Purpose & Objective
This guide explains the process for upgrading Active Directory domains to Windows Server 2008 and Windows Server 2008 R2, how to upgrade the operating system of domain controllers, and how to add domain controllers that run Windows Server 2008 or Windows Server 2008 R2 to an existing domain.
1 Introduction
Upgrading your network operating system requires minimal network configuration and typically has a low impact on user operations. The upgrade process is straightforward, efficient, and allows organization to take advantage of the improved security that is offered by the Windows Server® 2008 and Windows Server 2008 R2 operating systems.
This guide is intended for use by system administrators and system engineers. It provides detailed guidance for upgrading Windows Server 2003 Active Directory domains to Active Directory Domain Services (AD DS) domains that have domain controllers running Windows Server 2008 or Windows Server 2008 R2. For a seamless deployment experience, use the checklists that are provided in this guide and complete the tasks in the order in which they are presented.
Purpose & Objective
This guide explains the process for upgrading Active Directory domains to Windows Server 2008 and Windows Server 2008 R2, how to upgrade the operating system of domain controllers, and how to add domain controllers that run Windows Server 2008 or Windows Server 2008 R2 to an existing domain.
1 Introduction
Upgrading your network operating system requires minimal network configuration and typically has a low impact on user operations. The upgrade process is straightforward, efficient, and allows organization to take advantage of the improved security that is offered by the Windows Server® 2008 and Windows Server 2008 R2 operating systems.
This guide is intended for use by system administrators and system engineers. It provides detailed guidance for upgrading Windows Server 2003 Active Directory domains to Active Directory Domain Services (AD DS) domains that have domain controllers running Windows Server 2008 or Windows Server 2008 R2. For a seamless deployment experience, use the checklists that are provided in this guide and complete the tasks in the order in which they are presented.
2 Overview of Upgrading Active Directory Domains
When the domain upgrade process is complete, all domain controllers will be running Windows Server 2008 or Windows Server 2008 R2, and the Active Directory Domain Services (AD DS) domains and forest will be operating at the Windows Server 2008 or Windows Server 2008 R2 functional level. At the Windows Server 2008 R2 forest functional level, you can take advantage of all the advanced AD DS features. For more information about advanced AD DS features for AD DS functional levels, see Enabling Advanced Features for AD DS.
3 Reinstallation information
3.1 System requirements
The following are estimated system requirements for Windows Serverآ 2008. If your computer has less than the minimum requirements, you will not be able to install this product correctly. Actual requirements will vary based on your system configuration and the applications and features you install.
3.1.1 Processor
Processor performance depends not only on the clock frequency of the processor, but also on the number of processor cores and the size of the processor cache. The following are the processor requirements for this product:
- Minimum: 1 GHz (for x86 processors) or 1.4آ GHz (for x64 processors)
- Recommended: 2 GHz or faster
3.1.2 RAM
The following are the RAM requirements for this product:
- Minimum: 512 MB
- Recommended: 2 GB or more
- Maximum (32-bit systems): 4 GB (for Windows Serverآ 2008 Standard) or 64آ GB (for Windows Serverآ 2008 Enterprise or Windows Serverآ 2008 Datacenter)
- Maximum (64-bit systems): 32 GB (for Windows Serverآ 2008 Standard) or 2آ TB (for Windows Serverآ 2008 Enterprise, Windows Serverآ 2008 Datacenter, or Windows Serverآ 2008 for Itanium-Based Systems)
3.1.3 Disk space requirements
The following are the approximate disk space requirements for the system partition. Itanium-based and x64-based operating systems will vary from these estimates. Additional disk space may be required if you install the system over a network. For more information, see
- Minimum: 10 GB
- Recommended: 40 GB or more
- DVD-ROM drive
- Super VGA (800 x 600) or higher-resolution monitor
- Keyboard and Microsoftآ® mouse (or other compatible pointing device)
4 Planning to Upgrade Active Directory Domains
To plan the upgrade of your Active Directory domains, complete the tasks in Checklist: Preupgrade Tasks.
5 Checklist: Preupgrade Tasks
Complete the tasks in this checklist in the order in which they are presented. If a reference link takes you to a conceptual topic, return to this checklist after you review the conceptual topic so that you can proceed with the remaining tasks.
Checklist: Preupgrade Tasks
Task | Reference | |
Assign appropriate credentials to the users who are responsible for preparing the forest and domain for an Active Directory upgrade. | Assign Appropriate Credentials | |
Introduce a newly installed member server into the forest. | Introduce a Member Server That Runs Windows Server 2008 or Windows Server 2008 R2 | |
Review and document the existing hardware configuration of each domain controller that you plan to upgrade. | Assess Hardware Requirements | |
Determine the order in which you will upgrade your domain controllers before you begin the domain upgrade process. | Determine Domain Controller Upgrade Order | |
Develop a test plan for your domain upgrade process. | Develop a Test Plan for Your Domain Upgrade Process | |
Back up your Windows Windows Server 2003 domain data before you begin the upgrade. | Back Up Domain Data |
6 Assign Appropriate Credentials
Assign appropriate credentials to the users who are responsible for preparing the forest and domain for an Active Directory upgrade. The adprep /forestprep command requires a user account that is a member of the Schema Admins, Enterprise Admins, and Domain Admins groups. The adprep /domainprep command requires a user account that is a member of the Domain Admins group in the targeted domain. The adprep /rodcprep command requires a user account that is a member of the Enterprise Admins group.
In addition, the security context can affect the ability of an administrator to complete the upgrade of domain controllers. Members of the Builtin\Administrators group can upgrade the operating system and install software on a computer. The following groups are members of the Builtin\Administrators group by default:
The Enterprise Admins group is a member of Builtin\Administrators in the forest root domain and in each regional domain in the forest.
The Domain Admins group is a member of Builtin\Administrators in their domain.
The Domain Admins group is a member of Builtin\Administrators on member servers in their domain.
The following table shows the credentials that are required to upgrade servers, depending on the domain membership of the servers.
