Solved

Removing SBS 2003 sp2 from domain with multiple other domain controllers

Posted on 2014-03-23
2
286 Views
Last Modified: 2014-04-01
Hi Guys,

I am in a bit of a dilemma.  I work for a IT outsourcing company and we support a client A (DomainA) that has 2003 AD functional  and domain level.  Client A has recently purchased a new business Client B (Domain B) That is running a SBS2003 environment with 4 other domain controllers within the same domain.

I was planning to consolidate the two domains by collapsing Domain B into the Domain A by using ADMT. I discovered that SBS 2003 or any version of SBS does not permit the creation of a trust between the two domains. I have done a bit of research and this brings me to basically 2 ways to do this.

1) Find the 2003 SBS Transistional Pack and upgrade teh SBS server to a standard server. Being 2014 i think it will be next to imposible to find this media anywhere.

2) Remove the SBS services all together - The Client B is not using any of the SBS services.  Email is offshore with office365 no sql or other applications running on it.  It is basically just a PDC for the DomainB.

I cant seem to find the SBS transitional pack anywhere with microsoft advising to contact local distributers and local distributers advising to contact microsoft. This leaves me to believe option 2 is the only option at this point in time.

Below is the steps i plan to do. Can you guys provide any insight into things a may have missed or if i need to re-organize the schedule.


1) Modify the Registry permissions to disable the SBCore Services on the SBS server
2) Confirm that DNS is installed on the remaining domain controllers and the intergrated DNZ zone has replicated to all dc's
3) Confirm all client devices are pointing to the new DNS servers
4) Make one of the other server that is a DC a Global catalog server
5) FSMO the roles over to this other domain controller (PDC, RID scheama master etc)
6) confirm the Sysvol and netlogon shares have replicated to the second domain controller and all the rest - force replication by doing a authorative / non-authorative restore  i.e.  http://support.microsoft.com/kb/315457
7) Move the site licensing server from the sbs server to the new domain controller
8) Reboot new domain controller that is now PDC and a Global catalog
9) Remove global catalog from sbs2003 server
10) Uninstall sbs components from legacy sbs2003 server
11) Demote legacy sbs server so it is purely a member server


Please let me know if there is anything i need to add to this task list or if i am missing anything critical
0
Comment
Question by:tetran_au
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 39949504
1) Modify the Registry permissions to disable the SBCore Services on the SBS server
You cannot.  Doing so would violate licensing.  We cannot assist you in violating licensing and I would suggest that doing so on behalf of your client is a REALLY bad idea.
2) Confirm that DNS is installed on the remaining domain controllers and the intergrated DNZ zone has replicated to all dc's
Fine.
3) Confirm all client devices are pointing to the new DNS servers
Fine.
4) Make one of the other server that is a DC a Global catalog server
This should have been done long ago.  In my opinion each site should have two GCs.  So bottom line, this is fine.
5) FSMO the roles over to this other domain controller (PDC, RID scheama master etc)
Why would you do this BEFORE 6?  Where is your DCDIAG runs to confirm AD is healthy?  STRONGLY recommend you do that first.
6) confirm the Sysvol and netlogon shares have replicated to the second domain controller and all the rest - force replication by doing a authorative / non-authorative restore  i.e.  http://support.microsoft.com/kb/315457
Fine, but again, this should come after a DCDIAG /C /E /V and BEFORE the FSMO role transfer.
7) Move the site licensing server from the sbs server to the new domain controller
What site licensing server?  The SBS Licensing service?  Terminal Server Licensing?  Licensing, with a few exceptions, is a DOCUMENTATION thing, NOT a service when it comes to Microsoft.
8) Reboot new domain controller that is now PDC and a Global catalog
Why reboot?  You can... no problem doing it... but it's unnecessary.
9) Remove global catalog from sbs2003 server
You can't - this would violate licensing*
10) Uninstall sbs components from legacy sbs2003 server
You can't - this would violate licensing*
11) Demote legacy sbs server so it is purely a member server
You can't - this would violate licensing*
*You CAN if you COMPLETELY REMOVE the SBS server from the network.  If the SBS server is to be on the network, it MUST be the FSMO Master DC, *A* Global Catalog.  The SBS components, WHILE THEY CAN BE REMOVED, cannot be re-installed on another server unless you buy separate licenses for them.  (You cannot move the Exchange install from an SBS server to a non-SBS install without buying a new copy of Exchange.  (This is somewhat FYI as I know you're not using Exchange directly in house).
0
 
LVL 2

Author Closing Comment

by:tetran_au
ID: 39969038
Thanks for your answer.  I have added the dcdiag checks and AD health checks in step 4 and moved the rest across.

The idea is to decomission the sbs component so we can establish a trust. Once the trust is in place all users and servers from the new domain (one that was recently purchased) will be transfered into the clients current domain.

Once this has been competed the legacy sbs environment will be decomissioned completely.  In terms of licensing our client has a enterprise agreement licensing with microsoft and we have confirmed that all the servers that will be transfered across will get a appropriate license through this agreement.

The issue we had is no one has the transitional pack as microsoft says 2003 is dead and all distributers say the same. So i wouldnt call it breaking the rules, more like bending them slightly to ensure that the domains can be combined
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook.com, live.com spam problem 4 47
URL to download Windows 10 Home 7 111
Purchase of laptop with win 7 Professional OS 8 113
Win 7 OS unable to install Win updates 3 138
In a hurry?.. scroll down to "HERE's HOW TO DO IT" Section. Greetings All, I was going to post this as question/solution, but its seems more appropriate as an article considering its length.  I felt it important to illucidate all the details c…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now