Moving an existing SBS2003 domain system to a new WIndows 2003 system - same domain


I've picked this job up half way through, so bear with me whilst I get things straightened out.

The original system was a single box running SBS2003 - it was the only server, did everything, and was on a standard PC machine, which caused it to fall over alot. Lets call this machine server-001

There are now two new machines, both running windows 2003 - server-002 and server-003

What we want to end up with is the ability to wipe server-001.

Done so far:

Copied the active directory from server-001 to server-002
Server-002 also has a copy of DNS from the AD system
Installed exchange to server-003 and move everything from server-001 to server-003


1. Exchange problem #1

Even though all the exchange roles have been moved, including OAB, and replication was showing "In Sync", outlook is still using an old copy of the OAB - the changes took place 3 weeks ago, and still the changes made since the change do not show; I've looked on both new & old server, and both say that the new server is in charge of OAB, and previewing it shows all the new changes, and multiple rebuilds have had no effect.

I have created a new outlook profile on a seperate domain login, and that also downloads the aged OAB; I've checked and all versions of the OAB are seemingly up to date, and have upped logging to maximum, and the rebuilds dont show any errors.

2. Exchange problem #2

Is exchange built into SBS2003? The last part of the "removing the first exchange server" is removing exchange itself, but I've not been able to do this - I should point out I've never touched SBS2003 before (I was taught to hate SBS, and thus never installed/used/removed it).

3. Authentication

When server-001 goes offline, even though AD has been copied to server-002, which has routing & remote access on it, no-one can log in, for instance via VPN, but as soon as server-001 is back, you can log in - what gives?  I have not yet transferred the FSMO roles, but my understanding is that authentication should still take place, no?

In general - am I going about this all wrong?  I've read loads about moving from Win2003 to Win2003, and am working on the assumption that this is along the same principle.

The thing is, I've done quite a few of these role-moving jobs, and it's always gone pretty smoothly.

Looking forward to a little help

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You say: When server-001 goes offline, even though AD has been copied to server-002, which has routing & remote access on it, no-one can log in, for instance via VPN, but as soon as server-001 is back, you can log in...

Is this a problem which affects VPN and local machines on the LAN, or simply VPN?

If only VPN it could be related to port forwarding attempting to forward the VPN user to the old server's IP address. Have a look in your router's port forwarding settings.

shandscombAuthor Commented:

I do not know if it is affecting LAN users - im helping from many (many!) miles away; I can tell you, however, that the router is definately pointing to the new server, and the new server answers the call, but rejects the authentication; I can see this as my desktop is linux and I see failure notice come from the "correct" server. As soon as server-001 (old) is back, it logs in fine.

Further, routing & remote access isnt installed on the old server.

Sorry, this isn't the issue.


It sounds like it could be because you haven't yet transferred FSMO roles to the new server, and could be an authentication issue, although I'm not sure when it comes to FSMO roles!

From what I understand, and what you've said, everything seems to be pointing towards that as I'm presuming, from your message, that is the only thing which the old server is running now.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.


Top 10 Gotchas
The domain can have only one machine running Windows SBS
Windows SBS 2003 Setup places the machine running Windows SBS at the root of an Active Directory forest. The end result is that there can be one and only one server running Windows SBS in a Windows SBS domain.

Many Enterprise IT Pros have stumbled right here, thinking that Windows SBS is like Windows Server, Standard or Enterprise Editions, on this point. They assume that they can install Windows SBS 2003 on a server and then drop that server on to an existing Windows Server domain as another replica domain controller on the network with no issue. But they can't! The server running Windows SBS always sits at the root of the domain. This obviously means that you can have only one server running Windows SBS on a network.

There can be only one machine running Windows SBS in a domain! Also, the Windows SBS computer must be the root of the forest so you can’t add another Windows Server machine to a Windows SBS network as the primary domain controller. (You can add extra machines running Windows Server to a Windows SBS domain as replica domain controllers, line-of-business (LOB) application servers, or servers that have Windows Server 2003 Terminal Server enabled.)

Also SBS MUST hold the FSMO roles, if you transfer the roles the SBS box will repeatedly shut down
shandscombAuthor Commented:
Hi ssnyds,

I only have the one SBS2003 on the network; I do however have two Windows 2003 servers on the network.

What i'm trying to do is replace and remove the SBS server completely.

What are my options here?

Funny you should mention it, the SBS box has started shutting down today, but I have *not* transfered the FSMO roles.

No, but it is also no longer at the root of the domain either, therefore it cannot find it's place in your domain, are the other servers DC's?
shandscombAuthor Commented:
Yes, there is a second DC now (see original post).

I'm currently reading this with interest:

shandscombAuthor Commented:
The aforementioned URL fixed most issues.

All that remains is the problem with the OAB.

500 points anyone????
shandscombAuthor Commented:
The OAB was a problem due to no Service Packs being applied to Exchange.
shandscombAuthor Commented:
Agreed with thanks.
PAQed with points refunded (500)

EE Admin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.