Solved

Microsoft SBS 2003 to Full Server 2008 Standard R2 Domain Migration

Posted on 2014-02-19
4
775 Views
Last Modified: 2014-02-20
Hello...A small client of about 20 users will be moving off their legacy Windows Server 2003 Small Business model to a full Windows Server 2008 R2 model. They've already moved off Exchange 2003 to Office 365, so SBS 2003 Exchange is not a concern. Only the user accounts, PCs, printers, file shares and network-related service account/applications are affected.

I want my new domain to be completely clean and I'm a little concerned about the legacy SBS 2003 domain - it may have experienced some corruption in the past that could cause a garbage-in, garbage-out situation if I was to migrate the resources from the old to the new domain. I'm considering doing the following:

1. Build a new Windows Server 2008 R2 domain.

2. Create new accounts with exact same username and password.

3. Gradually move PCs, printers, file shares and so on to new domain.

4. Once all resources are migrated, wipe SBS 2003 server and rebuild SBS 2003 server as Server 2008 R2 DC on new domain.

My main concern during the migration is that users - whether on the existing SBS domain or the new domain - can seamlessly access resources on the peer domain. So for example, when I remove a PC from the SBS domain and add to the new domain, the user will need access to file shares on the legacy SBS server. Conversely, if I move printers to the new domain, the users still on the legacy SBS domain will need printing capability from the newly hosted printer on the Server 2008 R2 box.

I'm hopeful that setting up the new domain with the same usernames and passwords will accomplish this.

Am I correct?

Is there a better way to do this?

Thank you.
0
Comment
Question by:FSHS
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
ktaczala earned 275 total points
ID: 39871695
New users on a new domain will have different SID's.  They will not have access to the old shares using the new accounts.

Are you planning to move all shares to the new server?  
Since it's only 20 users I would just do it manually, make notes of shares & permissions move data add appropriate permissions
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 39871701
Since it's a small business 2003 domain, you can't even setup a trust.
0
 
LVL 22

Assisted Solution

by:Olaf De Ceuster
Olaf De Ceuster earned 25 total points
ID: 39872102
You'll need to export the profiles and re-import again. (Or use 3rd party software to move domain profiles)
Consider Server 2012 R2  Essentials. You get 25 licenses and Remote Access. And fantastic 365 integration.
Hope that helps,
Olaf
0
 

Author Comment

by:FSHS
ID: 39874003
I found a few more details as to why accessing resources in different domains even with the same usernames and passwords won't work, in case this is helpful to any reader.

in a domain, your user name and password aren't compared against a securable object's access control list when you try to access the securable object. Your access token gets compared. Your access token is generated at domain logon and is composed of lots of pieces of information beyond just your username and password--primarily, it includes your account's SID, which will obviously be different in each domain. Since the access control list of the directory or share you're trying to access in Domain A while you're logged into Domain B doesn't actually contain your username and password, but rather your Domain B account's SID, the access token you present to the Domain A server when you try to access the directory or share doesn't match any access control entries and you get access denied
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question