SBS Network - replacing old 2008 SBS Server with 2011SBS Server

Posted on 2013-06-17
Last Modified: 2013-06-18
Hi all,

We have a client running a domain network with exchange email on an old HP server running 2008 SBS.  We are about to replace that server with a new one running 2011SBS.  We have the flexibility to not have to try and migrate from one server to the other and would prefer to start again with a clean slate but recreate manually the users (20 or so), email addresses, shares  and  security groups e.t.c.

My main question is, would it be o.k. to give the new server the same internal domain name as the old one (the old one would never be switched on at the same time as the new one) and if I did is there an advantage or any disadvantages? Or would it be smarter to choose a whole new domain name? Would I still have to remove PC's from the "old" domain and join it to the "new" one and if so would that in itself cause issues as the new domain is the same name....

Many thanks

Question by:amlydiate
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 14

Expert Comment

ID: 39255548
Hi Adam,

Typically you don't want to maintain the same internal domain name if you are building a new domain.  The problem would be that the new domain will have a different Security Identity (SID), so despite it appearing to be the same domain, none of the authentication mechanisms etc work.

Whether you use the same domain name or a new one, you will have to manually dejoin and rejoin each member computer.  For this reason it is simpler to use a different domain name to prevent confusion.  You will also have to recreate all security permissions etc for the reasons given: even with the same domain name and user / computer names, the SIDs are different.

Normally a migration would be done to SBS 2011, using either the 'swing' method or the official microsoft procedure.  If the current domain is messy or misconfigured though, it may be easier to start from scratch.

Author Comment

ID: 39255654
Thanks for that, if I change the domain name though will this cause issues with being able to reply to old internal emails that have been imported to the new domain or was this only a problem when going from 2003 to 2008/2011?


LVL 35

Expert Comment

by:Cris Hanna
ID: 39255838
I kind of disagree with BlueCompute's logic regarding changing the internal domain name.  It makes no difference which way you go, all workstations have to be disjoined from current domain and joined to the new one using the http://connect wizard.   If the internal domain name is long, shorten it for new domain.  It will have no effect on email replies
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

LVL 14

Expert Comment

ID: 39255849
HI Adam,

yes that's correct, you will be unable to reply correctly to pre-migration internal emails, as they will use the x500 LegacyDN address which won't be valid on the new domain.
(copy-pasted from my previous reply on this subject)
For internal users outlook uses the LegacyExchangeDN address (also known as the x500 address).  The cached autocomplete entries reference the x500 address, which the new external exchange server can't resolve to a mailbox.  If the user sends an email to the smtp address ( then that entry will be added to the *.NK2 file, so future emails will be sent correctly.

There are two ways of resolving this, one more elegant than the other:
1) Train the users to type the address in once for each contact (the first time they send to them), or edit the autocomplete entry using something like Nirsofts NK2edit.

2) Determine/extract the x500 attribute from your AD using ADSIedit or similar and have these LegacyExchangeDNs added as additional addresses to the new mailboxes.  A script similar to this shoudl do:
LVL 14

Expert Comment

ID: 39255865
Hi CrisHanna,

My reasoning is that if you create two domains with the same names but different SIDs then things could potentially get very confusing very quickly - eg, how do you tell which domain a machine is joined to at a glance?

Author Comment

ID: 39255892
Hi BlueCompute, I'm getting conflicting advice from elsewhere, can I just confirm that the X500 issue is not just a problem when migrating from Server 2003 but will definitely affect 2008 to 2011 migrations too?


LVL 14

Assisted Solution

BlueCompute earned 250 total points
ID: 39255954
Sorry Adam, I believe you are correct and adding the X500 addresses should NOT be necessary in your scenario.  My apologies.
LVL 35

Accepted Solution

Cris Hanna earned 250 total points
ID: 39256010
Was just about to reply
First @ BlueCompute
To avoid conflicts between two domains with the same name
A.  Remove all workstations from existing domain
B.  Copy off all necessary data to external source
C.  Shut down old server...never to be brought up on this LAN again (you could bring it up on its own switch, not connected to this network if you needed to access again.)
D. Bring up the new SBS
E.  Join all workstations to new SBS domain with http://connect

And X500 addresses were only an issue going from SBS 2003/Exchange 2003 to newer versions
SBS 2008 and later do not use the X500 address.

Author Closing Comment

ID: 39258475
Thanks for your helpful advice on this one, have split the points.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question