Thursday, October 27, 2011

Windows 2003: extending the Schema to R2 for DFS-R

Recently I have been trying to install a DFS Replication Group on two brand new Windows 2008 R2 Enterprise boxes belonging to a pretty old Windows 2003 Active Directory Domain.

Nothing specially tricky in this activity, apart the fact that the AD Schema must be extended before we define a new replication group. This is due to the fact that DFS-R stores its configuration info in the domain partition. The aim of this blog post is to share my quick procedure to do it, in case somebody should face the same situation, as I am sure there are still many Windows 2003 Domains around.

First thing is "Don't panic". The Schema extension is pretty straightforward and it doesn't need you to reboot any of your precious DCs. You can do it without actually upgrading the Operating System on your DCs.

Just keep in mind that some parameters will be added to you Active Directory in order to DFS-R to work. These are, for instance:
  1. msDFSR-DfsPath
  2. msDFSR-ReplicationGroupGuid

If you don't update the Schema, you won't be able to set-up any Replication Group and you will receive the following error when trying to create a Replication Group:

"domain.com: The Active Directory schema on domain controller DC1.domain.com cannot be read. This error might be caused by a schema that has not been extended, or was extended improperly. See Help and Support Center for information about extending the Active Directory schema. A class schema object cannot be found."
DFS-R R2 error when the Schema has not been updated

Furthermore, on your DFS-R Servers you will have the two following event-IDs telling you that something is wrong with your Active Directory configuration:

Event ID:      1202
The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Event ID 1202
Event ID:      6012
The DFS Replication service detected an incompatible Active Directory Domain Services schema version while trying to read configuration objects from server dc1.domain.com. The service disconnected from this server and will try again in the next polling cycle.
Event ID 6012
Now, to upgrade the Schema, we need to use the get the second disk of Windows Server 2003 R2 and load it on the Schema Master. If you don't remember which Domain Controller is the Schema Master, connect to any DC and type the following command:
netdom query FSMO

Here's a sample output indicating the Schema Owner:

Output of the NETDOM command
On the same Domain Controller, in order to verify Active Directory functionality before you apply the Schema extension, execute the following command:
repadmin /replsum /bysrc /bydest /sort:delta 

All domain controllers should show 0 in the Fails column, like in the following screenshot:

Getting Active Directory Replication status
Verify also that the Schema Master has successfully performed inbound replication of the Schema directory partition with the following command:

repadmin /showrepl 

Now that you know which is the Schema Master and that you are sure that replication is performing properly, get on the Schema Master and run the "adprep.exe /forestprep" command from the Windows Server 2003 R2 installation disk 2.

To do this, insert the Windows Server 2003 R2 installation disk 2, move to D:\CMPNENTS\R2\ADPREP\ folder  and then type the following command:

adprep.exe /forestprep 

Press C to confirm that QFE 265089 has been applied and wait a few seconds for the command to finish.

Output of adprep /forestprep
Ok, it's done! Two things to know:

1. When you change the Schema on the Schema master, the changes are automatically propagated to all other domain controllers in the forest. Therefore, it is not necessary to perform this operation on other domain controllers.

2. When you run adprep /forestprep to add the Windows Server 2003 R2 Schema updates, you do not have to upgrade your existing domain controllers to Windows Server 2003 R2; they can continue to run Windows NT® Server 4.0, Windows® 2000 Server, or Windows Server 2003.

The last step is to verify the Schema extension by inspecting the objectVersion property of CN=Schema,CN=Configuration,. To do so use a tool like dsquery:
 

dsquery * CN=Schema,CN=Configuration, -scope base –attr objectVersion
 
Here's the possible values for the Schema version and their translation to OS names:

AD version == objectVersion
Windows Server 2000 === 13
Windows Server 2003 == 30
Windows Server 2003 R2 == 31
Windows Server 2008 == 44
Windows Server 2008 R2 == 47


If you have done everything alright, the objectVersion should be 31 for a Schema updated to Windows 2003 R2.

It is time to RDP onto the DFSR servers and verify that you have an event 1206 telling that the Replication Service has been able to access the configuration information on the Schema Master:

Log Name:      DFS Replication
Source:        DFSR
Event ID:      1206
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Description: The DFS Replication service successfully contacted domain controller
\\dc1.domain.com to access configuration information.

Event ID 1206
At this point, if you want, you can also upgrade the OS of you Domain Controllers to R2. It's very easy. On the same CD2, just run R2AUTO.EXE and follow the instructions. It will take three clicks and five minutes and no reboot will be required.

I hope you liked this article.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...