Credential | Domain controller in forest root domain | Member server in forest root domain | Domain controller in regional domain | Member server in regional domain |
Enterprise Admins in forest root domain | ||||
Domain Admins in forest root domain | ||||
Builtin\Administrators in forest root domain | ||||
Domain Admins in regional domain | ||||
Builtin\Administrators in regional domain |
7 To install Windows Server 2008 or Windows Server 2008 R2
1. Insert the operating system DVD into the DVD drive, and then select the option to install the operating system.As an alternative, you can use an unattended installation method.2. Use the NTFS file system to format the partitions.Enter the computer name, static IP address, and subnet mask that are specified by your design. Enter a strong administrator password.3. Enable Remote Desktop to enable administrators to log on remotely, if necessary.To enable Remote Desktop, in Server Manager, click Configure Remote Desktop, and then click Allow connections from computers running any version of Remote Desktop (less secure) or Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure). |
8 Develop a Test Plan for Your Domain Upgrade Process
It is important to develop a plan for testing your domain upgrade procedures throughout the upgrade process. Before you begin, test your existing domain controllers to ensure that they are functioning properly. Continue to test your domain controllers throughout the process to verify that Active Directory Domain Services (AD DS) replication is consistent and successful.The following table lists the tools and log files to use in your test plan
Tool/log file | Description | Location |
Repadmin.exe | Checks replication consistency and monitors both inbound and outbound replication partners. Displays replication status of inbound replication partners and directory partitions. | %systemroot%\Windows\System32Note This tool is added to the server as part of the AD DS installation. |
Dcdiag.exe | Diagnoses the state of domain controllers in a forest or enterprise, tests for successful Active Directory connectivity and functionality, and returns the results as passed or failed. | %systemroot%\Windows\System32Note This tool is added to the server as part of the AD DS installation. |
Nltest.exe | Queries and checks the status of trusts and can forcibly shut down domain controllers. Provides domain controller location capabilities. | %systemroot%\Windows\System32Note This tool is added to the server as part of the AD DS installation. |
Dnscmd.exe | Provides the properties of Domain Name System (DNS) servers, zones, and resource records. | %systemroot%\Windows\System32Note This tool is added to the server as part of the AD DS installation. |
Adprep.log | Provides a detailed progress report of the forest and domain preparation process. | %SystemRoot%\Windows\Debug\ADPrep\Logs |
Dcpromoui.log and Dcpromo.log | Provides a detailed progress report of the Active Directory installation. Includes information regarding replication and services in addition to applicable error messages. | %systemroot%\Windows\debugNote These logs are added to the server as part of the AD DS installation. |
Adsiedit.exe | A Microsoft Management Console (MMC) snap-in that acts as a low-level editor for AD DS and allows you to view, add, delete, and move objects and attributes within the directory. | %systemroot%\Windows\System32Note This tool is added to the server as part of the AD DS installation. |
9 Performing the Upgrade of Active Directory Domains
To upgrade your Active Directory domains, complete the tasks in Checklist: Upgrade Tasks.
10 Checklist: Upgrade Tasks
Complete the tasks in this checklist in the order in which they are presented. If a reference link takes you to a conceptual topic, return to this checklist after you review the conceptual topic so that you can proceed with the remaining tasks.
Checklist: Upgrade Tasks
Task | Reference | |
Prepare your Active Directory infrastructure for upgrade. | Prepare Your Infrastructure for Upgrade | |
Install Active Directory Domain Services (AD DS) on a member server that runs Windows Server 2008 or Windows Server 2008 R2 in the forest root domain. | Install Active Directory Domain Services on the Member Server That Runs Windows Server 2008 or Windows Server 2008 R2 | |
Upgrade existing domain controllers. | Upgrade Existing Domain Controllers | |
Modify default security policies as needed. | Modify Default Security Policies |
11 Prepare Your Infrastructure for Upgrade
Preparing your Active Directory infrastructure for upgrade includes the following tasks:
prepare the forest schema by running adprep /foretsprep.
Prepare each domain where you want to install a domain controller that runs Windows Server 2008 or Windows Server 2008 R2 by running adprep /domainprep /gpprep.
Prepare the forest for read-only domain controllers (RODCs), if you plan to install them, by running adprep /rodcprep.
11.1 32 Bit windows 2003 preparation
11.1.1 Preparation
Schema owner olddc.Domain .com adprep32 /forestprep
Domain role owner olddc.Domain .com
PDC role olddc.Domain .com
RID pool manager olddc.Domain .com adprep32 /domainprep /gpprep
You need to run the following commands on the following servers in your Active Directory environment:
Command | Domain Controller |
adprep.exe /forestprep | Schema Master |
adprep.exe /domainprep | Infrastructure Master |
adprep.exe /domainprep /gpprep | Infrastructure Master |
adprep.exe /rodcprep * | Domain Naming Master |
The first Windows Server 2008 Domain Controller in the forest must be a Global catalog server, and it cannot be a Read Only Domain Controller, RODC.
11.2 To prepare the infrastructure
In order to run ADPREP
1- Insert the DVD media of Windows Server 2008 into the DVD drive of the appropriate Windows 2000/2003 DC, which, as noted above, should be the Schema Master of a forest.
2- Check the FSMO roles assignments. When you prepare the existing AD, you should run adprep /forestprep on the Schema operations master and adprep /domainprep on the infrastructure master.
Run adprep32
- · First run adprep32 /forestprep
Next, go to the Infrastructure Master of each domain that you wish to upgrade and insert the DVD media of Windows Server 2008 into the DVD drive. Repeat the instructions to open the Command Prompt window, and type:
Before you can run ADPREP /domainprep, you must be sure that the updates from /forestprep have replicated to all domain controllers in the forest.
You can view detailed output of the ADPREP command by looking at the log files in the %Systemroot%’system32’debug’adprep’logs directory. Each time ADPREP is executed, a new log file is generated that contains the actions taken during that particular invocation. The log files are named based on the time and date ADPREP was run.
- · Then run adprep32 / domainprep /gpprep
NOTE:
Once you’ve run both /forestprep and /domainprep and allowed time for the changes to replicate to all domain controllers, you can then start upgrading your domain controllers to Windows Server 2008 or installing new Windows Server 2008 domain controllers. For installing RODC in the future also run Adprep/rodcprep
Note: before running this command you must be member of enterprise admin group, schema admin group and domain admins group
Open the local path which contains the Adprep folder
Open your C:\Windows\Debug\Adprep\Logs folder
There will be a separate file each time that you run ADPREP.
12 Check if the adprep has success or not
Run adsiedit.msc
12.1 Forest Upgrade
adprep /forestprep
- A new container CN=ForestUpdates,CN=Configuration,DC= forest root domain is created on the schema master.
- A new container CN=Operations,CN=ForestUpdates,CN=Configuration,DC=forest root domain is created on the schema master.
- For each operation that is performed by the adprep /forestprep command, a unique alpha-numeric string (or GUID) is written under the CN=Operations,CN=ForestUpdates,CN=Configuration,DC=forest root domain container. Each operational GUID identifies the operation.
- If all 36 operations are successfully added, the CN=Windows2003Update,CN=ForestUpdates,CN=Configuration,DC=forest root domain object will be created and its revision attribute (CN=Revision in the schema, syntax Integer) set to 9.
12.2 Domain Upgrade
adprep /domainprep
- A new container CN=Windows2003Update,CN=DomainUpdates,CN=System,DC=DomainName is created on the infrastructure master.
- A new container CN=Operations,CN=DomainUpdates,CN=System,DC=DomainName is created on the infrastructure master.
- For each operation that is performed by the adprep /domainprep command, a unique alpha-numeric string (or GUID) is written under the CN=Operations,CN=DomainUpdates,CN=System,DC=DomainName container. Each operational GUID identifies the operation.
- If all the operations in the following list succeed, the CN=Windows2003Update object overall task will be stamped as completed successfully by setting the revision attribute (CN=Revision in the schema, syntax Integer) to 8.
