Migration from SBS to Essentials

I went the SBS Migration route from a SBS 2003 to SBS 2011 server and when it was all said an done I really questioned the approach. It was only a 20-user network and I think it would have been easier and less time consuming to not migrate. To simple start with a fresh server and manually recreate the users and shares then on a slow weekend copy the data from one server to the other and rejoin the workstations to the new server.

Any thoughts on this? I have a couple more to do this year. Both about a 10-user network. A SBS 2008 and a SBS 2003. Is "migration" really the best way to go or is it easier to start fresh and manually transfer things over?
LVL 15
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Larry Struckmeyer MVPCommented:
Regardless of the pros and cons if you choose to do a greenfield copy out the mail and the data ahead of time.  Robocopy with the appropriate switches will copy the data to usb or a network share and when run again on "the day" will only copy the changed bits so it is very fast.

Same with xmerge.  Once all the mail is copied out on "the day" you can xmerge out the last month of mail and get it very quickly.  Once all the bits are in  place the week before "the day" goes much faster.

Having said that, for 20+ systems migration is generally conceded to be easier than greenfield.  Disjoining and rejoining is a PITA at that count.  For 10 and under greenfield using the above tips can be efficient.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I hate to give the answer like this, but it really depends on the situation.

A migration is, generally, recommended because in an ideal configuration, it is less stressful for the user and easier to complete for an administrator.  But, I, personally, have never seen the ideal configuration (just having SBS version x is not the ideal configuration).  The ideal configuration is the one where the domain (server and all clients) have been maintained, updated and have not had any customizations applied to the recommended configurations therein.

Ultimately though, fixing the problem areas (usually patch and AD health related) are not a major inconvenience.  What is are the customizations where someone, who thought they were smarter than Microsoft, decided that doing A was better than doing B.

In order to decide which makes more sense, familiarity with the overall health and readiness of the domain and it's members is going to be key.

Larry Struckmeyer MVPCommented:

(just having SBS version x is not the ideal configuration)

Why that comment?  In any case it is your opinion.  Adding IMO might have made it less offensive to the OP and others who chose to use SBS.
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Cliff GaliherCommented:
What is easier and less time consuming for you is rarely what is best for the users. And that's the nature of I.T.  We exist for the users.

Take your disjoin/rejoin methodology for example. The user's profile will not follow them. It is a new AD account so a new profile will get created. All of the "little" customizations a user has made are gone. Custom menus in Office. Remembered words in the spellcheck dictionary. Auto-filled email addresses in Outlook.   Gone.  They lose hours of productivity as they slowly reconfigure and reteach their system. Add that up by 20 users and that's a lot of lost productivity, just so the I.T. person saved time. The *business* loses money. And you have angry users on top of it because of all that lost information.

Or you invest in profile migration software. Which now you are not just disjoining and rejoining machines, touching each machine, but migrating *every* profile on that machine. You've now wiped out any gains you got from that process.

And that is just one example. Migrating data has similar issues. ACLs are reset. So now you manually reconfigure them. Or you get calls that some secretary got (And viewed) the excel spreadsheet with management's pay compensation (even in 20 person companies, this can be a big deal.) FFAAANNNTTTAAASSSTTTIIICCC.

Migrating is almost always the right choice. Yes, it takes longer. For you (and only you.) But the other benefits far outweigh that. Every. Single. Time.
@Larry - I was not meaning to be offensive, I was meaning to imply that just walking into a client and seeing that they have SBS is enough to just write that client off as having been configured properly.

I have used and recommended SBS for many clients.  I have even completed migrations from one SBS version to another (or to a standard domain when the client outgrew SBS).

Larry Struckmeyer MVPCommented:

I was not able to edit in time to add that a greenfield with robocopy and .pst files the new server can be "almost" 100% ready on game day.  Data in place, wizards run, shares created, users and permissions done.  All that would be left on game day is to join the stations to the new domain (including moving the profiles) and change the forwards on the firewall/router.  Well, almost.
LockDown32OwnerAuthor Commented:
The mail issue will be handled long before the migration takes place. In looking through the responses it appears as though the 10-users wasn't taken much in to consideration.

You really don't need to invest in profile migration software and their profiles are really gone. If you keep the usernames the same it might take 20 minutes per computer to join the new domain and straight copy their old profile to their new profile and things will be right back to where they were. The profiles are a PITA but pretty easy to do.

ACLs shouldn't be that hard to reconfigure either. A 10-20 user network really shouldn't have that many shares or ACLS. Now days most people are going Office 365 which makes the mail a cake walk too.

