Microsoft SBS 2003 to Full Server 2008 Standard R2 Domain Migration

Hello...A small client of about 20 users will be moving off their legacy Windows Server 2003 Small Business model to a full Windows Server 2008 R2 model. They've already moved off Exchange 2003 to Office 365, so SBS 2003 Exchange is not a concern. Only the user accounts, PCs, printers, file shares and network-related service account/applications are affected.

I want my new domain to be completely clean and I'm a little concerned about the legacy SBS 2003 domain - it may have experienced some corruption in the past that could cause a garbage-in, garbage-out situation if I was to migrate the resources from the old to the new domain. I'm considering doing the following:

1. Build a new Windows Server 2008 R2 domain.

2. Create new accounts with exact same username and password.

3. Gradually move PCs, printers, file shares and so on to new domain.

4. Once all resources are migrated, wipe SBS 2003 server and rebuild SBS 2003 server as Server 2008 R2 DC on new domain.

My main concern during the migration is that users - whether on the existing SBS domain or the new domain - can seamlessly access resources on the peer domain. So for example, when I remove a PC from the SBS domain and add to the new domain, the user will need access to file shares on the legacy SBS server. Conversely, if I move printers to the new domain, the users still on the legacy SBS domain will need printing capability from the newly hosted printer on the Server 2008 R2 box.

I'm hopeful that setting up the new domain with the same usernames and passwords will accomplish this.

Am I correct?

Is there a better way to do this?

Thank you.
FSHSAsked:
Who is Participating?
 
ktaczalaCommented:
New users on a new domain will have different SID's.  They will not have access to the old shares using the new accounts.

Are you planning to move all shares to the new server?  
Since it's only 20 users I would just do it manually, make notes of shares & permissions move data add appropriate permissions
0
 
ktaczalaCommented:
Since it's a small business 2003 domain, you can't even setup a trust.
0
 
Olaf De CeusterCommented:
You'll need to export the profiles and re-import again. (Or use 3rd party software to move domain profiles)
Consider Server 2012 R2  Essentials. You get 25 licenses and Remote Access. And fantastic 365 integration.
Hope that helps,
Olaf
0
 
FSHSAuthor Commented:
I found a few more details as to why accessing resources in different domains even with the same usernames and passwords won't work, in case this is helpful to any reader.

in a domain, your user name and password aren't compared against a securable object's access control list when you try to access the securable object. Your access token gets compared. Your access token is generated at domain logon and is composed of lots of pieces of information beyond just your username and password--primarily, it includes your account's SID, which will obviously be different in each domain. Since the access control list of the directory or share you're trying to access in Domain A while you're logged into Domain B doesn't actually contain your username and password, but rather your Domain B account's SID, the access token you present to the Domain A server when you try to access the directory or share doesn't match any access control entries and you get access denied
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.