Solved

SBS 2011 Migration - Network Administrator Role no longer exists

Posted on 2013-02-04
5
1,108 Views
Last Modified: 2013-02-09
I've run into an issue during a SBS 2003 to SBS 2011 migration.

Following the MS guide and dematzer excellent SBS 2003 to SBS 2011 guide - something appears to have gone wrong.

The move users and groups step - calls for the following to be run;

"Migrate security groups and distribution lists
To manage these groups, you must assign the Created value to the msSBSCreationState attribute for each group—either automatically by using the Windows SBS 2011 Standard Active Directory Group Converter tool, or manually through the Active Directory Security Interface (ADSI).

To automatically assign attribute values to a migrated group
•Under c:\Program Files\Windows Small Business Server\bin, double-click GroupConverter.exe to launch the Active Directory Group Converter, which helps you convert groups in the MyBusiness organizational unit to groups that are compatible with Windows SBS 2011 Standard."

I've duly run the GroupConverter.exe tool which appeared to run o.k.

However, when I go to Users in the SBS console for the next step - I've discovered that the Network Administrator Role no longer exists, and the 'administrator' user account which was created with the 'Network Administrator Role' states this User Role no longer exists.

I've no idea why the groupconverter tool appears to have wiped out the Network Admin Role.

I do have a system state (full) backup of the server from 6 p.m. this evening - however, if I restore the system state will this cause the migration to fail at this point?

Is there another way to restore the 'Network Administrator Role'?
0
Comment
Question by:foxpc123
  • 5
5 Comments
 
LVL 3

Author Comment

by:foxpc123
ID: 38853298
Just to add some further detail, I discovered the user issue at the point where the users migrated over from the SBS 2003 to SBS 2011 - all of the users have now migrated across o.k.

It was when I was going through the list of existing users, that I discovered that the network administrator role had gone.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 38853306
I've managed to recover this somewhat now - reading this article from petri;

http://www.petri.co.il/recovering-deleted-items-active-directory.htm

I've run adrestore and have been able to reintroduce the network administrator credentials (if that's the right word) and can now see that the admin account that was created is now showing as a network administrator account.

The only thing I can't see if the network administrator role, so if I go to create a new network administrator role - there is essentially no template.

I'm still none the wiser how this occurred though in the first place.
0
 
LVL 3

Author Comment

by:foxpc123
ID: 38854475
Just some further detail, it would appear that the security groups of the source server for things like accounts - say other security groups which have been added by the admin on the sbs 2003 are all blank i.e they have no members.

They also do not appear in the security groups in the SBS 2011 console.

If I look them up within the AD and browse through Security groups they are present.

As these are groups for controlling access to various directories etc., I'm tempted to just set up new groups for the purposes of access etc and then delete the old security groups from AD once I'm happy that everything is working o.k.
0
 
LVL 3

Accepted Solution

by:
foxpc123 earned 0 total points
ID: 38871106
Looking through the various groups it would appear that the group converter tool had managed to move some of the groups to universal groups and others had not completed the conversion.

Have corrected everything which appeared incorrect and have also created another Network administrator account, compared this with another SBS and all looks o.k.

I'll close this issue down as the adrestore tool appeared to resolve the issue of the missing network admin role.

I'll be using the manual method for this in future and not the tool!
0
 
LVL 3

Author Closing Comment

by:foxpc123
ID: 38871110
ADRestore tool resolved this issue which was identified from a link in petri.co.il

http://www.petri.co.il/recovering-deleted-items-active-directory.htm
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server is "down" 10 71
SBS2011 - CSR Certificate 4 73
Exchange 2010 account @iphone is getting emails even after password change 8 53
SBS 2007 remove AD ? 10 61
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question