
7. Call the backup SystemState and drop it on the root of the C: drive.
8. Click Next.
9. Click Finish.
10. The Backup Process will start.
11. It may run for a while – best go get a coffee 🙂
12. When it has finished click “Close” Note make sure no errors reported apply to active directory.
13. Go to the New server armed with a copy of the SystemState.bkf file and drop it onto the new server.
14. Now you need to restore the files to a folder so the DCPROMO session can read the Active directory files. Click Start > run > ntbackup.
15. Untick “Always start in wizard mode” and click Next.
16. Select “Restore Files and Settings” Click Next.
17.Click Browse.
18. Click Browse.
19.Navigate to the SystemState.bkf file and click OPEN.
20. Click OK.
21. Select System State > Click Next.
22. Click Advanced.
23. Change the restore files to “Alternative location” and type in a folder to hold the restored files (C:AD) > Click Next.
24. Accept the default of “Leave existing files (recommended)” > Click Next.
25. Accept the defaults > Click Next.
26. Click Finish.
27. The files will now restore.
28. Time for another brew.
29. When its finished click Close.
30. Now you need to Promote the server to a domain controller. Click Start > run > dcpromo /adv {enter}.
31. Click Next.
32. Click Next.
33. Select “Additional Domain controller for an existing domain” Click Next. (Note: if DNS is not set correctly it will fall over at this point.)
34. Select “From these restored backup files” > Browse > Navigate to the folder you restored files to earlier.
35. Click Next.
36. If you want this server to be a Global Catalogue server then select Yes otherwise leave the default of No selected and click Next.
37. Supply an account with sufficient privileges to promote the server to a domain controller.
38. Accept Defaults > Click Next.
39. Accept Defaults > Click Next.
40. Enter and confirm a directory restore mode password (Make sure you will remember what this is in case you ever need to repair AD on this server) then Click Next.
41. Review the settings > Click Next.
42. Now the server will install and configure active directory.
43. When it’s done Click Finish.
44. Click “Restart Now.”
Job done! The longer its been since you did the original backup the longer it will take to replicate the changes to Active Directory so don’t be to surprised it it takes a little longer to boot up.
Related Articles, References, Credits, or External Links
Before you can add a Windows Server 2008 Domain Controller to a Windows Server 2003 Domain you need to carry out some preparation, this can be done during working hours, as the process only has a slight performance hit no one will notice there is work going on.
Solution
Before you start, have a good look round your existing domain controllers, get the latest service packs and updates installed. Have a good look through the event logs on the domain controllers, and make sure you domain is happy and replicating, before introducing 2008.
1. First locate the server that holds the FSMO role “schema master”
Locate your FSMO Servers
netdom query /domain:YOURDOMAINNAME fsmo
Note: this is a test network, so all my roles are on the same server – yours will probably be spread out more efficiently.
Prepare the Forest for 2008
2. Go to the schema master server and put in the Server 2008 Install DVD (if it does not have a DVD drive then share then copy the contents of the “support” folder to the schema master).
3. Change to the directory that contains adprep, and issue an “adprep /forestprep” command. (or adrep32 /forestprep on an x32 bit server see below).
4. Read the warning! Make sure your domain controllers comply. Press C {enter} to continue.
Adprep32/ forestprep
5. It will run for a few minutes (Coffee!). When it’s finished it should say that it was successful.
Prepare the Domain for 2008
1. You need to locate the FSMO server that’s holding your Infrastructure Master Role. CLICK HERE.
2. Go to the Infrastructure master server and put in the Server 2008 Install DVD (if it does not have a DVD drive then share then copy the contents of the “support” folder to the schema master).
3. Change to the directory that contains adprep, and issue an “adprep /domainprep” command. (or adrep32 /domainprep on an x32 bit server see below).
Adprep32 /domainprep
Note: This will fail if the domain is not in “Native Mode”
Note: You may also want to run “adprep /domainprep /gpprep” when the above had completed successfully.
Prepare the environment for a 2008 RODC (Read Only Domain Controller)
1. Only really a problem if you want to deploy an RODC. You need to locate the FSMO server that’s holding your Infrastructure Master Role. CLICK HERE.
2. Go to the Infrastructure Master server and put in the Server 2008 Install DVD (if it does not have a DVD drive then share then copy the contents of the “support” folder to the schema master).
3. Change to the directory that contains adprep, and issue an “adprep /rodc” command. (or adrep32 /domainprep on an x32 bit server).
If you DONT Prepare for Server 2008 you will see the following errors
Seen when adding a 2008 domain controller to a domain with an earlier schema/domain version.
Error 1: To install a domain controller into this Active Directory forest you must first prepare the forest using “adprep /forestprep”. The Adprep utility is available on the Windows Server 2008 R2 installation media in the supportadprep folder.
Error 2: To install a domain controller into this Active Directory domain, you must first prepare the domain using “adprep /domainprep”. The Adprep utility is available on the Windows Server 2008 R2 installation media in the supportadprep folder.
Error 3: You will not be able to install a read-only domain controller in this domain because the “adprep /rodcprep” was not yet run.
Install the New Windows Server 2008 Domain Controller
I’m assuming you have a new server built with Windows Server 2008 / 2008 R2 installed on it, and that you have applied all the necessary service packs and updates to it. It should also be joined to the domain (as a member server) and preferably have a static IP address.
1. Whilst logged on with administrative access > Start > In the Search/Run > type dcpromo {enter}
2. Next.
3. Read the warnings > Next.
4. We are adding a new DC in an existing domain > Next.
5. Confirm the domain name is correct > Next.
6. Check again > Next.
7. If your domain has multiple sites > Then select the site that this DC will be deployed into > Next.
8. The first 2008 Domain controller, should be a global catalog server, and the promotion will install and configure DNS as well > Next.
9. If you have a flat single domain with AD integrated DNS zones this is OK > Simply click Yes > Next.
10. Accept the defaults, (unless you want to host these in a different location) > Next.
11. Enter a recovery mode password. NEVER FORGET, or lose this password, you will need it, if you ever need to restore active directory by booting to directory restore mode.
12. Review the settings > Next.
13. Active directory will install, you can tick the box to reboot when finished if that,s OK (It will need a reboot anyway).
14. When completed simply click finish.
15. If you did not select reboot above then you will be asked to do so now.
Related Articles, References, Credits, or External Links