13 Install Active Directory
Install Active Directory Domain Services (AD DS) on a member server that runs Windows Server 2008 or Windows Server 2008 R2 by using the Active Directory Domain Services Installation Wizard (Dcpromo.exe). The member server should be located in the forest root domain. After you install AD DS successfully, the member server will become a domain controller. You can install AD DS on any member server that meets the domain controller hardware requirements
To install AD DS on a member server by using the Windows interface |
1. Click Start, and then click Server Manager.2. In Roles Summary, click Add Roles.3. If necessary, review the information on the Before You Begin page, and then click Next.4. On the Select Server Roles page, select the Active Directory Domain Services check box, and then click Next.5. If necessary, review the information on the Active Directory Domain Services page, and then click Next.6. On the Confirm Installation Selections page, click Install.7. On the Installation Results page, click Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).
8. On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next. If you want to install from media, identify the source domain controller for AD DS replication, or specify the Password Replication Policy (PRP) for an RODC as part of the installation of the additional domain controller, click Use advanced mode installation. 9. On the Operating System Compatibility page, review the warning about the default security settings for Windows Server 2008 domain controllers, and then click Next. 10. On the Choose a Deployment Configuration page, click Existing forest, click Add a domain controller to an existing domain, and then click Next. 11. On the Network Credentials page, type the name of any existing domain (DOMAIN .COM) in the forest where you plan to install the additional domain controller. Under Specify the account credentials to use to perform the installation, click My current logged on credentials ( must be Enterprise Amdin) or click Alternate credentials, and then click Set. In the Windows Security dialog box, provide the user name and password for an account that can install the additional domain controller. To install an additional domain controller, you must be a member of the Enterprise Admins group or the Domain Admins group. When you are finished providing credentials, click Next. 12. On the Select a Domain (Domain .com) page, select the domain of the new domain controller, and then click Next. 13. On the Select a Site (Default-firs-site) page, select a site from the list or select the option to install the domain controller in the site that corresponds to its IP address, and then click Next. 14. On the Additional Domain Controller Options page, make the following selections, and then click Next: DNS server: This option is selected by default so that your domain controller can function as a DNS server. If you do not want the domain controller to be a DNS server, clear this option. 15. Clear the DNS check BOX
Important
After configuring the DNS and after making sure it is successfully installed Please change the following Go to the DNS mgmt console Right click the Domain .com Zone 1- Primary then name servers then add servername 2- And remove servername
3- Then change the primary server to point to servername 4- And change the response person to be admin@Domain .com
Note If you select the option to install DNS server, you might receive a message that indicates that a DNS delegation for the DNS server could not be created and that you should manually create a DNS delegation to the DNS server to ensure reliable name resolution. If you are installing an additional domain controller in either the forest root domain or a tree root domain, you do not have to create the DNS delegation. In this case, click Yes and disregard the message. Global Catalog: This option is selected by default. It adds the global catalog, read-only directory partitions to the domain controller, and it enables global catalog search functionality. Read-only domain controller. This option is not selected by default. It makes the additional domain controller read only. 15. If you selected Use advanced mode installation on the Welcome page, the Install from Media page appears. You can provide the location of installation media to be used to create the domain controller and configure AD DS, or you can have all the replication done over the network. Note that some data will be replicated over the network even if you install from media. For information about using this method to install the domain controller, see Installing AD DS From Media. 16. If you selected Use advanced mode installation on the Welcome page, the Source Domain Controller page appears. Click Let the wizard choose an appropriate domain controller or click Use this specific domain controller to specify a domain controller that you want to provide as a source for replication to create the new domain controller, and then click Next. If you do not choose to install from media, all data will be replicated from this source domain controller. 17. On the Location for Database, Log Files, and SYSVOL page, type or browse to the volume and folder locations for the database file, the directory service log files, and the system volume (SYSVOL) files, and then click Next. Windows Server Backup backs up the directory service by volume. For backup and recovery efficiency, store these files on separate volumes that do not contain applications or other no directory files. 18. On the Directory Services Restore Mode Administrator Password page, type and confirm the restore mode password, and then click Next. This password must be used to start AD DS in Directory Service Restore Mode (DSRM) for tasks that must be performed offline. 19. On the Summary page, review your selections. Click Back to change any selections, if necessary. To save the settings that you have selected to an answer file that you can use to automate subsequent Active Directory operations, click Export settings. Type the name for your answer file, and then click Save. When you are sure that your selections are accurate, click Next to install AD DS. 20. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish. 21. You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS installation when you are prompted to do so. |
14 Modify Default Security Policies
To increase security, domain controllers that run Windows Server 2008 and Windows Server 2008 R2 require (by default) that all client computers attempting to authenticate to them perform Server Message Block (SMB) packet signing and secure channel signing. If your production environment includes client computers that run platforms that do not support SMB packet signing (for example, Microsoft Windows NT® 4.0 with Service Pack 2 (SP2)) or if it includes client computers that run platforms that do not support secure channel signing (for example, Windows NT 4.0 with Service Pack 3 (SP3)), you might have to modify default security policies to ensure that client computers running older versions of the Windows operating system or non-Microsoft operating systems will be able to access domain resources in the upgraded domain.
Note |
By modifying the settings of the default security policies, you are weakening the default security policies in your environment. Therefore, we recommend that you upgrade your Windows–based client computers as soon as possible. After all client computers in your environment are running versions of Windows that support SMB packet signing and secure channel signing, you can re-enable default security policies to increase security.
To configure a domain controller to not require SMB packet signing or secure channel signing, disable the following settings in the Default Domain Controllers Policy:
Microsoft network server: Digitally sign communications (always)
Domain member: Digitally encrypt or sign secure channel data (always)
Back up the Default Domain Controllers Policy Group Policy object (GPO) before you modify it. Use the Group Policy Management Console (GPMC) to back up the GPO so that it can be restored, if necessary.
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure
To disable SMB packet signing enforcement based domain controllers |
1. To open GPMC, click Start, click Run, type gpmc.msc, and then click OK.2. In the console tree, right-click Default Domain Controllers Policy in Domains\Current Domain Name\Group Policy objects\Default Domain Controllers Policy, and then click Edit.3. In the Group Policy Management Editorwindow, in the console tree, go to Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/Security Options.4. In the details pane, double-click Microsoft network server: Digitally sign communications (always).5. Verify that the Define this policy setting check box is selected, click Disabled to prevent SMB packet signing from being required, and then click OK.To apply the Group Policy change immediately, either restart the domain controller or open a command prompt, type the following command, and then press ENTER:gpupdate /force
Note Modifying these settings in the Domain Controllers container will change the Default Domain Controllers Policy. Policy changes that you make here will be replicated to all other domain controllers in the domain. Therefore, you only have to modify these policies one time to affect the Default Domain Controllers Policy on all domain controllers. |
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure.
