Windows Server 2008 Adprep Download Chrome
Feb 05, 2013 must be online and reachable from the server where you run Adprep. Although it runs automatically during AD DS installation, you can also run Adprep.exe separately in advance of an AD DS installation, as with previous releases of Windows Server and Active Directory. Adprep must be run on a 64-bit server that runs Windows Server 2008 or later.
-->Applies To: Windows Server 2003, Windows Server 2008, Windows Server 2003 R2, Windows Server 2012, Windows Server 2003 with SP1, Windows 8
Extends the Active Directory® schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the Windows Server® 2008 operating system.
Adprep.exe is a command-line tool that is available on the Windows Server 2008 installation disc in the sourcesadprep folder, and it is available on the Windows Server 2008 R2 installation disk in the supportadprep folder. You must run adprep from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
In Windows Server 2008 R2, Adprep is available in a 32-bit version and a 64-bit version. The 64-bit version runs by default. If you need to run Adprep on a 32-bit computer, run the 32-bit version (Adprep32.exe).
For more information about running Adprep.exe and how to resolve errors that can occur when you run it, see Running Adprep.exe ( HYPERLINK 'http://go.microsoft.com/fwlink/?LinkID=142597' http://go.microsoft.com/fwlink/?LinkID=142597).
For examples of how this command can be used, see Examples.
For more information about running adprep /forestprep, see Prepare a Windows 2000 or Windows Server 2003 Forest Schema for a Domain Controller That Runs Windows Server 2008 or Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkID=93242).
For more information about running adprep /domainprep /gpprep, see Prepare a Windows 2000 or Windows Server 2003 Domain for a Domain Controller That Runs Windows Server 2008 or Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkID=93243).
For more information about running adprep /rodcprep, see Prepare a Forest for a Read-Only Domain Controller (http://go.microsoft.com/fwlink/?LinkID=93244).
Syntax
Parameters
Parameter | Description |
|---|---|
/forestprep | Prepares a forest for the introduction of a domain controller that runs Windows Server 2008. You run this command only once in the forest. You must run this command on the domain controller that holds the schema operations master role (also known as flexible single master operations or FSMO) for the forest. You must be a member of all the following groups to run this command:
|
/domainprep | Prepares a domain for the introduction of a domain controller that runs Windows Server 2008. You run this command after the forestprep command finishes and after the changes replicate to all the domain controllers in the forest. Run this command in each domain where you plan to add a domain controller that runs Windows Server 2008. You must run this command on the domain controller that holds the infrastructure operations master role for the domain. You must be a member of the Domain Admins group to run this command. |
/domainprep /gpprep | Performs similar updates as domainprep. However, this command also provides updates that are necessary to enable Resultant Set of Policy (RSOP) Planning Mode functionality. In Active Directory environments that run Microsoft Windows® 2000, this command performs updates during off-peak hours. This minimizes replication traffic that is created in those environments by updates to file system permissions and Active Directory permissions on existing Group Policy objects (GPOs). This command is also available on Microsoft Windows Server 2003 with Service Pack 1 (SP1) or later. Run this command after the forestprep command finishes and after the changes replicate to all domain controllers in the forest. You must run this command on the infrastructure master for the domain. For more information about running this command in Windows 2000 Active Directory environments, see Prepare Your Infrastructure for Upgrade (http://go.microsoft.com/fwlink/?LinkId=94798). |
/rodcprep | Updates permissions on application directory partitions to enable replication of the partitions to read-only domain controllers (RODCs). This operation runs remotely; it contacts the infrastructure master in each domain to update the permissions. You need to run this command only once in the forest. However, you can rerun this command any time if it fails to complete successfully because an infrastructure master is not available. You can run this command on any computer in the forest. You must be a member of the Enterprise Admins group to run this command. |
/wssg | Returns an expanded set of exit codes, instead of just 0 (Success) and 1 (Failure). |
/silent | Specifies that no standard output is returned from an operation. This parameter can be used only if /wssg is also used. |
quit | Returns to the prior menu. |
Help | Displays Help for this command. |
? | Displays Help for this command. |
Remarks
To prepare an existing Windows 2000 or Windows Server 2003 Active Directory environment for a Windows Server 2008 domain controller, be sure to run the version of Adprep that is included in the Windows Server 2008 installation media.
If you run Adprep on a domain controller running Windows 2000 Server, the domain controller must be running Windows 2000 Server Service Pack 4 (SP4) or later.
You can also perform verification steps before and after you run the adprep command to help ensure that the operations complete successfully. For more information, see Steps for Extending the Schema (http://go.microsoft.com/fwlink/?LinkId=94799).
Exit Codes
The following table lists exit codes that Adprep can return after an operation completes.
Return Code | Description |
|---|---|
0 | Success |
1 | Failure |
2 | Schema conflict error |
3 | FSMO role error |
4 | Connection error |
5 | Schema upgrade error |
6 | Unable to modify error |
7 | Server busy error |
8 | Permission error |
9 | Unable to initialize log file error |
10 | Not a domain controller |
11 | In nonnative mode |
12 | Need to run forest update first |
13 1.18 TTMenu kernel for DSTT/DSTTi. For installation unzip the download, copy the complete contents, 'TTMENU', 'TTMENU.DAT' and 'TTMENU.SYS' to the 'root' of your Micro SD. 1.18 TTMenu kernel for DSTT/DSTTi. For installation unzip the download, copy the complete contents, 'TTMENU', 'TTMENU.DAT' and 'TTMENU.SYS' to the 'root' of your Micro SDBackup units are now being manufactured and distributed in the markets as solutions to loss of game data and accidental errors that disrupt games being played with portable players like the Nintendo DS. . | Forest update already done |
14 | Domain update already done |
15 | GPO update already done |
16 | Forest update wait replication |
Examples
The following example prepares a forest for a domain controller that runs Windows Server 2008:
The following example prepares a domain for a domain controller that runs Windows Server 2008:
The following example prepares a domain for an RODC:
Additional references
Fix: The trust relationship between this workstation and the primary domain failed
| This guide is using the PowerShell or NETDOM tool and does not require rejoining the domain |
Have you seen this? ‘The trust relationship between this workstation and the primary domain failed’
Or this? ‘The security database on the server does not have a computer account for this workstation trust relationship.’ Same issue, different symptom.
