Your best source of information and news about software, drivers and xp on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Extending you AD schema for Vista and Windows 2008


We have talked about enabling BitLocker Active Directory integration in a previous post now we will take a look at prepping your domain to implement this integration.  To take advantage of the several of the more compelling feature such as RODCs and Windows 2008 domain controllers we first need to extend the AD schema in our current environment. These additions also allow you to add take advantage of feature in Windows Vista such as group policy client side extensions, and storing BitLocker keys in Active Directory.

WARNING: Extending the Active Directory Schema makes permanent irreversible changes to Active Directory. Make sure that you have made proper backups, and tested the update steps in a test environment before proceeding to apply these changes in a live environment.

The schema updates are located on the Windows Vista and Windows Server 2008 DVDs. They are located in the:

[DVD-DRIVE]\sources\adprep folder.

The first schema updates need to be applied to the Active Directory Forest. In order to apply them you need to run the adprep application from the domain controller that holds the schema role master. To run the forest schema updates use the following command:

adprep /forestprep

You will be asked to confirm that all domain controllers have been upgraded to at least Windows 2000 Server with SP4. Once confirmed the ldf files will be applied to the forest schema.

After Adprep has completed the schema updates:

Once the forest updates have been updates, the next step is to run the adprep for each domain in the forest. This should be run on the domain controller that holds the Infrastructure operations master role. The command to run is:

adprep /domainprep

Finally if you plan on taking advantage of RSOP planning mode you will need to run adprep /domainprep /gpprep to fix the permissions for GPO objects in the domain. Again this should be run from the Infrastructure Master.

That's it! Now your environment is ready for Windows Server 2008 domain controllers, Bitlocker, Client Side Extensions and more!

Popularity: 1%


Written by daniel.nerenberg. Read more great feeds at is source WEBSITE
no comments.
Read more articles on dan.nerenberg and Directory Services and otherSoftware and windows server and Security.

Related articles

No comments

There are still no comments on this article.

Leave your comment...

If you want to leave your comment on this article, simply fill out the next form:




You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong> .