To disable secure channel signing enforcement on domain controllers |
1. To open GPMC, click Start, click Run, type gpmc.msc, and then click OK.2. In the console tree, right-click Default Domain Controllers Policy in Domains/Current Domain Name/Group Policy objects/Default Domain Controllers Policy, and then click Edit.3. In the Group Policy Management Editorwindow, in the console tree, go to Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/Security Options.4. In the details pane, double-click Domain member: Digitally encrypt or sign secure channel data (always), click Disabled to prevent secure channel signing from being required, and then click OK.To apply the Group Policy change immediately, either restart the domain controller or open a command prompt, type the following command, and then press ENTER:gpupdate /forceNote
Modifying these settings in the Domain Controllers container will change the Default Domain Controllers Policy. Policy changes that you make here will be replicated to all other domain controllers in the domain. Therefore, you only have to modify these policies one time to affect the Default Domain Controllers Policy on all domain controllers. |
Allow cryptography algorithms compatible with Windows NT 4.0
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure.
To allow cryptography algorithms that is compatible with Windows NT 4.0 |
1. To open GPMC, click Start, click Run, type gpmc.msc, and then click OK.2. In the console tree, right-click Default Domain Controllers Policy in Domains/Current Domain Name/Group Policy objects/Default Domain Controllers Policy, and then click Edit.3. In the Group Policy Management Editorwindow, in the console tree, go to Computer Configuration/Administrative Templates: Policy definitions (ADMX files) retrieved from the local machine/System/Net Logon.4. In the details pane, double-click Allow cryptography algorithms compatible with Windows NT 4.0, and then click Enabled.Note By default, the Not Configured option is selected, but, programmatically, after you upgrade a server to Windows Server 2008 domain controller status, this policy is set to Disabled.To apply the Group Policy change immediately, either restart the domain controller or open command line, type the following command, and then press ENTER:
gpupdate /force Note Modifying these settings in the Domain Controllers container will change the Default Domain Controllers Policy. Policy changes that are made here will be replicated to all other domain controllers in the domain. Therefore, you only have to modify these policies one time to affect the Default Domain Controllers Policy on all domain controllers. |
15 Completing the Upgrade of Active Directory Domains
To complete the upgrade of your Active Directory domains, perform the tasks in Checklist: Post-Upgrade Tasks.
16 Checklist: Post-Upgrade Tasks
Complete the tasks in this checklist in the order in which they are presented.
Checklist: Post-Upgrade Tasks
Task | Reference | |
Raise the functional levels of domains and forests to enable all advanced features of Active Directory Domain Services (AD DS). | Raise the Functional Levels of Domains and Forests | |
Complete the upgrade. | Complete the Upgrade |
17 Raise the Functional Levels of Domains and Forests
To enable all Windows Server 2008 advanced features in Active Directory Domain Services (AD DS), raise the functional level of your forest to Windows Server 2008. This will automatically raise the functional level of all domains to Windows Server 2008. To enable all Windows Server 2008 R2 advanced AD DS features, raise the functional level of your forest to Windows Server 2008 R2. This will automatically raise the functional level of all domains to Windows Server 2008 R2.
Caution |
Do not raise the forest functional level to Windows Server 2008 R2 if you have or will have any domain controllers running Windows Server 2008 or earlier.
Important |
After you set the forest functional level to a certain value, you cannot roll back or lower the forest functional level, with one exception: when you raise the forest functional level to Windows Server 2008 R2 and if Active Directory Recycle Bin is not enabled, you have the option of rolling the forest functional level back to Windows Server 2008. You can lower the forest functional level only from Windows Server 2008 R2 to Windows Server 2008. If the forest functional level is set to Windows Server 2008 R2, it cannot be rolled back, for example, to Windows Server 2003.
For more information about the Active Directory Recycle Bin, see Active Directory Recycle Bin Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkId=133971).
Use the following procedure to raise the forest functional level to Windows Server 2008.
Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure.
To raise the forest functional level |
1. Open the Active Directory Domains and Trusts snap-in. Click Start, click Administrative Tools, and then click Active Directory Domains and Trusts.2. In the console tree, right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level.3. In Select an available forest functional level, do one of the following:To raise the forest functional level to Windows Server 2003, click Windows Server 2003, and then click Raise.
To raise the forest functional level to Windows Server 2008 R2, click Windows Server 2008 R2, and then click Raise. |
For more information about Windows Server 2008 advanced AD DS features, see Enabling Advanced Features for AD DS.
18 Complete the Upgrade
Complete the following tasks to finalize the process:
- · Review, update, and document the domain architecture to reflect any changes that you made during the domain upgrade process.
Verify that the NETLOGON and SYSVOL shared folders exist and that the File Replication Service (FRS) or Distributed File Service (DFS) Replication is functioning without error by checking Event Viewer.
Verify that Group Policy is being applied successfully by checking the application log in Event Viewer for Event ID 1704.
Verify that all service (SRV), alias (CNAME), and host (A) resource records have been registered in Domain Name System (DNS).
Verify Windows Firewall status.
Important |
Although the default behavior for Windows Server 2008 and Windows Server 2008 R2 is that Windows Firewall is turned on, if you upgrade a Windows Server 2003 computer that had Windows Firewall turned off, the firewall will remain off after the upgrade unless you turn it on using the Windows Firewall control panel.
Continuously monitor your domain controllers and Active Directory Domain Services (AD DS). Using a monitoring solution (such as Microsoft Operations Manager (MOM)) to monitor distributed Active Directory Domain Services (AD DS)—and the services that it relies on—helps maintain consistent directory data and a consistent level of service throughout the forest.
After these tasks have been completed successfully, you will have completed the in-place upgrade process.
18.1 Know Issues for upgrading
Extension mechanisms for DNS (EDNS) are enabled by default on Windows Server 2008 R2. If you notice queries that used to work on DNS servers that run Windows 2000, Windows Server 2003, or Windows Server 2008 fail after those DNS servers are upgraded or replaced with DNS servers that run Windows Server 2008 R2, or queries that the old DNS servers can resolve cannot be resolved by Windows Server 2008 R2 DNS servers, then disable EDNS using the command:dnscmd /Config /EnableEDnsProbes 0
19 Verifications you can make and recommended hotfixes
you can install before you begin
1. All domain controllers in the forest should meet the following conditions:
a. Be online.
b. Be healthy (Run dcdiag /v to see if there are any problems.)
c. Have successfully inbound-replicated and outbound-replicated all locally held Active Directory partitions (repadmin /showrepl * /csv viewed in Excel). d. Have successfully inbound-replicated and outbound-replicated SYSVOL.
3. Download the latest service pack and relevant hotfixes that apply to your Active Directory forest before you deploy Windows Server 2008 or Windows Server 2008 R2 domain controllers.
a. For upgrades to either Windows Server 2008 or Windows Server 2008 R2, create integrated installation media (“slipstream”) by adding the latest service pack and hotfixes for your operating system.
i. If you are deploying RODCs, review article 944043 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=122974). Download and install the hotfixes on the Windows computers and scenarios that apply to your computing environment.
ii. For Windows Server 2008 R2: If Active Directory Management Tool (ADMT) 3.1 is installed on Windows Server 2008 computers that are being upgraded in-place to Windows Server 2008 R2, remove ADMT 3.1 before the upgrade; otherwise, it cannot be uninstalled. In addition, ADMT 3.1 cannot be installed on Windows Server 2008 R2 computers.
iii. The following table lists hotfixes for Windows Server 2008. You can install a hotfix individually, or you can install the service pack that includes it.
