Windows .NET Server is on the horizon. Even though you might not install .NET Server the day Microsoft releases it, there’s little doubt that sooner or later you’ll add a Windows .NET domain controller to your organization. However, adding a Windows .NET domain controller isn’t as simple as just installing Windows .NET and then running DCPROMO. The process is actually fairly involved. In this Daily Feature, I’ll walk you through the process of setting up a Windows .NET domain controller.

Selecting a domain
No matter how solid a new operating system seems to be in the beta and release candidate stages, I’ve always been a bit hesitant to implement a new operating system into a production environment. Therefore, I strongly recommend that you create a domain whose sole purpose is to test Windows .NET Server. After you’re satisfied with the results and have gained some experience with a Windows .NET domain, you can begin rolling out Windows .NET Server to the rest of your network.

Begin the process of moving to Windows .NET Server by setting up a spare Windows 2000 server in an isolated domain. In my case, I created a domain called NET, but I made the new domain a part of my production forest. Once the Windows 2000 Server was installed, I installed Service Pack 2 and attempted to upgrade to Windows .NET.

If you attempt simply to upgrade a Windows 2000 Server domain controller to Windows .NET, you’ll receive the error messages shown in Figure A. These error messages state that the Windows 2000 Active Directory needs to be prepared and that the Windows 2000 Administration Tools are installed on the server. Therefore, before you can complete the upgrade, you must prepare the Active Directory by updating the schema, and you must uninstall the administrative tools from the server.

Figure A
You must update the schema and remove the administrative tools before continuing.

Updating the schema
Because the Windows .NET implementation of Active Directory uses a different schema than Windows 2000 does, you must update the existing Active Directory schema before you can integrate a Windows .NET domain controller into your organization. The first step is to determine which server functions as the schema operations master and which domain controller functions as the infrastructure operations master. Normally, the schema master role should be assigned to the first domain controller that was brought online within the forest, and the infrastructure master role will be the first domain controller that was brought online within the domain.

To identify the schema master, you must install the Active Directory Schema snap-in. Open the Control Panel and double click the Add/Remove Programs icon. When Windows displays the Add/Remove Programs applet, click the Change or Remove Windows Programs button. You’ll see a list of all of the programs currently installed on your system.

Click the Change button associated with Windows 2000 Administration Tools. Windows will launch the Windows 2000 Administration Tools Setup Wizard. Click Next to bypass the introductory screen and jump to the Wizard. The next screen you see allows you to install or uninstall the administrative tools. Select the Install All Of The Administrative Tools radio button and click Next. Windows will now install all of the administrative tools. When the installation process completes, click Finish to close the wizard.

The next step is to open the Active Directory Schema snap-in. Do this by clicking Start | Run and entering MMCin the Run dialog box. A Microsoft Management Console (MMC) session will open. Select the Add/Remove Snap-In command from the Console menu to display the Add/Remove Snap-In properties sheet. Now, click the Add button to display a list of all of the available snap-ins. Select Active Directory Schema from the list and click the Add button followed by the Close button and the OK button. You’ll now see the Active Directory Schema snap-in displayed within the console.

To display the server that’s acting as the schema master, right-click on the Active Directory Schema node located in the left pane of the MMC and select the Operations Master command from the resulting context menu. You’ll now see a window that identifies the schema master.

Once you’ve identified the schema master, you can see which server is performing the Infrastructure Master role for the domain by opening the Active Directory Users And Computers MMC. To start Active Directory Users And Computers, click Start | Programs | Administrative Tools | Active Directory Users And Computers.

When the Active Directory Users And Computers MMC opens, right-click on the Active Directory Users And Computers node in the column in the left pane and select the Connect To Domain command from the resulting context menu. Enter the name of the domain that you want to work with into the resulting dialog box and click OK. Now, right-click on the Active Directory Users And Computers node again and select the Operations Masters command from the context menu. When you do, you’ll see the Operations Master properties sheet. Select the Infrastructure tab, and you’ll see which server is performing the Infrastructure Master role for the domain.

Now that you know which servers hold the schema master and infrastructure master roles, take your Windows .NET Server CD-ROM to the schema master and insert it. Open a command prompt window on the schema master and navigate to the CD’s I386 directory. When you get to the I386 directory, type WINNT32.EXE /CHECKUPGRADEONLYand press [Enter].

Entering this command will load a window that looks like part of the Windows .NET Setup program. This program will eventually generate a report with lots of reasons why you can’t upgrade to Windows .NET Server. Ignore the report and close the program. The report is informational only, and you don’t really need the information it provides. However, during the course of generating the report, the Setup program copies important files to the Windows 2000 domain controller.

After the files copy to your server and the Setup window closes, type ADPREP /FORESTPREP at the command prompt and press [Enter]. You’ll see the warning message that’s shown in Figure B. The warning message indicates that each domain controller within the forest must be running Windows 2000 Service Pack 2 or higher. You must verify the service pack level of all domain controllers in all domains before continuing. Otherwise, you’ll corrupt the Active Directory.

Figure B
You must verify the service pack level for all domain controllers in all domains before continuing.

If it appears that Windows isn’t doing anything when you enter the command, don’t panic. Try closing all of your windows. On my test machine, the upgrade check ran in the background and was visible only after I closed everything else that I had open. I was using Beta 3 of Windows .NET Enterprise Server, so this problem may be fixed in future versions.

You can verify the service pack level of a Windows 2000 domain controller by opening the Control panel and double-clicking on the System icon to display the System Properties sheet. The sheet’s General tab will display the service pack number, as shown in Figure C.

Figure C
The System Properties sheet lists the service pack number.

Once the Active Directory schema has been updated, you must wait 15 minutes or so for the Active Directory updates to be replicated throughout the forest. When the replication cycle completes, you must update the infrastructure operations master for every domain in the forest. Earlier, I showed you how to locate the infrastructure master for a domain.

On each infrastructure operations master, insert the Windows .NET installation CD and run the \I386\WINNT.EXE /CHECKUPGRADEONLY command. This runs the compatibility check that you saw earlier and copies a variety of files to the domain controller. When the process completes, open Command Prompt window, type ADPREP /DOMAINPREP, and press [Enter].

Removing the Windows 2000 Administration Tools
The next thing that you must do before upgrading the domain controller to Windows .NET is to remove the Windows 2000 Administration Tools. Open the Control Panel on the domain controller that you’re upgrading and double-click on the Add/Remove Programs icon. When the Add/Remove Programs window appears, select Windows 2000 Administration Tools from the Currently Installed Programs list and click the Remove button. Click Yes when Windows asks for confirmation, and the Administration Tools will be removed. You’re now ready to upgrade to Windows .NET.

Ready? Set? Go!
Installing your first Windows .NET domain controller can be a bit tedious. However, you only have to go through all this work when you install the first domain controller within the forest. The Setup process is much simpler for any future Windows .NET domain controllers.