Active Directory Migration
-
I've just left a new potential client...Their setup consists of 10 users with 1 old SBS 2003 server (domain controller) which is creaking and about to die on them.
Whoever was looking after their network previously talked them into buying a new server (Server2012R2) which they agreed and was installed prior to him walking away!!
However, the problem is, rather than migrating the AD from the old server to the new or even start fresh, he simply joined the new server to the original domain and moved their data across from the old to the new.
What I'd like to do if I get the gig is promote the new server to be the primary domain controller and then migrate the AD information across and then shut down the old server. Is there any easy way of promoting the new server to a primary DC and migrate the AD without loosing any data?
I've never migrated AD across before - i usually start fresh so thoughts welcomed.
Thanks -
Wait. First is there a hypervisor installed on that new server?
-
No. I'm def in favor of having the DC visualized though.
-
@Joel said:
No. I'm def in favor of having the DC visualized though.
Good! That may be the first step. You could easily add a hypervisor (Hyper-V or XenServer) and install Server2012R2 on it. Then promote it to a DC. Demote the 2003 server and you're pretty much done. If you have any other things the Server2012R2 license allows for 2 VMs. So deploy a second VM and run what you need for that one.
-
Agree with virtualizing.
What the "old guy" did is not that bad. He put in a new DC, he just did not decom the old system. As there are only two systems, I would not have expected him to, really.
Is the current system much of a problem? I would consider holding off on a new install until 2016 is available if it is not a major concern right now.
-
@Joel said:
However, the problem is, rather than migrating the AD from the old server to the new or even start fresh, he simply joined the new server to the original domain and moved their data across from the old to the new.
The issue here is, this is SBS 2003. Is it being used for anything other than AD? Because SBS cannot be a member server. It can have member servers, but it itself cannot be one. So once you decide to promote the 2012 R2 box up the SBS 2003 box is toast (you get a few days, but that's not the point.) This is a more or less major decision. Anything from file services to email that the SBS box was used for will be done. Not that isn't your goal or a good thing, but likely that is why more was not done. It's a rather major decision point.
-
@scottalanmiller said:
Agree with virtualizing.
What the "old guy" did is not that bad. He put in a new DC, he just did not decom the old system. As there are only two systems, I would not have expected him to, really.
Is the current system much of a problem? I would consider holding off on a new install until 2016 is available if it is not a major concern right now.
How does he get 2016 though? I'm assuming they bought either an OEM 2012 license with the hardware, or less likely, they bought a FPP license. They'd have to buy an upgrade to move to 2016.
-
I'd like the SBS to be toast - it's about to die on them anyway. Right now it is the primary DC with AD running on it with file shares.
Would you suggest 1st step I install Hyper V on the new 2012 server, then backup the data on the SBS. Then create a VM on the 2012 and promote that as a DC?If I promote as a DC what happens to the 2003 as that point - you say I have a few days but whats the technicals behind what happens when you promote another new DC on the network?
-
@Dashrender said:
@scottalanmiller said:
Agree with virtualizing.
What the "old guy" did is not that bad. He put in a new DC, he just did not decom the old system. As there are only two systems, I would not have expected him to, really.
Is the current system much of a problem? I would consider holding off on a new install until 2016 is available if it is not a major concern right now.
How does he get 2016 though? I'm assuming they bought either an OEM 2012 license with the hardware, or less likely, they bought a FPP license. They'd have to buy an upgrade to move to 2016.
By waiting.
-
@scottalanmiller They already bought 2012 OEM i believe
-
@Joel said:
I'd like the SBS to be toast - it's about to die on them anyway. Right now it is the primary DC with AD running on it with file shares.
This description tells me that an AD migration is not yet in the cards. That's probably what happened to the old person. They got them to a point where AD was safe, found that they had SBS and were not able to leave it yet, did not get approved for a file server migration and.... here we are today.