Description | Microsoft Knowledge Base article | Service pack |
Domain controllers that are configured to use the Japanese language locale | 949189 (http://go.microsoft.com/fwlink/?LinkId=164588) | Windows Server 2008 SP2 |
EFS file access encrypted on a Windows Server 2003 file server upgraded to Windows Server 2008 | 948690 (http://go.microsoft.com/fwlink/?LinkID=106115) | Not included in any Windows Server 2008 Service Pack |
Records on Windows Server 2008 secondary DNS server are deleted following zone transfer | 953317 (http://go.microsoft.com/fwlink/?LinkId=164590) | Windows Server 2008 SP2 |
Use root hints if no forwarders are available | 2001154 (http://go.microsoft.com/fwlink/?LinkId=165959) | |
Setting Locale info in GPP causes Event Log and dependent services to fail. If you change “Regional Option – User Locale – enabled,” the Windows Event Log Service, DNS Server Service, task Scheduler Service fail to start. | For prevention and resolution, see 951430 (http://go.microsoft.com/fwlink/?LinkId=165960). | To be included in Windows Server 2008 SP3 |
GPMC Filter fix | 949360 | Windows Server 2008 SP2 |
If you use devolution to resolve DNS names (instead of suffix search list), apply the DNS devolution hotfix. | 957579 (http://go.microsoft.com/fwlink/?LinkId=178224) | Windows Server 2008 SP2 |
Group Policy Preferences rerelease | 943729(http://go.microsoft.com/fwlink/?LinkId=164591)974266 (http://go.microsoft.com/fwlink/?LinkID=165035) | Windows Server 2008 SP2 |
Synchronize the Directory Services Restore Mode (DSRM) Administrator password with a domain user account | 961320 (http://go.microsoft.com/fwlink/?LinkId=177814) |
The following table
19.1 lists hot fixes for Windows Server 2008 R2.
Description | Microsoft Knowledge Base article | Comment |
Windows Server 2008 R2 Dynamic DNS updates to BIND servers log NETLOGON event 5774 with error status 9502 | 2002490 (http://go.microsoft.com/fwlink/?LinkId=178225) | [The article will include a hotfix.] |
Event ID 1202 logged with status 0x534 if security policy modified | 2000705 (http://go.microsoft.com/fwlink/?LinkId=165961) | Hotfix is in progress. Also scheduled for Windows Server 2008 R2 SP1. |
TimeZoneKeyName registry entry name is corrupt on 64-bit upgrades | 2001086 (http://go.microsoft.com/fwlink/?LinkId=178226) | Occurs only on x64-based server upgrades in Dynamic DST time zones. To see if your servers are affected, click the taskbar clock. If the clock fly-out indicates a time zone problem, click the link to open the date and time control panel. |
Deploying the first Windows Server 2008 R2 domain controller in an existing Active Directory forest may temporarily halt Active Directory replication to strict-mode destination domain controllers. | 2002034 |
19.2 Run Adprep commands
19.2.1 Add schema changes using adprep /forestprep
1. Identify the domain controller that holds the schema operations master role (also known as flexible single master operations or FSMO role) and verify that it has inbound-replicated the schema partition since startup:
a. Run the dcdiag /test:knowsofroleholders command. If the schema role is assigned to a domain controller with a deleted NTDS settings object,
b. Log on to the schema operations master with an account that has Enterprise Admins, Schema Admins, and Domain Admins credentials in the forest root domain. By default, the built-in administrator account in a forest root domain has these credentials.
c. On the schema master, run the repadmin /showreps command. If schema master has inbound-replicated the schema partition since startup, continue to the next step. Otherwise, use the replicate now command Dssite.msc to trigger inbound replication of the schema partition to the schema master.
You can also use the repadmin /replicate <name of schema master> <GUID of replication partner> command. The showreps command returns the globally unique identifier (GUID) of all replication partners of the schema master.
20 Configure the Windows Time service on the PDC emulator in the Forest Root Domain
20.1 To configure the Windows Time service on the PDC emulator
- 1. Open a Command Prompt.
- 2. Type the following command to display the time difference between the local computer and a target computer, and then press ENTER:
w32tm /stripchart /computer: target /samples: n /dataonly
- Open User Datagram Protocol (UDP) port 123 for outgoing traffic if needed.
- Open UDP port 123 (or a different port that you have selected) for incoming NTP traffic.
- Type the following command to configure the PDC emulator, and then press ENTER:
For example, to configure your PDC emulator to use the following list of fictional time servers:
ntp1.Domain .com
- Run the following command:
w32tm /config /manualpeerlist:”ntp1.Domain .com” /reliable:yes /update
21 Upgrade Existing Domain Controllers
Note |
To increase security, domain controllers that run Windows Server 2008 and Windows Server 2008 R2 require (by default) that all client computers attempting to authenticate to them perform Server Message Block (SMB) packet signing and secure channel signing
By modifying the settings of the default security policies, you are weakening the default security policies in your environment
22 Complete the Upgrade
Complete the following tasks to finalize the process:
Review, update, and document the domain architecture to reflect any changes that you made during the domain upgrade process.
Verify that the NETLOGON and SYSVOL shared folders exist and that the File Replication Service (FRS) or Distributed File Service (DFS) Replication is functioning without error by checking Event Viewer.
Verify that Group Policy is being applied successfully by checking the application log in Event Viewer for Event ID 1704.
Verify that all service (SRV), alias (CNAME), and host (A) resource records have been registered in Domain Name System (DNS).
Verify Windows Firewall status.
23 Check proper installation and replication
It is a best practice to review the logs to identify any problems that might have occurred during the promotion. The logs to scrutinize specifically are:
- dcpromo.log
All the events regarding the creation and removal of Active Directory, SYSVOL trees and the installation, modification and removal of key services - dcpromoui.log
all the events from a graphical interface perspective
Also check the event viewer.
23.1.1 After replication
Check replication
repadmin /showreps
24 Migration of DHCP Server from Windows Server 2003 to Windows Server 2008R2
Note: Backup and Restore are not expected to work across server versions as the DHCP database format has changed between Windows Server 2003 and Windows Server 2008.
The recommended procedure for DHCP server migration is to use the export import commands through netsh. Following is the procedure for migrating DHCP server from Windows Server 2003 to Windows Server 2008 outlined in brief:
In the following Four steps
24.1 Export the DHCP database from the server that is running Microsoft Windows Server 2003
Log on to the source DHCP server by using an account that is a member of the local Administrators group or the DHCP Administrators group.
-Click Start, click Run, type cmd in the Open box, and then click OK.
-Type netsh dhcp server export C:\dhcpdatabase.dat all, and then press ENTER.
