Solved

SBS 2011 Migration - Network Administrator Role no longer exists

Posted on 2013-02-04
5
1,085 Views
Last Modified: 2013-02-09
I've run into an issue during a SBS 2003 to SBS 2011 migration.

Following the MS guide and dematzer excellent SBS 2003 to SBS 2011 guide - something appears to have gone wrong.

The move users and groups step - calls for the following to be run;

"Migrate security groups and distribution lists
To manage these groups, you must assign the Created value to the msSBSCreationState attribute for each group—either automatically by using the Windows SBS 2011 Standard Active Directory Group Converter tool, or manually through the Active Directory Security Interface (ADSI).

To automatically assign attribute values to a migrated group
•Under c:\Program Files\Windows Small Business Server\bin, double-click GroupConverter.exe to launch the Active Directory Group Converter, which helps you convert groups in the MyBusiness organizational unit to groups that are compatible with Windows SBS 2011 Standard."

I've duly run the GroupConverter.exe tool which appeared to run o.k.

However, when I go to Users in the SBS console for the next step - I've discovered that the Network Administrator Role no longer exists, and the 'administrator' user account which was created with the 'Network Administrator Role' states this User Role no longer exists.

I've no idea why the groupconverter tool appears to have wiped out the Network Admin Role.

I do have a system state (full) backup of the server from 6 p.m. this evening - however, if I restore the system state will this cause the migration to fail at this point?

Is there another way to restore the 'Network Administrator Role'?
0
Comment
Question by:foxpc123
  • 5
5 Comments
 
LVL 3

Author Comment

by:foxpc123
ID: 38853298
Just to add some further detail, I discovered the user issue at the point where the users migrated over from the SBS 2003 to SBS 2011 - all of the users have now migrated across o.k.

It was when I was going through the list of existing users, that I discovered that the network administrator role had gone.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 38853306
I've managed to recover this somewhat now - reading this article from petri;

http://www.petri.co.il/recovering-deleted-items-active-directory.htm

I've run adrestore and have been able to reintroduce the network administrator credentials (if that's the right word) and can now see that the admin account that was created is now showing as a network administrator account.

The only thing I can't see if the network administrator role, so if I go to create a new network administrator role - there is essentially no template.

I'm still none the wiser how this occurred though in the first place.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 38854475
Just some further detail, it would appear that the security groups of the source server for things like accounts - say other security groups which have been added by the admin on the sbs 2003 are all blank i.e they have no members.

They also do not appear in the security groups in the SBS 2011 console.

If I look them up within the AD and browse through Security groups they are present.

As these are groups for controlling access to various directories etc., I'm tempted to just set up new groups for the purposes of access etc and then delete the old security groups from AD once I'm happy that everything is working o.k.
0
 
LVL 3

Accepted Solution

by:
foxpc123 earned 0 total points
ID: 38871106
Looking through the various groups it would appear that the group converter tool had managed to move some of the groups to universal groups and others had not completed the conversion.

Have corrected everything which appeared incorrect and have also created another Network administrator account, compared this with another SBS and all looks o.k.

I'll close this issue down as the adrestore tool appeared to resolve the issue of the missing network admin role.

I'll be using the manual method for this in future and not the tool!
0
 
LVL 3

Author Closing Comment

by:foxpc123
ID: 38871110
ADRestore tool resolved this issue which was identified from a link in petri.co.il

http://www.petri.co.il/recovering-deleted-items-active-directory.htm
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now