Adprep Command in Active Directory

By | February 8, 2017

Adprep Commandline Tool in Active Directory

Adprep Command is used to extends the AD schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the Windows Server operating systems. Its a command-line tool that is available on the Windows Server 2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder. You must run adprep from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

Adprep is available in a 32-bit version and a 64-bit version. The 64-bit version runs by default. If you need to run Adprep on a 32-bit computer, then run the 32-bit version (Adprep32.exe)

Syntax

adprep {/forestprep | /domainprep | /domainprep /gpprep | /rodcprep | /wssg | /silent }

/forestprep

Prepares a forest for the introduction of a domain controller that runs Windows Server 2008. You run this command only once in the forest. You must run this command on the domain controller that holds the schema operations master role (also known as flexible single master operations or FSMO) for the forest. You must be a member of all the following groups to run this command:

  • The Enterprise Admins group
  • The Schema Admins group
  • The Domain Admins group of the domain that hosts the schema master

/domainprep

Prepares a domain for the introduction of a domain controller that runs Windows Server 2008. You run this command after the forestprep command finishes and after the changes replicate to all the domain controllers in the forest.

Run this command in each domain where you plan to add a domain controller that runs Windows Server 2008. You must run this command on the domain controller that holds the infrastructure operations master role for the domain. You must be a member of the Domain Admins group to run this command.

/domainprep /gpprep

Performs similar updates as domainprep. However, this command also provides updates that are necessary to enable Resultant Set of Policy (RSOP) Planning Mode functionality.

In Active Directory environments that run Microsoft Windows® 2000, this command performs updates during off-peak hours. This minimizes replication traffic that is created in those environments by updates to file system permissions and Active Directory permissions on existing Group Policy objects (GPOs). This command is also available on Microsoft Windows Server 2003 with Service Pack 1 (SP1) or later.

Run this command after the forestprep command finishes and after the changes replicate to all domain controllers in the forest. You must run this command on the infrastructure master for the domain.

/rodcprep

Updates permissions on application directory partitions to enable replication of the partitions to read-only domain controllers (RODCs). This operation runs remotely; it contacts the infrastructure master in each domain to update the permissions. You need to run this command only once in the forest. However, you can rerun this command any time if it fails to complete successfully because an infrastructure master is not available. You can run this command on any computer in the forest. You must be a member of the Enterprise Admins group to run this command.

Notes

  • To prepare an existing Windows 2000 or Windows Server 2003 Active Directory environment for a Windows Server 2008 domain controller, be sure to run the version of Adprep that is included in the Windows Server 2008 installation media.
  • If you run Adprep on a domain controller running Windows 2000 Server, the domain controller must be running Windows 2000 Server Service Pack 4 (SP4) or later.
  • You can also perform verification steps before and after you run the adprep command to help ensure that the operations complete successfully.