Note: While the export command runs, DHCP server is stopped and does not respond to clients seeking new leases or lease renewals.
You can now stop the DHCP service on the source server.
24.2 Install the DHCP server service on the server that is running Windows Server 2008
To install the DHCP Server service on an existing Windows Server 2008 computer:
1. Start Server Manager.
2. Click on Add Roles.
3. Select the DHCP server role and press Next.
4. Click through the next sequence for screens of the installation wizard to complete the DHCP server installation. You should not authorize the DHCP server at this point.
24.3 Import the DHCP database
Log on as a user who is a member of the local Administrators group or DHCP administrators group.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008 computer.
3. Verify that the DHCP service is started on the Windows Server 2008 computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.dat all, and then press ENTER, where c:\dhcpdatabase.dat is the full path and file name of the database file that you copied to the server.
6. After you receive the message that the command completed successfully, quit the command prompt.
24.4 Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP. You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.
Note: Note When you try to export a DHCP database from a 2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration – Access Denied
To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo Steps 4 &5 Under 25.3 section
25 Recommendations for FSMO roles
Place the RID and PDC emulator roles on the same domain controller. Good communication
from the PDC to the RID master is desirable as down level clients and Target the PDC, making it a large consumer of RIDs. It is also easier to keep track of FSMO roles if you cluster them on fewer machines Place the RID and primary domain controller emulator roles on separate domain controllers.
The infrastructure master should be located on a no global catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site.
http://www.pcreview.co.uk/forums/thread-1456278.php
http://www.planning-tech.com/?p=78
26 What are FSMO ROLES?
Names OF 5 FSMO roles and place
Schema owner | servername.Domain .com |
Domain Role Owner | servername.Domain .com |
PDC role | servername.Domain .com |
RID pool manager | servername.Domain .com |
Infrastructure owner | servername.Domain .com |
The FSMO (flexible single master operations) roles assigned in our environment to Domain-Controllers and provide us the ability to manage our environment without Conflicts , The FSMO roles can be transfer between Domain-Controllers and that’s provide us the ability to manage our environment in much more flexibility .
There are 5 FSMO roles in a forest; from the 5 roles 2 of them will provide services in the Forest level and the other 3 in the domain level.
The Forest level Fsmo:
- · Schema Master Role – The schema master Role is responsible to update the Schema Partition. The DC that contains the Schema master is the only one in our entire environment that can update the Schema directory. When this update finish the schema will replicate to all other DC in our directory.
Note!
We have only ONE schema master per directory!
- Domain Naming Master Role – This role is the one that provide us the ability to make changes in the Forest-Wide domain name of our directory. The DC that holds this role is the only one that can add or Remove new DC from our forest.
The Domain level Fsmo:
- RID Master Role – The RID role hosts on a single DC, This DC responsible for the RID pool requests from all other DC in a domain. This role is also responsible to add or Remove objects from a domain and transfer it to other DC (Users, computers…).
The RID responsible to add Security Principal to objects in our environment (Users, Computers, Groups …) called SID ,This SID is unique in all our domain and cannot duplicate to other object in our domain .
- · PDC Emulator Role – These roles provide us many services, the first responsibility is to Sync times in windows 2000 environment (W32Time Service) that requires for Kerberos Authentication, The time that this FSMO provides will gather from an external source like Microsoft servers for example.
The PDC role is the role that provides us the most services and from this we can Say that this role is the busy one on our environment, here are few Examples:
– This role helps us to replicate the Sysvol folder in our environment.
– Manage all passwords changes in our domains to ensure that accounts that not supply the right credentials will be locked and replicate Password across domains.
- Infrastructure Master Role – This role provide us the ability to update all objects SID’S and distinguished name in cross domains , this happens when object from one domain referenced with object from another DC.
FSMO levels:
Schema master : One per forest.
Domain Naming Master : One per forest.
PDC Emulator : One per domain.
RID Master : One per domain.
Infrastructure Master : One per domain.
Worst Case Scenario – What Happens’ if Fsmo fails…?
- Schema Master – If this FSMO role fails we cannot add object to our Schema Partition. And for that reason we cannot change object or their Attributes.
- Domain Naming Master – Here it’s easy to understand the problem that we have when this FSMO fails, we simply cannot be abeles to add new DC to the forest and we also cannot demote existing Domain-Controllers. We need to pay attention that our environment will function till we net do manage Domain –Controllers in our forest.
- PDC Emulator – like we describe this role is the one that provides most services for that reason when this role not function probably will cause us the biggest problems in our environment.
- Rid Master – First we need to know that each Domain-Controller In our domain contains pool of RID’S, so we only have problems if we want to add many object (Users, Computers…).
- Infrastructure master – Here we need to understand the difference between Single Domain environment (IF this FSMO fails it’s not relevant to this scenario) and Multi-Domain environment (If this FSMO fails we cannot add object from one DC to another).
27 Moving the Roles
New groups and new group memberships that are created after upgrading the PDC After you upgrade the Windows Server 2003–based domain controller holding the role of the PDC emulator master in each domain in the forest to Windows Server 2008, or after you move the PDC emulator operations master role to a Windows Server 2008-based domain controller, or after you add a read-only domain controller (RODC) to your domain, the following new well-known and built-in groups are created:
- · Builtin\IIS_IUSRS
- · Builtin\Cryptographic Operators
- · Allowed RODC Password Replication Group
- · Denied RODC Password Replication Group
- · Read-only Domain Controllers
- · Builtin\Event Log Readers
- · Enterprise Read-only Domain Controllers (created only on the forest root domain)
- · Builtin\Certificate Service DCOM Access
The newly established group memberships are:
- · IUSR security principal added to the Builtin\IIS_IUSRS group
- · The following groups added to the Denied RODC Password Replication Group:
Group Policy Creator Owners
- · Domain Admins
- · Cert Publishers
- · Domain Controllers
- · Krbtgt
- · Enterprise Admins
- · Schema Admins
- · Read-only Domain Controllers
- · Network Service security principal added to Builtin\Performance Log Users
- · Also, the following new, additional security principals are created in the forest root domain:
- · IUSR
- · Owner Rights
- Well-Known-Security-Id-System security principal is renamed to System
28 Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
To transfer the FSMO role the administrator must be a member of the following group:
FSMO Role | Administrator must be a member of |
Schema | Schema Admins |
Domain Naming | Enterprise Admins |
RID | Domain Admins |
PDC Emulator | |
Infrastructure |
29 ROLES on our servers
Schema owner servername.Domain .com
Domain role owner servername.Domain .com
PDC role servername.Domain .com
RID pool manager servername.Domain .com
Infrastructure owner servername.Domain .com
29.1 Plan will be
Schema owner servername.Domain .com move role to servername
Domain role owner servername.Domain .com move role to servername
PDC role servername.Domain .com
RID pool manager servername.Domain .com
Infrastructure owner servername.Domain .com
29.2 Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUI
Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUI
To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:
- Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
- If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Users and Computers and press Connect to Domain Controller.(servername)
- Select the domain controller that will be the new role holder, the target, and press OK. (servername)
- Right-click the Active Directory Users and Computers icon again and press Operation Masters.
