• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 843
  • Last Modified:

Migrate from Windows SBS 2003 to Windows Server 2008

We are going to migrate from SBS 2003 to Windows 2008 Server. In out domain today the SBS 2003 is domain server and then we have a Windows server 2003 as the dc number two. We are also planning to migrate Exchange in the SBS Server to Exhange 2007.We are expanding and the number of users will be round 100 in the near future. What is the best way to migrate to Windows 2008 Server?  Is it possible to use the second dc, the 2003 Server, and set up a new domain with the same domain name, join the new 2008 Server to it and let the new server become the new pdc?  If this is possible, then continue with taking down the SBS 2003 and put in the new 2008 Server in the old domain. Is this possible or not?
1 Solution
Fridolin MansmannMaster of Business Engineering ManagementCommented:
From my experience I would completely set up the new domain and server from the scratch.
Use another domainname, connect the old shares and move the data.
Create the shares with exactly the same names.
You could rename the new domain (after all essential data has been copied) to the old name.
Remove the old DC from the network and rename the server to the old name. Also use the old IP, if possible.
This procedure would save you from fixing broken links or shortcuts on the client workstations/notebooks later. But you have to re-join all clients to the new domain manually.

Unfortunately SBS can not be trusted to another (new) domain for migration...

There are some MS migration utilites available, check out also MS documentation (e.g. Technet etc.)


Have you purchased your licenses for the new software yet? If you haven't, I'd strongly recommend you consider moving to EBS. It is a managed environment, like SBS, but has support for more users as roles are spread across 3 servers. It would be ideal for a network of 100 users.

If you have purchased your licenses, the procedure you are looking to follow is at the end of this message. It's very simple, and will enable you to keep the current domain environment, but simply upgrade it in order to remove the SBS Server. I would not agree with the previous poster in that setting up a new domain from scratch is easier in many cases; it is in some, but not all. The only added complexity in migrating off an SBS is you need to be careful when roles are transferred and only transfer some just before the SBS is about to be demoted from the network.



Install Windows Server 2008 onto the new server which is intended to be promoted as a Domain Controller. Ensure the new server is assigned a routable static IP address on your IP subnet. Ensure the IP address is not included in any of your existing DHCP scopes. The only DNS server entry at this stage should be the IP address of the existing domain controller on your network.

After installation, join the new machine to the existing domain as a member server. This procedure is exactly the same as joining a workstation to the domain.

Since you are upgrading the Operating System on the new Domain Controller, you will need to add some values to the existing Active Directory schema, in order for the new server to become a Domain Controller. Windows Server 2008 supports more functionality than before, so a schema upgrade for the domain and forest is required to facilitate this and make this new feature set fully functional on the domain. To make the necessary changes, you must be logged on as the built-in Administrator user account, or a user with Domain, Schema and Enterprise Admin privileges.

Insert the Windows Server 2008 media into your current SBS server . Open a command prompt and browse to sources\adprep folder within the Windows Server 2008 DVD media. Execute the command adprep /forestprep.

Next, execute adprep /domainprep . You must be logged on as a Domain Admin user for these steps to work correctly. Once these commands have run your Active Directory schema will have been extended to support Windows Server 2008 as a Domain Controller.

The next step is to promote the new server as a Domain Controller for the domain. Enter dcpromo at a command prompt and follow the wizard. When prompted, select the option for an additional domain controller in an existing domain. After the wizard completes, the new server will be acting as a Domain Controller for your domain. It is necessary at this point to restart the server for these changes to be applied.

In a single-domain Active Directory forest, all servers should also be Global Catalog servers. The Global Catalog is a required component of Active Directory which is used during logins to establish universal group membership for a user account. To promote the new server as a Global Catalog, open Active Directory Sites and Services from the Administrative Tools container within Control Panel or on the Start Menu. Double-click Sites, then Servers, followed by the name of the new server. Next, right-click "NTDS Settings" and select Properties. On the General tab, check the Global Catalog checkbox. Restart the new Domain Controller for changes to take effect.

DNS is a critical component of your Active Directory network. The easiest way to install the DNS role onto the new server is to follow the instructions outlined at http://technet2.microsoft.com/WindowsServer2008/en/library/3cf4d1b1-7a6e-4438-bf4f-22d9468c17321033.mspx You should be already using Active Directory-integrated DNS zones, which is the easiest method of allowing DNS replication to occur - DNS information is stored in Active Directory and replicates with Domain Controller replication traffic. To check if your DNS zones are AD-integrated (and convert them if not), please follow http://support.microsoft.com/kb/227844.

