?
Solved

SBS 2011 Server -- add Windows 2008 R2 server to network

Posted on 2013-06-04
8
Medium Priority
?
502 Views
Last Modified: 2013-06-25
We just bought a Windows 2008 R2 server for specific purposes that would never require user interaction. But now we may need to fold it into our domain, if possible.

The issue is that the domain is being driven by an SBS 2011 server.

Can we migrate AD to this Windows 2008 R2 server, bringing all usernames and passwords, and keep it sync'ed with the SBS 2011 server? I.e., can we run SBS 2011 as a PDC and the Windows 2008 R2 box as a BDC?

The PDC is stored in one location, and the BDC is stored in another location. We have a Cisco S2S tunnel connecting the two.
0
Comment
Question by:d4nnyo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 39219723
The terms PDC and BDC date back to NT4 and don't apply to Active Directory domains. With that clarification in mind, yes there can be multiple domain controllers in a domain containing an SBS server. The licensing restrictions to SBS apply. No cross domain trusts. No child domains. All FSMO roles stay on SBS.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39219731
In Active Directory there are no PDCs or BDCs.

You don't need to have the new 2008 R2 server be a Domain Controller.  It CAN be.  But it doesn't have to.

A lot of people don't understand what the restriction with SBS is - put simply, you cannot have two SBS servers in the network - but you can definitely have two servers.  SBS must be the FSMO Master DC and you cannot move the FSMO roles off it.  This is why you can't have to SBS servers - both would require holding the roles and only one could.  Other than that, you can have as many other servers and domain controllers as you want.
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39220439
OK, great, thanks. Last (related) question:

Can the 2008 R2 box run as an AD backup? If the SBS 2011 server goes away, can we recover AD and transfer roles to the 2008 R2 box?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1000 total points
ID: 39220717
No. Because AD is a art of system state, you cannot recover onto a different platform. If the server is another DC, it can act as a fault tolerance scenario. Bt if you didn't make it a DC before the SBS server died, you'd have to restore the whole SBS environment, not just AD.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39220724
As I said,  It CAN be.  But it doesn't have to.  If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39220991
It sounds like you guys are advising against running the 2008 R2 server as a DC.

But what if I need to transfer -- and then synchronize -- the SBS 2011 logins and passwords to this 2008 R2 box? So whenever I add a user to SBS, it copies that login info to the 2008 R2. Seems like this should be feasible without too much risk.

And if the SBS 2011 box went away, it then seems reasonable to assume that those logins and passwords would remain on the 2008 R2 server.

It's unclear to me whether you guys think this is either not possible, or it is possible, but ill-advised.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 39221129
I'm not sure how to rephrase my second comment -

If you are not an AD expert you shouldn't.  If you try to recover a failed server and you don't understand the issues surrounding AD and a recovered server you COULD destroy your domain.

Adding a second DC would mean the data is replicated.  And it should work fine.  BUT if you ever did a restore and didn't know exactly what you were doing, you could destroy your active directory.

If your intent is to migrate away from SBS, that's fine - you'll be removing the SBS box so the time with both and thus the time where you might be concerned would be minimal.

I used to recommend this often.  And given the option *I* will always add a second server as a DC to an SBS domain.  But I've been working with AD for more than 13 years and know it well enough to know how to restore a DC in a multi-DC environment - therefore the risk is minimal for ME and benefit is much greater.  If you don't know it well (and it seems you don't from what I'm understanding in your comments), then in my expert, professional opinion, you should not.  OR, you should spend a few weeks AT LEAST in a lab environment and in reading and getting to understand Active Directory, how it works, and how you should deal with backups and restores.  (I can't explain it all in one comment or even a few - there are BOOKS on this stuff).

Or hire a consultant.

I'm sorry if I'm being too blunt or misinterpreting your skill level - my intent is not to insult you - just to encourage you to do things in a manner that will be most beneficial and reliable for your organization utilizing the skills and resources you have that are apparent to me.

Why do you want a second DC anyway?  Is it JUST for redundancy?  Are you not performing nightly backups?  Are you concerned about something in particular (maybe that should be a second question and there may be solutions your not considering).
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 39227582
Thanks, this is clear. I'm not offended at all. It's a given that this is a rudimentary AD question, so your response is entirely appropriate.

The primary goal is to not have to create users, password resets, etc. twice, so we can work with maximum efficiency and organization.

Secondarily, it would be nice to have a backup DC to recover from if necessary.

We have multiple layers of backup. I'm not concerned about that.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question