- Select the appropriate tab for the role you wish to transfer and press the Change button.
- Press OK to confirm the change.
- Press OK all the way out.
To Transfer the Domain Naming Master Role:
- Open the Active Directory Domains and Trusts snap-in from the Administrative Tools folder.
- If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Domains and Trusts and press Connect to Domain Controller.
- Select the domain controller that will be the new role holder and press OK.
- Right-click the Active Directory Domains and Trusts icon again and press Operation Masters.
- Press the Change button.
- Press OK to confirm the change.
- Press OK all the way out.
To Transfer the Schema Master Role:
- Register the Schmmgmt.dll library by pressing Start > RUN and typing:
regsvr32 schmmgmt.dll
- Press OK. You should receive a success confirmation.
- From the Run command open an MMC Console by typing MMC.
- On the Console menu, press Add/Remove Snap-in.
- Press Add. Select Active Directory Schema.
- Press Add and press Close. Press OK.
- If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller.
- Press Specify …. and type the name of the new role holder. Press OK.
- Right-click right-click the Active Directory Schema icon again and press Operation Masters.
- Press the Change button.
- Press OK all the way out.
Make sure that the Active directory module for the Power Shell is installed
Then Run Dcdiag
- · In the Starting test: fsmocheck
Then run the netdom query fsmo
If the server couldn’t locate the Roles
Restart the following services on w2k8
Active directory Domain services
And Netlogon service
30 After installing and removing Roles
Test the DNS and the new Server
Client test
Modify the DNS of some clients so that the primary DNS is
then new W2k8 server
Server test
Modify the DNS of some Servers to be
Then new W2k8 server
31 Revision History
32 References
http://www.petri.co.il/windows-server-2008-adprep.htm
http://www.ditii.com/2008/11/12/upgrade-to-windows-2008-domain-controllers-adprep/
http://blogs.dirteam.com/blogs/tomek/archive/2006/04/17/787.aspx
http://technet.microsoft.com/en-us/library/cc780661(WS.10).aspx (DNS)
http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx (Active Directory)
(http://go.microsoft.com/fwlink/?LinkId=93656). ( DNS)
How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (http://go.microsoft.com/fwlink/?LinkId=177813).
netlogon cryptographic support changes in Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkId=106380). For more information about additional security policy changes in Windows 7 and Windows Server 2008 R2, see Secure default settings in Windows Server 2008 and Windows Server 2008 R2.
http://go.microsoft.com/fwlink/?LinkId=99285. System requirements
. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
http://technet.microsoft.com/en-us/library/cc770662(WS.10).aspx
http://www.maradns.org/tutorial/dnsmaster.html (DNS(SOA and NS))
Related articles
- Enable Windows Server 2008 R2 Features During Installation Using A System Center Configuration Manager Task Sequence (richardstk.wordpress.com)
- Raise functional levels on Windows Server 2008 Server Core (letitknow.wordpress.com)
- Installing DHCP Server on Windows Server 2008 R2 (gunnalag.wordpress.com)
- Active Directory Forest Functional Level and Domain Functional Level (sandeshvidhate.wordpress.com)
- Fixing Windows Server 2008 R2 Boot Problem (nerhood.wordpress.com)
.ppt Repair…
UPGRADING ACTIVE DIRECTORY TO WINDOWS 2008 R2 ADDS DOMAIN « System Admins…
LikeLike
Regards for posting “UPGRADING ACTIVE DIRECTORY TO WINDOWS 2008 R2 ADDS DOMAIN
System Admins”. Imight undoubtedly be coming back for even more
reading and commenting soon. Thanks a lot, Geneva
LikeLike
I personally speculate the reason you labeled this particular post, “UPGRADING ACTIVE DIRECTORY TO WINDOWS 2008 R2 ADDS DOMAIN System Admins”.
No matter what I actually adored the blog!Thanks for your time-Liza
LikeLike
Liza
thanks for your comment
these steps are the details for upgrading the environment from 2003 to 2008
with every detailed issue
LikeLike
Asking questions are truly nice thing if you are not understanding something totally, but this piece of
writing provides nice understanding yet.
LikeLike
Terrific work! That is the type of information that are supposed to be shared around the net.
Shame on the seek engines for now not positioning this post higher!
Come on over and discuss with my web site . Thank you =)
LikeLike
Hey are using WordPress for your blog platform? I’m new to the blog world but I’m trying to get started and create my own.
Do you require any coding expertise to make your own blog?
Any help would be greatly appreciated!
LikeLike
3 fingers Stuff arms firmly and sew opening of rnd 7 closed.
She meets Charletta, a middle-aged woman who says that she helped him to” pump up” for
two weeks instead of one farmacia on line? In consultation with a doctor about their
problems.
LikeLike
You made some good points there. I looked on the web for more info about the
issue and found most individuals will go along with your views on this web site.
LikeLike
Hello my friend! I want to say that this post is amazing,
nice written and come with approximately all
vital infos. I’d like to peer extra posts like this .
LikeLike
I leave a response when I appreciate a post on a site or if
I have something to valuable to contribute to the conversation.
It is caused by the fire communicated in the post I looked at.
And after this post UPGRADING ACTIVE DIRECTORY TO WINDOWS 2008 R2 ADDS DOMAIN | System Admins.
I was moved enough to drop a thought 🙂 I do have 2 questions for you if it’s okay. Could it be only me or does it look like a few of the remarks appear like they are coming from brain dead folks? 😛 And, if you are writing at other online sites, I’d like to keep up with
anything fresh you have to post. Could you list all of all your public sites like your Facebook
page, twitter feed, or linkedin profile?
LikeLike
sorry i have just saw it i m so sorry
but all the examples from this blog are all from real examples which i m testing it first in my environment with all details
if i have any refrences you will find them in the post
LikeLike
Good blog post. I absolutely love this website.
Keep it up!
LikeLike
thanks very much
LikeLike
Every weekend i used to go to see this web page,
for the reason that i want enjoyment, since this this web site conations actually nice funny material too.
LikeLike
No matter what you believe, I like this specific posting
LikeLike
thanks
LikeLike
Tremendous things here. I’m very satisfied to peer your article. Thanks a lot and I am taking a look forward to contact you. Will you kindly drop me a e-mail?
LikeLike
my email kazaki82@gmail.com
LikeLike
my email is kazaki82@gmail.com
LikeLike
Greetings! I’ve been reading your site for a while now and finally got the courage to go ahead and give you a shout out from Lubbock Texas! Just wanted to tell you keep up the great job!
LikeLike
This is my first time visit at here and i am truly impressed to
read all at one place.
LikeLike
Hi, i think that i saw you visited my web site so i came to “return the favor”.I’m trying to
find things to enhance my site!I suppose its ok to use a few of your ideas!!
LikeLike
Greetings from Colorado! I’m bored at work so I decided to browse your site on my iphone during lunch break.
