Can you make a Server 2008 machine a Domain Controller in an existing SBS 2003 domain?

There should be no problem doing this.  The only restriction is that SBS MUST be your FSMO Master DC.

mboppe is correct in that you will need to run forestprep and domainprep though - just treat it like any other domain (that's not SBS) - so long as you don't try moving the FSMO roles.

@leew

did you ever try it before.My feeling is SBS wants to hold everthing I see it as a master, so would it allow a higher version windows in the domain.

Thanks

I have not installed 2008 as a DC in an SBS domain, however an R2 version is a newer version than a NON-R2 version of SBS yet you can run an R2 DC in a non-R2 SBS domain.  

You should understand, SBS is Windows Server 2003 with a few restrictions - again, YES, SBS MUST be the FSMO master, but you SHOULD NOT have any problem adding other DCs regardless.  

The simple answer is - run a backup (just to be safe - you should always run a backup before any major change to the network), then join the 2008 system to the domain, run the PREP commands, promote the DC.

You cannot have multiple Domain Controllers in a SBS 2003 environment, regardless of V1 or R2.  If you premote the server to a DC you will in fact shutdown your SBS on an hourly basis if it detects another DC.  You cannot add child or sub-domains to the SBS environment, nor add it to an exisiting domain environement.  The SBS must remain as the root server for your internal domain, that's it.  Stinks...but there is absolute value to SBS for startup, one office businesses with the need for a server.

In short the SBS the only DC allowed in the domain.  I know your concern is the login server for your NY office, unfortunately, you will need to direct your NY users primary DNS to the VA server in order to process their logins via AD.  This will be slow...especially if you process any login scripts (but it can be done so they map a local drive to the NY DC server shares for local office file storage).

You can migrate your environment to a standard AD forrest. But there is obvious cost involved (especially with Exchange).  But Micro$oft does provide a credit for the SBS licences purchased in thier "Transistion Pack" plan.  You can pay the cost differnece on what you have already paid into your SBS environment towards the purcase of the standard CALs for Server, Exchange and SharePoint.  
http://www.microsoft.com/WindowsServer2003/sbs/techinfo/overview/licensingfaq.mspx#EABAA

I just want to ward you again to NOT DCPROMO the server in the NY office.  You need to think on the best way to procede as a company.  Keeping in mind that if the company is growing to multiple offices, the company has essentually outgrown the limitations of SBS :(

Hope this helps,
Ryan

You should be able to add the 2008 server as a member server witout changing the Schema.  Member Server being the operative words here.  I am a little unclear what you mean with the "Primary Server" in NY.  Do you want to create a new domain?  If so again, this will be very difficult if not impossiable to incorproate into the SBS AD environment, since another limitation of SBS is that you CANNOT create transistive trusts between domains and allow NYCOMPANYDOMAIN.local be TRUSED by VAOfficeSBSDomain.local.

If time is of the absolute essence to get NY online, make NY but with a possiable performance hit, in the NYC office:
DHCP server should have VAServer as PRIMARY DNS SERVER
You may need to add the NY Office IP Subnet into AD Sites and Services

This way users get to the login, their machine will authenticate, preform Group Policy, login scripts against the VAServer and trust client communications through Keberos...all again having to go across the VPN, but better than nothing.

OR

Leave the NY Office as a workgroup for a bit and deploy the 2008 server in VA as a Terminal Server:

If there are a small number of uses you may have your NY users work in a Terminal Server/RDP session.  You can deploy a member server in the VA office and purchase the licenses to put it into application mode.  If you have never worked with licensing on TS, my biggest caveat is that you must own a license of M$ Office for each available TS seat license installed on the server...there is more to it than that, but it may be the way to go for a short time until you get the VA Office on standard server, Exchange and SharePoint (if appicable).  

You can still have users login to their PCs in NYC and launch RDP client and go to the Terminal Server (either by the site to site VPN or through port 3389 on your VA Firewall...

I may be complicating things a bit by giving you this other option, but this is a solution that I have implimated at one of my clients here in PA with SBS and a remote office.

Ryan

OK, so do we have any open questions here?  Let me know if I can be of any other assitance.  
SBS server is a great value considering what is included with each CAL, if you can try to make it work for your ORG great, if your business model changes, well so does your need to go to "full blown" M$ backoffice products.

Here is some reading I found from my Microsoft Partner Pages
http://www.microsoft.com/windowsserver2003/sbs/evaluation/topmyths.mspx
let me know if this link does not work:
http://technet.microsoft.com/en-us/library/cc672103.aspx

Ryan

That's great.  If the Technet says its a go...go with their suggestion.  Since this is news to me, I will step a back here.  I will however make one recommendation (besides backups of EVERYTHING before any major changes to your environment).  Open a ticket proactively with Microsoft if you plan to do this yourself.   Usually the $ is 450-700 dollars, but will remain open and they will address any issues with the migration.  Everything may go great following information on the internet, but then the other side may have you regretting not doing so later.

Sorry if I created any confusion. I was working with information on how I understood it before.

Ryan

Since i have never done it nor have aver supported it I have reservations on putting my stamp of approval on this.  I would LOVE seeing this as a KB article or whitepaper and not just a technet blog.

I think it is OK to move forward with this but again, you may be best served opening a ticket with Microsoft to assist you though the process.  If you state your goals clearly, then you will have them by your side until the goal is reached.

OK sounds good.  And since we are registered members with Microsoft we get 24x7 business critical phone support.  Thanks again for all your help.

You cannot have multiple Domain Controllers in a SBS 2003 environment, regardless of V1 or R2.  If you premote the server to a DC you will in fact shutdown your SBS on an hourly basis if it detects another DC.  
assuresol is 100% WRONG with the above statement.  The restriction is that the server MUST be the FSMO master DC.  You can have as many DCs as you like but you CANNOT transfer the FSMO roles.  If you do, THAT is when the server starts rebooting itself.  If you won't take my word on this (I am in the top 10 SBS experts on this site), then review the links to Microsoft Documents on my SBS web page: www.lwcomputing.com/tips/static/sbs.asp

You cannot add child or sub-domains to the SBS environment, nor add it to an exisiting domain environement.  The SBS must remain as the root server for your internal domain, that's it.  
This is correct.  

I have not reviewed most of the comments recently made and don't have time to now.  I will try to review them later this afternoon.  However, before accepting an answer, I urge you wait so that I and/or others can verify the validity of the statements made by assuresol in relation to SBS.  assuresol may well be a knowledgeable person about Server 2003 and Windows in general, but it is clear he is not an SBS expert - I wasn't either until I started working with it and learned about it, in part, through this site.

(And yes, I ABSOLUTELY have a second DC on an SBS domain with NO PROBLEMS - The SBS server is in Long Island, NY and the other DC is in sourthern NJ)