I laughed at the remarks about SBS. The sweetest migration in the world is non-SBS :) You pay more for the full blown Server Standard up front but when it comes time to upgrade it couldn't be much sweeter and easier :) Well worth the price of the full blown server :)

So what do people use to "migrate" to Essentials? Does Microsoft offer anything?
Just finished a migration. Took 3 days to get all the prerequisites and other checks going on, following the official MS documentation (no mentioning of the fact that changing language would cause more problems). In the end, the migration wizard still failed (every run, somewhere else, fixing things here and there, the failures kept coming at a later stage). In the end, a clean install was the only way to proceed. WHY all the checks and prerequisites, and then still fail after all? God knows why (well actually MS does), but the installation logs weren't really helpful. If the previous domain was ridden with errors, I'd understand it, but it was running fine.
In the end, the trust that the migration wizard would be smart enough to actually migrate things, I lost 3 days, and the new install, took only one day.
LockDown32OwnerAuthor Commented:
That's kind of where I was at. If you start from scratch you don't "bastardize" you server with any issues that existed in the previous server. You start with a clean slate. Imaging upgrading from 95 to 98 then 98 to Millennium  then Millennium to XP etc., etc. Nothing runs better then a fresh clean install. I can see migrating if you had 50 or 100 computers but 10 to 20? I guess, like anything else, there are pros and cons. The migration not working doesn't surprise me. Too many things that could possible go wrong.
Cliff GaliherCommented:
" Imaging upgrading from 95 to 98 then 98 to Millennium  then Millennium to XP"

That's an apples-to-oranges comparison, just to be fair.  In-place upgrades are ugly. Always have been. You are getting every dll, every registry entry, every nuanced bit of OS with each upgrade.  A migration is *none* of that.

When you migrate, you are manually copying files. So the files themselves are new. The filesystem is new. The OS is new. The ACLs are copies, but are recorded in the new filesystem's new journal. Active Directory is replicated. But LDAP is a long-standing database type that is well understood (unlike the registry) and changes are not done willy-nilly to AD (unlike the registry) and it has a well defined schema that blocks illegal changes (unlike the registry) so it isn't like OS-level problems follow an active directory migration. Think of any large corporation that has been running AD since 2000. They've gone from 2000 to 2003 to 2008 to 2008 R2 to 2012 to 2012 R2 and, because of their size, have pulled along their entire AD with them. AD is just not prone to "rot" the way people think of an OS, any more than a well defined Excel spreadsheet is prone to rot. Do you recreate your excel spreadsheets with each new OS change? OF course not. You copy the file. Because the file format is known. It doesn't change. It doesn't rot. And the data is intact. *THAT'S* AD. ...And honestly, the only thing "migrated" in an SBS-to-Essentials migration is AD. Everything else either stays the same (the clients, which don't get changed) or are copied (files, such as Robocopy.)  But preserving AD *does* preserve SIDs, which eliminates all of the downsides of a clean install. New profiles (because the SID changed.)  Resetting file permissions (because the old permissions were based on SIDs that don't exist.)  Etc.  It seems trivial, but preserving AD is the only reason to migrate, but that is a *HUGE* reason.

From small to large, from incremental to skipping several versions, I've done so many migrations I've lost count. And been called in on dozens of projects where "things went wrong." Including clean builds where the consequences were unknown or not well understood. I can vehemently say migrate...every time. But you do have to know and understand Active Directory. Like any project and skill, you have to know what you are doing. On the job learning is never good. Chances are you didn't jump on the interstate five seconds after you first got behind the wheel of a car. You probably drove in circles in an empty parking lot.  Bad migrations are rarely (dare I say, ever) from the migration process. But from lack of planning and inexperience while rushing ahead. That doesn't invalidate the process. Nor does it mean giving up a car and using a horse and carriage as a regular way to commute from the suburbs to downtown Chicago is a good idea because cars are too dangerous/complicated.
I couldn't agree with Cliff more.  This is the reason why I stressed familiarity with your clients domain servers and members.

It wasn't as much about whether they had SBS or not and it wasn't a bash on SBS (as it might have been taken).  It was really just saying if your clients domain is healthy and their systems are compatible with the changes that are going to be made (in this case adding a Server 2012 R2 server with Essentials), then you would be less likely to encounter any issues; you would have an *ideal* configuration.

LockDown32OwnerAuthor Commented:
Your comparing AD to Registry is an Apples to Oranges comparison too. You are also missing the part about 10 to 20 users. Yes enterprises have gone from 2003 to 2008 to 2012 (which is only 3 upgrades) but they are the ones who can also afford to pay Microsoft $200 to $300 an hour to fix problems and afford to have someone from Microsoft on staff during the migration. Then look what you get now... all the Exchange and SQL AD entries are moot but carried over anyway and that is just one example. Garbage collection. That was my point in upgrading 95 to 98 to Millennium not it actually being an in place upgrade. The fact that every time you upgrade (even AD) that things just keep getting a little more off each time until the inevitable.....
Cliff GaliherCommented:
That demonstrates a fundamental misunderstanding of Active Directory. You can choose to learn, or choose your own path. I have no skin in the game.
LockDown32OwnerAuthor Commented:
English translation please? Are you disagreeing with something in the above?
Cliff GaliherCommented:
I didn't compare AD to the registry. I went to great lengths to show that they *can't* be compared because they are distinctly differentiated. And you said my comparison was apples to oranges (exactly my point!)  And then proceeded to (without naming the registry by name) talk about cruft and garbage collection and "the inevitable."

