Once upon a time, adding a domain controller that was running a newer version of the Windows Server family involved opening command line and schema prepping, and GP prepping etc. Now all this happens in the background when adding a 2019 domain controller and the wizard is doing the heavy lifting for you.
Solution
2008 to 2019 Domain Controller
2008 to 2016 Domain Controller
Obviously the server needs to be a domain member first!
For Server 2019 Forest and Domain Functional levels need to be at ‘Windows Server 2008‘. (The documentation says 2008 R2, but Server 2008 also works flawlessly).
For Server 2016 Forest and Domain Functional levels need to be at ‘Windows Server 2003‘.
Before You Start!
Remember if your ‘retiring’ domain controller is also a DNS/DHCP server you will also need to address that, and make sure you don’t have a service or device that queries the old domain controller directly (Radius Devices, Firewalls, RSA Appliances, Proxy Filters, Security door software, etc).
Procedure: Deploy a 2019 Domain Controller
With a vanilla install Server Manager will open every time you boot, (unless you’ve disabled it!) To open it manually, run ‘servermanager.exe’ > Manage > Add Roles and Features.
I usually tick the ‘Skip this page by default’ option > Next.
Role Based… > Next.
Ensure the local server is selected, (if you are managing another server, you can of course do the role install from here as well, but let’s keep things simple) > Next.
Select Active Directory Domain Services > Next.
Next.
Next.
Ensure ‘Restart’ is selected > Next.
Next.
Promote Windows Server To Domain Controller
Back in Server Manager > In the ‘Notifications’ section, click the warning triangle > ‘Promote This Server To Domain Controller’.
Assuming you already have a domain, and this is not a greenfield Install > Add a domain controller to an existing domain > Next.
Type and confirm a Directory Services Restore Mode Password (DSRM,) make it something you will remember in a crisis, or store it securely somewhere > Next.
This is fine, You see this error because it’s trying to create a delegation for this DNS zone, and there isn’t a Windows server above you in the DNS hierarchy. For example if your domain name is petelnetlive.co.uk > Then I do not have access to create a delegation in the .co domain space. (So you can safely ignore) > Next
If you have a backup of AD you can ‘Install From Media’. This used to be handy on remote sites that had awful bandwidth, as it saved you having to replicate a large Active Directly over a ‘pants’ connection > I’ve not had to do that in a long time > Next.
Unless you want to change the default AD install locations > Next.
Next.
Read any warnings > Install
Go have a coffee, we ticked ‘reboot’ earlier so it will complete, then reboot the server, which will come back up as a domain controller.
You will notice, (if you’re interested,) that your schema version is now 88 (Server 2019), or 87 (Server 2016).
This is considerably less painfull than adding a 2008/2008 R2 domain controller to a 2003 domain was. You dont have to maually prep the schema on the schema master, or run forestprep and domainprep. The wizard does everything for you.
Solution
1. Launch server manager from the taskbar > Select Local Server > Manage > Add Roles and Features.
2. Role Based… > Next.
3. Select local server > Next.
4. Tick ‘Active Directory Domain Service’ > Next.
5. Accept the defaults > Next.
6. Next.
7. Install.
8. Installation may take a while.
9. When finished nothing appears to change, but it does say “Suceeded” > Close.
10. Now the role is on the server you just need to promote it, you can do this by selecting AD DS in the left hand menu > and click ‘More’.
11. ‘Promote the server to a domain controller’
12. By default it will fill in the domain you are already a member of > Next
13. Enter your directory servies restore mode password (DON’T ever lose this password!) > Next.
14. I dont want anyone outside my domain browsing my domain so I don’t care about the delegation error > Next.
15. If you want to reboot as soon at it’s finished tick the box, and (optionally) select a Dc to replicate from > Next.
16. Accept or change the paths as required > Next.
17. Heres a nice touch, now it preps the forest, schema, and domain for you > Next.
18. Next.
19. Install (I’d suggest a reboot when its done).
Related Articles, References, Credits, or External Links
I had to work out how to do this for a client, and as is my modus operandi, I’ll try and save you some of the pain I endured,
Products Used
System Center Configuration Manager 2007 SP2 Windows Server 2008 R2 SQL 2008 R2 (At time of writing neither officially supported or not supported on SCCM)
Note: I was originally going to use SQL 2005 – hence the reason the SQL servers name is SCCM-SQL2005, however I bit the bullet and used SQL 2008 R2 instead.
Solution
Step 1: SCCM Domain pre install work.
1. Create two groups in Active Directory.
a. sccm administrator group SCCM-ADMIN b. sql administrator group SQL-ADMIN
2. Add both groups to the Domain Admin’s group.
3. Create two new users: sccmadmin and sqladmin.
4. Add sccmadmin to SCCM-ADMIN group and add sqladmin to SQL-ADMIN group.
c. Windows Authentication. d. IIS6 Metabase compatibility. e. IIS6 WMI compatibility.
3. Add the following “server Features”:
a. Background Intelligent Transfer Service. b. Remote Differential Compression.
4. If you are NOT running Windows Server 2008 R2 Download and install WebDav (already included in Windows Server 2008 R2). If you are running R2 skip to the next step.