I really like the info you provide here and can’t wait to take a look when I get home.
I’m surprised at how fast your blog loaded on my phone ..
I’m not even using WIFI, just 3G .. Anyways, very good site!
LikeLike
Heya outstanding blog! Does running a blog
like this take a large amount of work? I have virtually no understanding of coding but I was hoping to start my own blog soon.
Anyway, should you have any ideas or tips for new blog owners please share.
I know this is off topic but I just wanted to ask.
Cheers!
LikeLike
Hmm is anyone else encountering problems with the images on this blog loading?
I’m trying to find out if its a problem
on my end or if it’s the blog. Any feedback would be greatly appreciated.
LikeLike
Itss like you read my mind! You appear to know a lot about this,
like yyou wrote the book in it or something. I think
that you can do with some pics to drive the message
home a bit, but instead of that, this is fantastic blog.
A grat read. I wioll certainly be back.
LikeLike
Hi, I do think this is an excellent web site. I stumbledupon
it 😉 I will come back once again since i have book-marked it.
Money and freedom is the best way to change, may
you be rich and continue to guide other people.
LikeLike
I visited many websites but the audio quality for audio songs present at this
website is really excellent.
LikeLike
Write more, thats all I have to say. Literally,itseems as though you relied on
the video to make your point. You definitely know what youre talking about, why waste your intelligence oon just
posting videos to your weblog when you could be giving us something
informative to read?
LikeLike
My brother recommended I might like this blog. He was totally right.
This post actually made my day. You can not imagine simply how much time I had spent for this information!
Thanks!
LikeLike
I know this if off topic but I’m looking into
starting my own weblog and was wondering what all
is required to get setup? I’m assuming having a blog like
yours would cost a pretty penny? I’m not very web savvy
so I’m not 100% positive. Any recommendations or advice would be greatly appreciated.
Cheers
LikeLike
I enjoy what you guys tend to be up too. This kinnd of clever work aand reporting!
Keep up the good works guy I’ve you guys to mmy personal blogroll.
LikeLike
Great article. I am experiencing a few of these issues as well..
LikeLike
Hello this is kinda of off topic but I was
wanting to know if blogs use WYSIWYG editors or if you have to manually code
with HTML. I’m starting a blog soon but have no
coding experience so I wanted to get advice from someone with
experience. Any help would be enormously appreciated!
LikeLike
Marvelous, what a website it is! This weblog presents valuable information to us, keep it up.
LikeLike
I feel that is among the most important info for me. And i’m satisfied reading your article.
However want to remark on some general issues, The site taste is ideal, the articles is actually great :
D. Excellent task, cheers
LikeLike
Hi there, constantly i used to cheϲk weblog posts here early in the dawn, because i enjoy to learn more and
more.
LikeLike
It’s actually a cool and useful piece of info. I am satisfied that you simply shared this useful
information with us. Please keep us up to date like this.
Thanks for sharing.
LikeLike
I’ve learn some just right stuff here. Certainly
price bookmarking for revisiting. I surprise
how so much effort you put to create this type of wonderful informative website.
LikeLike
This is really fascinating, You are an overly skilled blogger.
I’ve joined your feed and sit up for seeking extra of your fantastic post.
Also, I’ve shared your web site in my social networks
LikeLike
Hey there! I know this is kinda off topic but I’d figured I’d ask.
Would you be interested in exchanging linms or maybe guest writing a blog article or vice-versa?
My blog addresses a lot of the same topics as yours and I think wee could greatly benefit from each other.If you’re interested feel free to send me an email.
I look forward to hearing ffrom you!Suprrb blog bby the way!
LikeLike
It is not my first time to go to see this website, i am
browsing this site dailly and obtain pleasant data from here every day.
LikeLike
In simple words, fashion illustration gives a freedom to
the artist to put forward the fashion designs and ideas in front
of the entire world. Indeed, Roberto Cavalli has drawn its own spot as one
of Hollywood’s most sought-after Italian fashion brands.
It’s nice that at least parts of society and media are recognizing
that not all women are shaped the same and we
don’t all need to be a size 6 or smaller.
LikeLike
It is appropriate time to make some plans for the future
and it is time to be happy. I’ve read this post
and if I could I wish to suggest you some interesting things or suggestions.
Maybe you could write next articles referring to
this article. I desire to read even more things about it!
LikeLike
Most people probably played this game possibly what you want to have free
mobile phone user, many cellular carriers today will allow the downloaded codes to read
the manual! Android’s new-fangled functional conceptAndroid
is just a private person, to fulfill one’s
requirement. The cannons would launch the critter,
while video games played angry birds friends hack on the site
should be closed when not in a class of Smartphone devices.
They will make it all? Angry Birds Video Game was
first released on the personal choice.
LikeLike
When someone writes an post he/she maintains the plan of a user in his/her brain that
how a user can understand it. So that’s why this article is amazing.
Thanks!
LikeLike
I leave a response each time I like a article on a site or if I have something to contribute to the discussion. It’s caused by the passion communicated in the post I looked at.
And on this article UPGRADING ACTIVE DIRECTORY TO WINDOWS 2008 R2 ADDS
DOMAIN | System Admins. I was actually excited enough to write
a thought 😛 I do have 2 questions for you if you
tend not to mind. Could it be just me or do some of the
comments come across as if they are left by brain dead people?
😛 And, if you are writing on additional sites, I would like to keep up with everything new you have to post.
Would you make a list the complete urls of all your social sites like your Facebook page, twitter feed,
or linkedin profile?
LikeLike
com reported in November of 2008 that one-fourth of U.
If you do not possess a full-blown POS system to
your retail business, you happen to be losing money — guaranteed.
Diploma programs give students the opportunity to learn about
the managerial, operational, and technical areas of providing great customer support to guests and also the public.
LikeLike
Just want to sayy your article iis as astounding.
The clearness to your submit is juat great and that i could
assume yoou are knowledgeable on tnis subject. Well with your
permission allow me to seizae your RSS feed to stay upp to
date with approaching post. Thanks a million and please keep up
the gratifying work.
LikeLike
I do not even know how I finished up right here, however I thought this publish was great.
I don’t understand who you’re however certainly you’re going to a well-known blogger in the event you aren’t
already. Cheers!
LikeLike
I love your blog.. very nice colors & theme. Did you design this
website yourself or did you hire someone to do it for you?
Plz respond as I’m looking to design my own blog and would like to know where u
got this from. cheers
LikeLike
We stumbled over here from a different page and thought I shoould
check thngs out. I like what I see so now i am following you.
Look forward to exploring your web page again.
LikeLike
Hello, Neat post. There iss a problem with your website in web explorer, may test this?
IE nonetheless is the marketplace ledader and a larye element of people will miss
your excelleent writing due to this problem.
LikeLike
Good blog you’ve got here.. It’s difficult to find high-quality writing like yours nowadays.
I seriously appreciate individuals like you! Take care!!
LikeLike
Thanks designed for sharing such a good thought, article is good, thats
why i have read it entirely
LikeLike