Solved

SBS 2011 Server -- add Windows 2008 R2 server to network

Posted on 2013-06-04
8
495 Views
Last Modified: 2013-06-25
We just bought a Windows 2008 R2 server for specific purposes that would never require user interaction. But now we may need to fold it into our domain, if possible.

The issue is that the domain is being driven by an SBS 2011 server.

Can we migrate AD to this Windows 2008 R2 server, bringing all usernames and passwords, and keep it sync'ed with the SBS 2011 server? I.e., can we run SBS 2011 as a PDC and the Windows 2008 R2 box as a BDC?

The PDC is stored in one location, and the BDC is stored in another location. We have a Cisco S2S tunnel connecting the two.
0
Comment
Question by:d4nnyo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39219723
The terms PDC and BDC date back to NT4 and don't apply to Active Directory domains. With that clarification in mind, yes there can be multiple domain controllers in a domain containing an SBS server. The licensing restrictions to SBS apply. No cross domain trusts. No child domains. All FSMO roles stay on SBS.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39219731
In Active Directory there are no PDCs or BDCs.

You don't need to have the new 2008 R2 server be a Domain Controller.  It CAN be.  But it doesn't have to.

A lot of people don't understand what the restriction with SBS is - put simply, you cannot have two SBS servers in the network - but you can definitely have two servers.  SBS must be the FSMO Master DC and you cannot move the FSMO roles off it.  This is why you can't have to SBS servers - both would require holding the roles and only one could.  Other than that, you can have as many other servers and domain controllers as you want.
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39220439
OK, great, thanks. Last (related) question:

Can the 2008 R2 box run as an AD backup? If the SBS 2011 server goes away, can we recover AD and transfer roles to the 2008 R2 box?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39220717
No. Because AD is a art of system state, you cannot recover onto a different platform. If the server is another DC, it can act as a fault tolerance scenario. Bt if you didn't make it a DC before the SBS server died, you'd have to restore the whole SBS environment, not just AD.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39220724
As I said,  It CAN be.  But it doesn't have to.  If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39220991
It sounds like you guys are advising against running the 2008 R2 server as a DC.

But what if I need to transfer -- and then synchronize -- the SBS 2011 logins and passwords to this 2008 R2 box? So whenever I add a user to SBS, it copies that login info to the 2008 R2. Seems like this should be feasible without too much risk.

And if the SBS 2011 box went away, it then seems reasonable to assume that those logins and passwords would remain on the 2008 R2 server.

It's unclear to me whether you guys think this is either not possible, or it is possible, but ill-advised.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 39221129
I'm not sure how to rephrase my second comment -

If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.

Adding a second DC would mean the data is replicated.  And it should work fine.  BUT if you ever did a restore and didn't know exactly what you were doing, you could destroy your active directory.

If your intent is to migrate away from SBS, that's fine - you'll be removing the SBS box so the time with both and thus the time where you might be concerned would be minimal.

I used to recommend this often.  And given the option *I* will always add a second server as a DC to an SBS domain.  But I've been working with AD for more than 13 years and know it well enough to know how to restore a DC in a multi-DC environment - therefore the risk is minimal for ME and benefit is much greater.  If you don't know it well (and it seems you don't from what I'm understanding in your comments), then in my expert, professional opinion, you should not.  OR, you should spend a few weeks AT LEAST in a lab environment and in reading and getting to understand Active Directory, how it works, and how you should deal with backups and restores.  (I can't explain it all in one comment or even a few - there are BOOKS on this stuff).

Or hire a consultant.

I'm sorry if I'm being too blunt or misinterpreting your skill level - my intent is not to insult you - just to encourage you to do things in a manner that will be most beneficial and reliable for your organization utilizing the skills and resources you have that are apparent to me.

Why do you want a second DC anyway?  Is it JUST for redundancy?  Are you not performing nightly backups?  Are you concerned about something in particular (maybe that should be a second question and there may be solutions your not considering).
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39227582
Thanks, this is clear. I'm not offended at all. It's a given that this is a rudimentary AD question, so your response is entirely appropriate.

The primary goal is to not have to create users, password resets, etc. twice, so we can work with maximum efficiency and organization.

Secondarily, it would be nice to have a backup DC to recover from if necessary.

We have multiple layers of backup. I'm not concerned about that.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question