I have on multiple occasions beeing a heavy Hyper-V user for my labs…
There are apparently a number of reasons why this happens, but the main reason seems to be lost connection between the ‘client/server’ and the Domain controllers. If the scheduled password change occurs while the server or client is unavailable or has been shut down, then the passwords stored in the server/client and the domain controllers for the computer account mismatch, and you will end up getting this error when trying to logon to the server. It can also appear differently, like if all service accounts stop functioning with events logged as a result, or similar that happens when the server is still running and you have been able to logon or simply never logged off.
The real question…How do we fix it? There are a number of TechNet forum threads on this(added one below as references) and many blog posts allready written, but since I’m always having difficulty finding them myself when I need them, I’ll make my own. Please feel free to borrow this knowledge and reblog/repost it yourself :-) (The guide however, is my own creation…)
The easiest or at least the quickest solution, is to have the server leave the doamin by adding it to a workgroup, then joining it back to the domain again. But, this can sometimes be a bit risky, you may have lots of service account running as domain users and so on, you don’t feel like uncoupling the server from the domain at all, then do this instead.
| This guide is taking for granted that you prior to following these steps, have restored network connectivity between the server/client and the domain controllers, else this will fail. Resetting the computer password can not be done offline. |
–
| The following steps are performed on a Windows Server 2008 R2 machine, but the same steps apply to Windows Server 2012 |
Ok, I’ll do as I’m used to and describe what to do in a step by step guide, like this:
You log on to your server like you are used to, using your personal domain account:
You type the password and hit enter, then, BAM! This, instead of the normal logon procedure…what a start on a monday morning…
No good…if you don’t like to meddle with server affairs and are the kind of person who likes to stick to your apps once logged into the server, copy the link to this blogpost and send it to someone who can fix it…else, keep reading.
Press OK and then Switch user.
Then use the local server administrator account to logon to the server.
In my case it is one of my SQL boxes, so I type the Servername, Backslash, Local Admin and hit Enter.
| The Username can just as well be in the form: ‘.administrator’, with the single dot replacing the servername |
PowerShell Method
New Method, steps performed on Windows Server 2012 but are valid on Win7, Win8x, WS2008 and WS2012R2
Once logged in, you will want to start a PowerShell prompt or PowerShell ISE with administrative privilieges, ‘as administrator’.
Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a PowerShell CMDlet called Reset-ComputerMachinePassword. Type in the following command:
Reset-ComputerMachinePassword -Server <Name of any domain controller> -Credential <domain admin account>
In my environment it looks like this:
Hit Enter, you will then be prompted for the Domain Administrator accounts password
Type in the password and hit OK. It will take between 2 to 10 seconds to complete Yoy will then, if everything works, see this:
Yup, nothing overwelming like ‘Succeeded’ or OK…just the released prompt. It is a success though :-)
Now, we have to do one more thing before order is restored completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.
Use PowerShell…
Or the GUI if you prefer
After the server has rebooted, you are good to go, logon using your regular personal domain account.
Done!
NETDOM Method
Old method, performed on Windows Server 2008R2, but are valid also on WS2012 and WS2012R2, not however on Win7 or Win8X
Once logged in, you will want to start a PowerShell prompt or a Command prompt with administrative privilieges, ‘as administrator’.
Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a commande called NETDOM.
Type in the following command:
NETDOM RESETPWD /Server:<name of any domain controller> /UserD:<domain admin account> /PasswordD:<password>
(Yes, the trailing D’s are supposed to be there, don’t ask me why…)
In my prompt it looks a bit like this:
| Important! Unlike in this Picture, the domain administrators password will be visible in cleartext, so be careful and close the prompt after you are done! If you change the password part to be /PasswordD:* It will prompt you to enter your password, and it will not be shown in the CMD box. (Thanks to Jason Hanson for the tip, and Gerrard Singleton) |
Hit Enter and if everything works, you should see this:
Now, we have to do one more thing before order is restored completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.
After the server has rebooted, you are good to go, logon using your regular personal domain account.
Done!
If this did not work out for you, perhaps any of these reference links can be of use for you with additional steps and alternate solutions?
Good luck!
References
NETDOM
http://technet.microsoft.com/en-us/library/cc772217(v=ws.10).aspx
Netdom Overview
http://technet.microsoft.com/sv-se/library/cc737599(v=ws.10).aspx
How to use Netdom.exe to reset machine account passwords of a Windows Server domain controller
http://support.microsoft.com/kb/325850
Reset-ComputerMachinePassword
http://technet.microsoft.com/en-us/library/hh849751.aspx
Don’t rejoin to fix
http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx
TechNet Forum: The trust relationship between this workstation and the primary domain failed – Windows 7 Enterprise joining 2008 Domain, Error 5722
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/8155d5ea-a5c2-4306-8d2b-be3464234460/
TechNet Wiki: Trust Relationship between Workstation and Primary Domain failed
http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationship-between-workstation-and-primary-domain-failed.aspx
http://blog.blksthl.com/2013/03/18/fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/