Solved

Microsoft SBS 2003 to Full Server 2008 Standard R2 Domain Migration

Posted on 2014-02-19
4
768 Views
Last Modified: 2014-02-20
Hello...A small client of about 20 users will be moving off their legacy Windows Server 2003 Small Business model to a full Windows Server 2008 R2 model. They've already moved off Exchange 2003 to Office 365, so SBS 2003 Exchange is not a concern. Only the user accounts, PCs, printers, file shares and network-related service account/applications are affected.

I want my new domain to be completely clean and I'm a little concerned about the legacy SBS 2003 domain - it may have experienced some corruption in the past that could cause a garbage-in, garbage-out situation if I was to migrate the resources from the old to the new domain. I'm considering doing the following:

1. Build a new Windows Server 2008 R2 domain.

2. Create new accounts with exact same username and password.

3. Gradually move PCs, printers, file shares and so on to new domain.

4. Once all resources are migrated, wipe SBS 2003 server and rebuild SBS 2003 server as Server 2008 R2 DC on new domain.

My main concern during the migration is that users - whether on the existing SBS domain or the new domain - can seamlessly access resources on the peer domain. So for example, when I remove a PC from the SBS domain and add to the new domain, the user will need access to file shares on the legacy SBS server. Conversely, if I move printers to the new domain, the users still on the legacy SBS domain will need printing capability from the newly hosted printer on the Server 2008 R2 box.

I'm hopeful that setting up the new domain with the same usernames and passwords will accomplish this.

Am I correct?

Is there a better way to do this?

Thank you.
0
Comment
Question by:FSHS
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
ktaczala earned 275 total points
ID: 39871695
New users on a new domain will have different SID's.  They will not have access to the old shares using the new accounts.

Are you planning to move all shares to the new server?  
Since it's only 20 users I would just do it manually, make notes of shares & permissions move data add appropriate permissions
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 39871701
Since it's a small business 2003 domain, you can't even setup a trust.
0
 
LVL 22

Assisted Solution

by:Olaf De Ceuster
Olaf De Ceuster earned 25 total points
ID: 39872102
You'll need to export the profiles and re-import again. (Or use 3rd party software to move domain profiles)
Consider Server 2012 R2  Essentials. You get 25 licenses and Remote Access. And fantastic 365 integration.
Hope that helps,
Olaf
0
 

Author Comment

by:FSHS
ID: 39874003
I found a few more details as to why accessing resources in different domains even with the same usernames and passwords won't work, in case this is helpful to any reader.

in a domain, your user name and password aren't compared against a securable object's access control list when you try to access the securable object. Your access token gets compared. Your access token is generated at domain logon and is composed of lots of pieces of information beyond just your username and password--primarily, it includes your account's SID, which will obviously be different in each domain. Since the access control list of the directory or share you're trying to access in Domain A while you're logged into Domain B doesn't actually contain your username and password, but rather your Domain B account's SID, the access token you present to the Domain A server when you try to access the directory or share doesn't match any access control entries and you get access denied
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now