You probably want to enable DNS forwarding in the DNS console on the server, too. This forwards lookups for external domains to a DNS server at your ISP, which allows the server to effectively resolve DNS for external domains. More information on forwarders can be found at http://technet2.microsoft.com/WindowsServer/en/Library/ee992253-235e-4fd4-b4da-7e57e70ad3821033.mspx.

To move DHCP to the new server, you will need to first install the role. To install the role in Windows Server 2008, check the DHCP Server role option within the Add Roles wizard in the Server Manager. To correctly configure DHCP after the role is installed on your new server, you will need to ensure you configure it to distribute IP addresses which are in a different range to the IP scope defined on the other DHCP server. You should also ensure the correct DNS and WINS servers are entered into the scope options. Remember that the only DNS servers which should be configured on workstations are the Domain Controllers which are also acting as DNS servers - no ISP DNS server should ever be set through DHCP.

Once all of these steps have been completed, you should have successfully transferred all of the Active Directory roles to the new domain controller. At this stage, I would suggest you shut down the old domain controller and check to ensure all services on workstations and servers are working correctly - including logins. If they are, you have transferred Active Directory correctly.

The next step is to run the upgrade and transition to Exchange Server 2007 BEFORE you dcpromo the SBS. To do the transition, you should follow this excellent set of 3 articles specifically detailing an Exchange 2003 to 2007 migration. The first article is at http://www.msexchange.org/tutorials/Transitioning-Exchange-2000-2003-Exchange-Server-2007-Part1.html. In the 3rd article in the series, you will follow a procedure to decommission the 2003 Exchange installation on the SBS - this MUST be done before you dcpromo the SBS, even if Exchange holds none of the mailboxes or roles.

If everything now works with the SBS 2003 shut down, you should be safe to switch the old DC back on and transfer the FSMO roles. Once you do this, the SBS will be rendered next to useless, and must be taken off the network.To transfer the FSMO roles to the new domain controller, follow the information detailed in the following Microsoft Support article: http://support.microsoft.com/kb/324801. Please ensure any other information you follow is information regarding the TRANSFER of FSMO roles. Seizing FSMO roles is an emergency operation which should not be performed during this procedure. run dcpromo and demote it from its Domain Controller role.

You can then go ahead and dcpromo the SBS server out of the domain. This will remove the SBS as a Domain Controller, leaving it as a member server on the network. It will now need to be disconnected and formatted before being reintroduced.
SommelierRHSAuthor Commented:
So if I understand you correctly the best way to do it is to:
1. Set up a new domain with a new domain name, with the Windows Server 2008 alone as the dc
2. Connect the old shares and move data
3. Create the shares with exactly the same names
4. Use a migration tool to migrate the stuff in the old AD to the new AD
5. Remove the SBS 2003
6. Rename the new domain name to the old one
7. Rename the new server to the old server name
8. Set the ip on the new server to the old servers ip
9. Move all member servers to the new domain without fixing anything (just joining the domain)
10. Move all clients to the new domain without fixing anything (just joining the domain).

All steps are clear but number 3. Or is it simply a part of number 2, connecting and moving data?
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.


>> Set up a new domain with a new domain name, with the Windows Server 2008 alone as the dc

Nope. If you follow my procedure, the easiest way is to install the Server 2008 as a DC in your current domain, which will allow everything to easily migrate across.

I'd suggest you go for this option; it will be easier and much less confusion for you in the long run. See my post above (http:#a24138063) for the full process.

SommelierRHSAuthor Commented:
Great, thank you tigermatt, I will go for your solution.

You mention the following -

You probably want to enable DNS forwarding in the DNS console on the server, too. This forwards lookups for external domains to a DNS server at your ISP, which allows the server to effectively resolve DNS for external domains. More information on forwarders can be found at http://technet2.microsoft.com/WindowsServer/en/Library/ee992253-235e-4fd4-b4da-7e57e70ad3821033.mspx.

Dont you think that forwarders generate extra traffic since every query will then be forwarded to your ISPs DNS Server and their cache would be used. Aren't Root hints suffice. Please comment.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now