5. Server Manager > Roles > Web Server (IIS) > Add Role Services > WebDAV Publishing > Next > Close.
6. To enable WebDav > Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Default Web Site > WebDav Authoring Rules.
7. Select Enable WebDav (On the right hand side).
8. Select add authoring Rule > All Content > All Users > Permissions > Read > OK.
9. Select the rule you have just created > WebDav Settings.
10. Change “Allow Anonymous Properties Queries” to True > Change “Allow Custom Properties” to False > Change “Allow Property Query with Infinite Depth” to True > Change “Allow hidden files to be listed” to True > Apply.
12. From the WSUS installation choose “Full server installation” > DO NOT accept the default “Use the existing IIS Default Web site” > Use “”Create a Windows Server Update Services 3.0 SP2 Web site” (Note: this will use port TCP 8530 by default).
Step 3: SCCM Install SQL Server.
1. From the SQL install media run setup.exe > Installation > “New Installation or add features to an existing Installation” > OK.
2. Enter product Key if applicable > Next > “I accept…” > Next > Install > Next > Next.
5. On the Server configuration Page > Select “Use the same account for all SQL Server services > Select the User you created originally (sqladmin) > Set the SQL Server Agent and SQL Server Database Engine Startup type to “Automatic” > Next.
6. Accept “Windows Authentication” > Add in your SCCM-ADMIN group and SQL-ADMIN group > Next > Next > Next > Install.
7. When it’s completed click close.
Step 4: Prepare Active Directory for SCCM
1. Extend the schema > From the install media > SMSSETUP > BIN > 1386 > extadsch.exe
2. Check the above was successful by opening the c:extADsch.txt file it should say “”successfully extended the Active Directory Schema”.
3. We now need to create some active directory objects go to a domain controller > Start > Administrative tools > ADSI Edit > Action > connect to > leave everything on its defaults > OK.
4. Expand the Default naming context > Expand your domain name > Right click “system” > New > Object > Container > Next.
5. Call it “System Management” > Next > Finish > Close ADSI Edit.
6. Still on the domain controller > Start > dsa.msc {enter} > View > Advanced.
7. Expand “system” > Locate the container you created “System Management” > right click it and select properties > Security Tab > Add > Object Types > Tick Computers > OK.
8. Click Advanced > Find Now > Locate and add the SCCM-ADMIN group you created earlier > Also add the SCCM Server itself > OK.
9. Grant allow “Full Control” to both the SCCM admin group and the SCCMserver.
10. Now click advanced > Select the SCCM-ADMIN group > Edit.
11. Change the “Apply to” section from “This object only” to “This object and all descendant objects” > OK > Apply > OK.
12. Repeat the above for the SCCM-Server object.
Step 5: Install SCCM
1. Log on as the sccadmin user.
2. From within the SCCM setup media run splash.hta > Run the Pre requisite checker > Enter the SQL Server name > SCCM server name and the FQDN of the SCCM server > OK.
3. Note If you cannot talk to the SQL server then check that the Windows firewall is not blocking you (on the SQL server Start > run > firewall.cpl > Turn it off).
4. All being well it should say “All required pre requisite tests have completed successfully” > OK.
5. Re-run Splash.hta > This time choose > Install configuration Manager 2007 SP2 > Next > “Install Configuration Manager site Server > Next.
6. Tick “I accept these License terms > Next > Custom Install > Next > Primary Site > Next > Next > enter unlock code is applicable > Next > Accept/change the install directory > Next > Enter a Site code and friendly name > Next.
DO NOT ever try and change this code and don’t forget it!!
7. Change the Site mode to “Configuration Manager Mixed Mode” (Native mode requires certificate services and considerably more work). > Next.
8. Accept the defaults (everything except NAP) > Next.
9. Enter your SQL server name > Next > Next > Next > Next > Next.
10. Select a location to install the updates to > Next.
11. Updates will download this may take some time > when finished it should say it was successful > OK > Next.
12. It will run the pre requisite check again > when finished click begin install.
13. When finished click Next > Finish.
14.Now you need to send out the clients and configure SCCM, I’ll cover that in a later article.
Related Articles, References, Credits, or External Links
At the time of writing (14/02/13), the answer is NO, for full coexistence with Exchange 2013 you need to have Exchange 2013 CU1 (Cumulative Update), which at this time is unreleased (Expected Q1 of 2013 – so we are not far away).
Note: CU2 is now released.
Solution
So What do I get with Exchange 2010 SP3?
1. You can install Exchange 2010 on Windows Server 2012, (though you can’t in-place upgrade the OS of an existing Windows 2008 R2 server to 2012).
2. Full support for Internet Explorer 10.
3. All fixes from previous update roll-ups, (including MS13-012).
You will need to perform an AD schema update to install SP3.
Related Articles, References, Credits, or External Links
Seen when running “adprep /forestprep” to raise the domain schema to Windows Server 2003.
Error:
Adprep was unable to extend the schema.
[Status/Consequence]
There is a schema conflict with Exchange 2000. The schema is not upgraded.
[User Action]
The schema conflict must be resolved before running adprep. Resolve the schema
conflict, allow the change to replicate between all replication partners, and the
n run Adprep. For information on resolving the conflict, see Microsoft Knowledge
Base article Q325379.
Solution
1. Open notepad.
2. Copy in the following text (up to and including the hyphen at the end, and with no extra spaces) into notepad,
Error: Add error on line 1: Unwilling To Perform The server side error is “Schema update is not allowed on this DC. Either the registry key is not set or the DC is not the schema FSMO Role Owner.” 0 entries modified successfully. An error has occurred in the program
If you do see this error click here, If not then you should see it say “The command completed successfully.”
Related Articles, References, Credits, or External Links