-
Scott - do I recall correctly - Windows licensing allows you to install full Windows locally - install Hyper-V service, then install 2 VMs (as long as the base install is only used to manage the VMs)?
Assuming that's right, do that.
Install the Hyper-V service in 2012 R2 as it stands, then create at least one VM, install 2012 R2 into that. Join the domain, move the data from the hardware installed OS to the VM, make sure it all works.
Make sure all other services that SBS provides - DNS, DHCP, SharePoint, Exchange, etc are moved to the new VM (those that you are using of course), promote the VM to a DC, decom the SBS box.Transferring AD from one server to another is super easy. Of course you start by having two Domain Controllers.
When you correctly demote the old server, it will send all needed info to the newer DC, and it will be in charge now.
It's almost that simple. The step by step is a bit more, but not much.Though - you'll want to update your DHCP with the DNS address of your new DC several days before you do this to ensure that info is passed around to all clients.
-
@Joel said:
If I promote as a DC what happens to the 2003 as that point - you say I have a few days but whats the technicals behind what happens when you promote another new DC on the network?
Once you promote another DC to the Forest Root, SBS disables. SBS cannot exist with another DC owning the forest. It will not be joined to the domain, it will be effectively useless. It won't catch on fire or burn up the data. But it will suck if you want it to still do anything.
-
@Dashrender said:
Scott - do I recall correctly - Windows licensing allows you to install full Windows locally - install Hyper-V service, then install 2 VMs (as long as the base install is only used to manage the VMs)?
Assuming Server 2012 R2 Standard, yes.
-
So the best option would be to move the file share to a new VM. Then promote the new DC. Then let the SBS server lockup?
-
@Joel said:
Would you suggest 1st step I install Hyper V on the new 2012 server, then backup the data on the SBS. Then create a VM on the 2012 and promote that as a DC?
- Install Hyper-V
- Create two VMs (one for AD, one for FS)
- Join AD to the Domain
- Remove AD on the old instance with only SBS and this new AD VM remaining
- Migrate all file shares to the new FS VM
- Turn off everything but AD on the SBS machine
- Promote the 2012 R2 AD VM to forest root
- Have bonfire and roast marshmallows around the burning remains of the SBS box
-
@scottalanmiller said:
@Joel said:
Would you suggest 1st step I install Hyper V on the new 2012 server, then backup the data on the SBS. Then create a VM on the 2012 and promote that as a DC?
- Install Hyper-V
- Create two VMs (one for AD, one for FS)
- Join AD to the Domain
- Remove AD on the old instance with only SBS and this new AD VM remaining
- Migrate all file shares to the new FS VM
- Turn off everything but AD on the SBS machine
- Promote the 2012 R2 AD VM to forest root
- Have bonfire and roast marshmallows around the burning remains of the SBS box
I actually LOL'd at the last comment
That leaves me to ask - How do I remove AD on the old SBS? I cant recall!!! (point 4 above)
When I promote the 2012 to Forest root, will that migrate the AD info? -
Do a dcpromote just to be sure, but the forest root move should trigger it anyway.
-
I would start by removing the new server again and formatting it.
Install Hyper-V server
Join to domain
Create new VM1
Join VM1 to domain
Make VM1 a DC
Create VM2
Join VM2 to domain
Move shares to VM2
Move DHCP to VM1
Shut down SBS and confirm everything works
Turn SBS on, and transfer FSMO to VM1
Remove SBS from domain
Turn off box
Burn box -
@JaredBusch said:
I would start by removing the new server again and fiormatting it.
Install Hyper-V server
Join to domain
Create new VM1
Join VM1 to domain
Make VM1 a DC
Create VM2
Join VM2 to domain
Move shares to VM2
Move DHCP to VM1
Shut down SBS and confirm everything works
Turn SBS on, and transfer FSMO to VM1
Remove SBS from domain
Turn off box
Burn boxFrom what @scottalanmiller is saying once you join another DC to a SBS domain the SBS server refuses to work correctly. Meaning you could potentially lose the file share etc.
