If the DC for 2003 is 32bit you have to use adprep32 not adprep

–> ADPREP /Forestprep on the w2k/w2k3 schema master (both w2k/w2k3 forests)

–> ADPREP /rodcprep on the w2k3 domain master (only w2k3 forests)

–> ADPREP /domainprep on the w2k3 infrastructure master (only w2k3 domains)

–> ADPREP /domainprep /gpprep on the w2k infrastructure master (only w2k domains)

–> on the stand alone server execute: DCPROMO

–> and provide the information needed

Updated: January 21, 2005

Managing inheritance of Group Policy
To apply the settings of a Group Policy object (GPO) to the users and computers of a domain, site, or organizational unit, you can link that domain site or organizational unit to that GPO. You can add one or more GPO links to each domain, site, and organizational unit in Group Policy Management Console. The settings deployed by GPOs linked to higher containers (parent container) in Active Directory are inherited by default to child containers and combine with any settings deployed in GPOs linked to child containers. If multiple GPOs attempt to set a setting to conflicting values, the GPO with the highest precedence sets the setting. GPO processing is based on a last writer wins model, and GPOs that are processed later have precedence over GPOs that are processed sooner. Group Policy objects are processed according to the following order:

Caution

The “Setup Security.inf” and “DC Security.inf” templates contain a large number
of settings, and in particular a long list of file system permission assignments. For this reason,
you should not apply these templates to a computer using group policies. Computers
running Microsoft Windows operating systems periodically refresh group policy settings by
accessing the GPOs on the network’s domain controllers, and a template of this size can generate
a great deal of Active Directory traffic on the network. Instead of using group policies,
you should apply the template using the Security Configuration And Analysis snap-in or the
Secedit.exe utility.

Problem (REF:http://robbieallen.com/downloads/Recipe15-11.htm)
You want to enable Perfmon Trace Logs to view system level calls related to Active Directory.

Solution
1. Open the Performance Monitor.

2. In the left pane, expand Performance Logs and Alerts.

3. Right-click on Trace Logs and select New Log Settings.

4. Enter a name for the log and click OK.

5. Click the Add button.

6. Highlight one or more of the Active Directory providers and click OK.

7. Use the tabs to configure additional settings about the log.

8. When you are done, click OK.

reference:http://technet.microsoft.com/en-us/library/cc776854(WS.10).aspx

This is for my use.  It is from the link above.

Domain Controller Diagnostics Tool (dcdiag.exe)

Applies To: Windows Server 2003 with SP1

What does DCDiag.exe do?

This command-line tool analyzes the state of one or all domain controllers in a forest and reports any problems to assist in troubleshooting. DCDiag.exe consists of a variety of tests that can be run individually or as part of a suite to verify domain controller health.

Tool Requirements

• Except as noted below, all commands in DCDiag can be run on Windows XP Professional and Windows Server 2003 family (member servers and domain controllers).

Useful one-step scripts: REF:http://winmasterplan.blogspot.com/2008_07_01_archive.html

- Show the creation date of all groups from AD forest:
dsquery * forestroot -filter “(&(objectClass=Group))” -attr name whenCreated description -limit 0

 
- Show the date of modification of all groups from AD forest:
dsquery * forestroot -filter “(&(objectClass=Group))” -attr name whenChanged description -limit 0

- Show the creation date of all users from AD forest:
dsquery * forestroot -filter “(&(objectClass=User))” -attr name whenCreated description -limit 0

 
- Show all distribution groups mail enabled from AD forest
dsuery * forestroot -filter “(&(samAccountType=268435457)(mail=*))” -limit 0

For repairing Active Directory.

how-to-use-ntdsutil-to-manage-active-directory-files-from-the-command-line-in-windows-server-2003

use-ntdsutil-to-manage-active-directory-files-from-the-command-line-in-windows-2000

how-to-complete-a-semantic-database-analysis-for-the-active-directory-database-by-using-ntdsutilexe

Restore password reset for Active Directory:

If Active Directory has to be restore you must have the restore password, which may be different from the Domain Admin password.

Server 2000
active-directory-reset-restore-passwd

Server 2003
activedirectory-reset-restore-passwd-2003

Overview
1 DS3 Point to Point
VPN (Borderware Firewall)
2003 Server Standard

   Site A has 2 Domain Controllers (192.168.200.xx)
            DCA-0
            DCA-1
            25 to 35 servers (members)
   Site B has 1 Domain Controller   (192.168.201.xx)
            DCB-0
            SQL
            WebServer
This location by the end of May will have 1/2 the servers hardware but all the servers. (VMWare) DR.
DCPROMO at Site B.  This helps to make sure VPN works as it should and that all configuration is correct on the DC at both locations.

Using the current technologies with VMWare, Windows, and Cisco, it is possible to have a live backup at an alternate location. The link below show a demo Viso layout of Windows 2003 Doman Controllers and SQL running a cutomers location and being repicated over a T1 to a hosting company. This aritcle will be update from time to time to get results of T1 usage and how VMWare performs.

Demo Layout