Solved

SBS 2011 Server -- add Windows 2008 R2 server to network

Posted on 2013-06-04
8
481 Views
Last Modified: 2013-06-25
We just bought a Windows 2008 R2 server for specific purposes that would never require user interaction. But now we may need to fold it into our domain, if possible.

The issue is that the domain is being driven by an SBS 2011 server.

Can we migrate AD to this Windows 2008 R2 server, bringing all usernames and passwords, and keep it sync'ed with the SBS 2011 server? I.e., can we run SBS 2011 as a PDC and the Windows 2008 R2 box as a BDC?

The PDC is stored in one location, and the BDC is stored in another location. We have a Cisco S2S tunnel connecting the two.
0
Comment
Question by:d4nnyo
  • 3
  • 3
  • 2
8 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
The terms PDC and BDC date back to NT4 and don't apply to Active Directory domains. With that clarification in mind, yes there can be multiple domain controllers in a domain containing an SBS server. The licensing restrictions to SBS apply. No cross domain trusts. No child domains. All FSMO roles stay on SBS.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
In Active Directory there are no PDCs or BDCs.

You don't need to have the new 2008 R2 server be a Domain Controller.  It CAN be.  But it doesn't have to.

A lot of people don't understand what the restriction with SBS is - put simply, you cannot have two SBS servers in the network - but you can definitely have two servers.  SBS must be the FSMO Master DC and you cannot move the FSMO roles off it.  This is why you can't have to SBS servers - both would require holding the roles and only one could.  Other than that, you can have as many other servers and domain controllers as you want.
0
 
LVL 1

Author Comment

by:d4nnyo
Comment Utility
OK, great, thanks. Last (related) question:

Can the 2008 R2 box run as an AD backup? If the SBS 2011 server goes away, can we recover AD and transfer roles to the 2008 R2 box?
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
Comment Utility
No. Because AD is a art of system state, you cannot recover onto a different platform. If the server is another DC, it can act as a fault tolerance scenario. Bt if you didn't make it a DC before the SBS server died, you'd have to restore the whole SBS environment, not just AD.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
As I said,  It CAN be.  But it doesn't have to.  If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.
0
 
LVL 1

Author Comment

by:d4nnyo
Comment Utility
It sounds like you guys are advising against running the 2008 R2 server as a DC.

But what if I need to transfer -- and then synchronize -- the SBS 2011 logins and passwords to this 2008 R2 box? So whenever I add a user to SBS, it copies that login info to the 2008 R2. Seems like this should be feasible without too much risk.

And if the SBS 2011 box went away, it then seems reasonable to assume that those logins and passwords would remain on the 2008 R2 server.

It's unclear to me whether you guys think this is either not possible, or it is possible, but ill-advised.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
Comment Utility
I'm not sure how to rephrase my second comment -

If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.

Adding a second DC would mean the data is replicated.  And it should work fine.  BUT if you ever did a restore and didn't know exactly what you were doing, you could destroy your active directory.

If your intent is to migrate away from SBS, that's fine - you'll be removing the SBS box so the time with both and thus the time where you might be concerned would be minimal.

I used to recommend this often.  And given the option *I* will always add a second server as a DC to an SBS domain.  But I've been working with AD for more than 13 years and know it well enough to know how to restore a DC in a multi-DC environment - therefore the risk is minimal for ME and benefit is much greater.  If you don't know it well (and it seems you don't from what I'm understanding in your comments), then in my expert, professional opinion, you should not.  OR, you should spend a few weeks AT LEAST in a lab environment and in reading and getting to understand Active Directory, how it works, and how you should deal with backups and restores.  (I can't explain it all in one comment or even a few - there are BOOKS on this stuff).

Or hire a consultant.

I'm sorry if I'm being too blunt or misinterpreting your skill level - my intent is not to insult you - just to encourage you to do things in a manner that will be most beneficial and reliable for your organization utilizing the skills and resources you have that are apparent to me.

Why do you want a second DC anyway?  Is it JUST for redundancy?  Are you not performing nightly backups?  Are you concerned about something in particular (maybe that should be a second question and there may be solutions your not considering).
0
 
LVL 1

Author Comment

by:d4nnyo
Comment Utility
Thanks, this is clear. I'm not offended at all. It's a given that this is a rudimentary AD question, so your response is entirely appropriate.

The primary goal is to not have to create users, password resets, etc. twice, so we can work with maximum efficiency and organization.

Secondarily, it would be nice to have a backup DC to recover from if necessary.

We have multiple layers of backup. I'm not concerned about that.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now