Solved

SBS 2011 Server -- add Windows 2008 R2 server to network

Posted on 2013-06-04
8
494 Views
Last Modified: 2013-06-25
We just bought a Windows 2008 R2 server for specific purposes that would never require user interaction. But now we may need to fold it into our domain, if possible.

The issue is that the domain is being driven by an SBS 2011 server.

Can we migrate AD to this Windows 2008 R2 server, bringing all usernames and passwords, and keep it sync'ed with the SBS 2011 server? I.e., can we run SBS 2011 as a PDC and the Windows 2008 R2 box as a BDC?

The PDC is stored in one location, and the BDC is stored in another location. We have a Cisco S2S tunnel connecting the two.
0
Comment
Question by:d4nnyo
  • 3
  • 3
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39219723
The terms PDC and BDC date back to NT4 and don't apply to Active Directory domains. With that clarification in mind, yes there can be multiple domain controllers in a domain containing an SBS server. The licensing restrictions to SBS apply. No cross domain trusts. No child domains. All FSMO roles stay on SBS.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39219731
In Active Directory there are no PDCs or BDCs.

You don't need to have the new 2008 R2 server be a Domain Controller.  It CAN be.  But it doesn't have to.

A lot of people don't understand what the restriction with SBS is - put simply, you cannot have two SBS servers in the network - but you can definitely have two servers.  SBS must be the FSMO Master DC and you cannot move the FSMO roles off it.  This is why you can't have to SBS servers - both would require holding the roles and only one could.  Other than that, you can have as many other servers and domain controllers as you want.
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39220439
OK, great, thanks. Last (related) question:

Can the 2008 R2 box run as an AD backup? If the SBS 2011 server goes away, can we recover AD and transfer roles to the 2008 R2 box?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 39220717
No. Because AD is a art of system state, you cannot recover onto a different platform. If the server is another DC, it can act as a fault tolerance scenario. Bt if you didn't make it a DC before the SBS server died, you'd have to restore the whole SBS environment, not just AD.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39220724
As I said,  It CAN be.  But it doesn't have to.  If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39220991
It sounds like you guys are advising against running the 2008 R2 server as a DC.

But what if I need to transfer -- and then synchronize -- the SBS 2011 logins and passwords to this 2008 R2 box? So whenever I add a user to SBS, it copies that login info to the 2008 R2. Seems like this should be feasible without too much risk.

And if the SBS 2011 box went away, it then seems reasonable to assume that those logins and passwords would remain on the 2008 R2 server.

It's unclear to me whether you guys think this is either not possible, or it is possible, but ill-advised.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 39221129
I'm not sure how to rephrase my second comment -

If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.

Adding a second DC would mean the data is replicated.  And it should work fine.  BUT if you ever did a restore and didn't know exactly what you were doing, you could destroy your active directory.

If your intent is to migrate away from SBS, that's fine - you'll be removing the SBS box so the time with both and thus the time where you might be concerned would be minimal.

I used to recommend this often.  And given the option *I* will always add a second server as a DC to an SBS domain.  But I've been working with AD for more than 13 years and know it well enough to know how to restore a DC in a multi-DC environment - therefore the risk is minimal for ME and benefit is much greater.  If you don't know it well (and it seems you don't from what I'm understanding in your comments), then in my expert, professional opinion, you should not.  OR, you should spend a few weeks AT LEAST in a lab environment and in reading and getting to understand Active Directory, how it works, and how you should deal with backups and restores.  (I can't explain it all in one comment or even a few - there are BOOKS on this stuff).

Or hire a consultant.

I'm sorry if I'm being too blunt or misinterpreting your skill level - my intent is not to insult you - just to encourage you to do things in a manner that will be most beneficial and reliable for your organization utilizing the skills and resources you have that are apparent to me.

Why do you want a second DC anyway?  Is it JUST for redundancy?  Are you not performing nightly backups?  Are you concerned about something in particular (maybe that should be a second question and there may be solutions your not considering).
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39227582
Thanks, this is clear. I'm not offended at all. It's a given that this is a rudimentary AD question, so your response is entirely appropriate.

The primary goal is to not have to create users, password resets, etc. twice, so we can work with maximum efficiency and organization.

Secondarily, it would be nice to have a backup DC to recover from if necessary.

We have multiple layers of backup. I'm not concerned about that.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question