SBS 2011 Server -- add Windows 2008 R2 server to network

Posted on 2013-06-04
Last Modified: 2013-06-25
We just bought a Windows 2008 R2 server for specific purposes that would never require user interaction. But now we may need to fold it into our domain, if possible.

The issue is that the domain is being driven by an SBS 2011 server.

Can we migrate AD to this Windows 2008 R2 server, bringing all usernames and passwords, and keep it sync'ed with the SBS 2011 server? I.e., can we run SBS 2011 as a PDC and the Windows 2008 R2 box as a BDC?

The PDC is stored in one location, and the BDC is stored in another location. We have a Cisco S2S tunnel connecting the two.
Question by:d4nnyo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39219723
The terms PDC and BDC date back to NT4 and don't apply to Active Directory domains. With that clarification in mind, yes there can be multiple domain controllers in a domain containing an SBS server. The licensing restrictions to SBS apply. No cross domain trusts. No child domains. All FSMO roles stay on SBS.
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39219731
In Active Directory there are no PDCs or BDCs.

You don't need to have the new 2008 R2 server be a Domain Controller.  It CAN be.  But it doesn't have to.

A lot of people don't understand what the restriction with SBS is - put simply, you cannot have two SBS servers in the network - but you can definitely have two servers.  SBS must be the FSMO Master DC and you cannot move the FSMO roles off it.  This is why you can't have to SBS servers - both would require holding the roles and only one could.  Other than that, you can have as many other servers and domain controllers as you want.

Author Comment

ID: 39220439
OK, great, thanks. Last (related) question:

Can the 2008 R2 box run as an AD backup? If the SBS 2011 server goes away, can we recover AD and transfer roles to the 2008 R2 box?
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

LVL 58

Accepted Solution

Cliff Galiher earned 250 total points
ID: 39220717
No. Because AD is a art of system state, you cannot recover onto a different platform. If the server is another DC, it can act as a fault tolerance scenario. Bt if you didn't make it a DC before the SBS server died, you'd have to restore the whole SBS environment, not just AD.
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39220724
As I said,  It CAN be.  But it doesn't have to.  If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.

Author Comment

ID: 39220991
It sounds like you guys are advising against running the 2008 R2 server as a DC.

But what if I need to transfer -- and then synchronize -- the SBS 2011 logins and passwords to this 2008 R2 box? So whenever I add a user to SBS, it copies that login info to the 2008 R2. Seems like this should be feasible without too much risk.

And if the SBS 2011 box went away, it then seems reasonable to assume that those logins and passwords would remain on the 2008 R2 server.

It's unclear to me whether you guys think this is either not possible, or it is possible, but ill-advised.
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 39221129
I'm not sure how to rephrase my second comment -

If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.

Adding a second DC would mean the data is replicated.  And it should work fine.  BUT if you ever did a restore and didn't know exactly what you were doing, you could destroy your active directory.

If your intent is to migrate away from SBS, that's fine - you'll be removing the SBS box so the time with both and thus the time where you might be concerned would be minimal.

I used to recommend this often.  And given the option *I* will always add a second server as a DC to an SBS domain.  But I've been working with AD for more than 13 years and know it well enough to know how to restore a DC in a multi-DC environment - therefore the risk is minimal for ME and benefit is much greater.  If you don't know it well (and it seems you don't from what I'm understanding in your comments), then in my expert, professional opinion, you should not.  OR, you should spend a few weeks AT LEAST in a lab environment and in reading and getting to understand Active Directory, how it works, and how you should deal with backups and restores.  (I can't explain it all in one comment or even a few - there are BOOKS on this stuff).

Or hire a consultant.

I'm sorry if I'm being too blunt or misinterpreting your skill level - my intent is not to insult you - just to encourage you to do things in a manner that will be most beneficial and reliable for your organization utilizing the skills and resources you have that are apparent to me.

Why do you want a second DC anyway?  Is it JUST for redundancy?  Are you not performing nightly backups?  Are you concerned about something in particular (maybe that should be a second question and there may be solutions your not considering).

Author Comment

ID: 39227582
Thanks, this is clear. I'm not offended at all. It's a given that this is a rudimentary AD question, so your response is entirely appropriate.

The primary goal is to not have to create users, password resets, etc. twice, so we can work with maximum efficiency and organization.

Secondarily, it would be nice to have a backup DC to recover from if necessary.

We have multiple layers of backup. I'm not concerned about that.

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question