Solved

Removing SBS 2003 sp2 from domain with multiple other domain controllers

Posted on 2014-03-23
2
285 Views
Last Modified: 2014-04-01
Hi Guys,

I am in a bit of a dilemma.  I work for a IT outsourcing company and we support a client A (DomainA) that has 2003 AD functional  and domain level.  Client A has recently purchased a new business Client B (Domain B) That is running a SBS2003 environment with 4 other domain controllers within the same domain.

I was planning to consolidate the two domains by collapsing Domain B into the Domain A by using ADMT. I discovered that SBS 2003 or any version of SBS does not permit the creation of a trust between the two domains. I have done a bit of research and this brings me to basically 2 ways to do this.

1) Find the 2003 SBS Transistional Pack and upgrade teh SBS server to a standard server. Being 2014 i think it will be next to imposible to find this media anywhere.

2) Remove the SBS services all together - The Client B is not using any of the SBS services.  Email is offshore with office365 no sql or other applications running on it.  It is basically just a PDC for the DomainB.

I cant seem to find the SBS transitional pack anywhere with microsoft advising to contact local distributers and local distributers advising to contact microsoft. This leaves me to believe option 2 is the only option at this point in time.

Below is the steps i plan to do. Can you guys provide any insight into things a may have missed or if i need to re-organize the schedule.


1) Modify the Registry permissions to disable the SBCore Services on the SBS server
2) Confirm that DNS is installed on the remaining domain controllers and the intergrated DNZ zone has replicated to all dc's
3) Confirm all client devices are pointing to the new DNS servers
4) Make one of the other server that is a DC a Global catalog server
5) FSMO the roles over to this other domain controller (PDC, RID scheama master etc)
6) confirm the Sysvol and netlogon shares have replicated to the second domain controller and all the rest - force replication by doing a authorative / non-authorative restore  i.e.  http://support.microsoft.com/kb/315457
7) Move the site licensing server from the sbs server to the new domain controller
8) Reboot new domain controller that is now PDC and a Global catalog
9) Remove global catalog from sbs2003 server
10) Uninstall sbs components from legacy sbs2003 server
11) Demote legacy sbs server so it is purely a member server


Please let me know if there is anything i need to add to this task list or if i am missing anything critical
0
Comment
Question by:tetran_au
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 39949504
1) Modify the Registry permissions to disable the SBCore Services on the SBS server
You cannot.  Doing so would violate licensing.  We cannot assist you in violating licensing and I would suggest that doing so on behalf of your client is a REALLY bad idea.
2) Confirm that DNS is installed on the remaining domain controllers and the intergrated DNZ zone has replicated to all dc's
Fine.
3) Confirm all client devices are pointing to the new DNS servers
Fine.
4) Make one of the other server that is a DC a Global catalog server
This should have been done long ago.  In my opinion each site should have two GCs.  So bottom line, this is fine.
5) FSMO the roles over to this other domain controller (PDC, RID scheama master etc)
Why would you do this BEFORE 6?  Where is your DCDIAG runs to confirm AD is healthy?  STRONGLY recommend you do that first.
6) confirm the Sysvol and netlogon shares have replicated to the second domain controller and all the rest - force replication by doing a authorative / non-authorative restore  i.e.  http://support.microsoft.com/kb/315457
Fine, but again, this should come after a DCDIAG /C /E /V and BEFORE the FSMO role transfer.
7) Move the site licensing server from the sbs server to the new domain controller
What site licensing server?  The SBS Licensing service?  Terminal Server Licensing?  Licensing, with a few exceptions, is a DOCUMENTATION thing, NOT a service when it comes to Microsoft.
8) Reboot new domain controller that is now PDC and a Global catalog
Why reboot?  You can... no problem doing it... but it's unnecessary.
9) Remove global catalog from sbs2003 server
You can't - this would violate licensing*
10) Uninstall sbs components from legacy sbs2003 server
You can't - this would violate licensing*
11) Demote legacy sbs server so it is purely a member server
You can't - this would violate licensing*
*You CAN if you COMPLETELY REMOVE the SBS server from the network.  If the SBS server is to be on the network, it MUST be the FSMO Master DC, *A* Global Catalog.  The SBS components, WHILE THEY CAN BE REMOVED, cannot be re-installed on another server unless you buy separate licenses for them.  (You cannot move the Exchange install from an SBS server to a non-SBS install without buying a new copy of Exchange.  (This is somewhat FYI as I know you're not using Exchange directly in house).
0
 
LVL 2

Author Closing Comment

by:tetran_au
ID: 39969038
Thanks for your answer.  I have added the dcdiag checks and AD health checks in step 4 and moved the rest across.

The idea is to decomission the sbs component so we can establish a trust. Once the trust is in place all users and servers from the new domain (one that was recently purchased) will be transfered into the clients current domain.

Once this has been competed the legacy sbs environment will be decomissioned completely.  In terms of licensing our client has a enterprise agreement licensing with microsoft and we have confirmed that all the servers that will be transfered across will get a appropriate license through this agreement.

The issue we had is no one has the transitional pack as microsoft says 2003 is dead and all distributers say the same. So i wouldnt call it breaking the rules, more like bending them slightly to ensure that the domains can be combined
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now