The commands listed below to upgrade Active Directory Domain Services (ADDS) Forest and Domain’s are taken from our production methods of procedures. This process can be performed by simply running adding a Windows Server 2022 Domain Controller. If ADPrep.exe hasn’t been run it will run automatically. In a production environment we like to have more granular control and verification processes for any Schema modifications.

1.Logon to TMDC01 as Administrator.

2.Open Active Directory Users and Computers, click on the Users Container, right Click on the Administrator Account and click properties.

3. Verify that the account is a member of Domain Admins, Enterprise Admins, and Schema Admins groups.

4. Determine the Flexible Single Master Operations (FSMO) role holders by opening an Administrative Command Prompt and run Netdom Query FSMO.

5. Who are the owners of the FSMO Roles?

All roles are currently being held by TMDC01 which means that the ADPREP operations should be run from TMDC01. Specifically, ADPREP needs to be run directly against the Domain Controller holding the Schema Master Role.

6. Disable Outbound Replication from TCDC01.

We do this step-in production to prevent the Schema Modifications from propagating throughout the enterprise. If something happened, and the Schema Extension got corrupted or failed. We can shut down TMDC01 and manually remove it from Active Directory using NTDSUTIL. Then simply re-add it as a domain controller.

7. From an Administrative Command prompt type repadmin /options TMDC01 +DISABLE_OUTBOUND_REPL.

8. Mount the Windows Server 2022 ISO from Hyper-V Manager to TMDC01 from e:\ISOs.

9. From an Administrative Command Prompt type:

CD \support\adprep

10. Type Adprep.exe /forestprep and press enter
When prompted press C and Enter.

You will see the current Schema version of 47 upgrading to 88.

12. You should see a message at the bottom stating ADPrep successfully updated the forest-wide information

13. Type Adprep.exe /domainprep and press enter.

14. Review c:\windows\debug\adprep\logs. Each run of Adprep is stored in here, the logfile is called adprep.log

15. Enable Outbound Replication by running repadmin /options TMDC01 -DISABLE_OUTBOUND_REPL.

Force replication of all Active Directory Domain Services (ADDS) domain controllers by typing repadmin /syncall /e /d /a
repadmin /syncall /e /d /a /P

Hope you enjoy this post.

Cristal Kawula