Basically? I disagree with your entire last reply. Most organizations do *not* pay Microsoft for a simple Active Directory migration, nor have MS staff "on hand."  AD does not collect cruft because things rarely make schema level changes to AD, and object-level changes are discreet, trackable, removable.

And implying some "inevitable" failure will occur after a few AD migrations shows, as I just said, a *FUNDAMENTAL* misunderstanding of AD.

But hey, you don't want to migrate and you want someone to post an opinion here that you can show your boss so you feel justified with your shortcuts.  That won't be me, but as I also said, I really don't care. It's your network tear apart, your users (or client) to frustrate, and your time to spend as you see fit. I really don't feel compelled to argue with someone who already made up their mind and came here seeking validation instead of an honest question and conversation.  Good luck to you.
LockDown32OwnerAuthor Commented:
Yee haw! A due with an attitude! If you read the original question (which you obviously didn't)  I started out by saying that I had done SBS 2003 to SBS 2011 migrations and simply asked is there wasn't a less time consuming method due to the fact that there were only 10 users on these networks. So let's start there. Would you like to answer the question because your rant on AD didn't really touch the question. It was a pretty simple question. I am not trying to cut corners. I am trying to find a simpler way of doing things. Are you opposed to trying new methods and saving some time?

   You are right AD and the Registry can't be compared but I have read that block several times and still can't get what you were tying to say. Are you actually saying the AD can't get corrupt and collect garbage? Really? Microsoft finally came out with something indestructible? Wow! Cool! Exactly why are you dragging the registry in to this?

Anyway... without going any further in to the tiff would you like to respond to the original question?
Cliff GaliherCommented:
My first response covered your original question. What saves *you* time costs end-users time and the end result is always a net loss for the company, and in many cases ends up not saving the sysadmin time as they deal with "mop up" support incidents such as mismatching permissions.

That was pretty cut and dry answer, that you apparently didn't read or like, to the original question I supposedly didn't read.  Why should I keep arguing about it if you won't listen?
LockDown32OwnerAuthor Commented:
I am not the one that isn't listening. I immediately pointed out that profiles are not lost and you don't need profile migration software to recover them. I don't know about other networks but the workstations I deal with very seldom, if ever, have more than one profile. You made it sound like anything you might think of gaining by doing a greenfield installation will be lost and then some by the profile issue. I simply don't think that is the case.

   It was a cut and dry answer and if you read my response you would realize I did read yours. I am just not in 100% agreement with it just from the profile standpoint. Yours is not the only opinion and just because someone doesn't agree with your opinion doesn't mean they aren't listening.
Cliff GaliherCommented:
You are entitled to your own opinions, but not your own facts.  Profiles are tattooed with SIDs in various places. Some are file-based (not just the ACLs but in the files themselves), for example. Office 365 ProPlus settings are secured internally via SID.  Then there are the registry hives which are part of the profile and, if loaded in regedit, you'd see are also tattooed with SIDs.  You can *copy* those files all you want, but the new account will have a new SID so a new set of registry entries will be created and any app settings that relied on the old SID are just...gone.  Microsoft created USMT with templates to accommodate that scenario for their OS and some of their applications. Laplink has created an entire business on supporting 3rd-party apps to do that.

But hey, I guess copying profiles is error-proof, SIDs don't matter, so Microsoft created USMT for no reason and people buy Laplink because they are idiots and like to waste money.  I've only sat with Microsoft engineers and discussed this, have the reputation and industry accolades to back that up, and am willing to put my reputation on the line. What could *I* possibly know that you don't, since you clearly know so much you don't even really need to ask the question in the first place.  Now don't I feel foolish.
LockDown32OwnerAuthor Commented:
Wow Cliff you are a God! How dare I question you! Goodness my bad! So you have explained everything that everyone already knew about profiles. Let's just trip the light extraordinary and say we copied a profile. There goes 15 minutes. Just how long do you think it will take to "mop up" any changes that are SID related? 15 more minutes? So... there is a half an hour. Multiply that by 10 users and there is a whapping 5 hours. Whoo hoo!

   Do you over-complicate your networks to the point you are the only one that can work on them? Do you go out of your way to make sure things are so embedded they can't be changed? Look at Kimputer's comment above. Took a whole day! A 10 user network just isn't that complicated and if it is then it wasn't set up right in the first place.

   I'm glad you have credentials. I'm glad you sat down and worked through it with Microsoft Engineers. Kudos to you! You're making a mountain out of a mole hill. You are turning a 10$, 10-minute job in to a $100,000 two year project. It's 10 users!
Cliff GaliherCommented:
If *MIGRATING* SBS to Essentials (not a greenfield) for 10 users takes $100,000 and two years then you are overcharging, inept, or both.  I'm done. You clearly have no interest in real answers nor in even being realistic about expectations. Screw over your users/clients. I personally don't care.
Cliff GaliherCommented:
And if you want a realistic timeline, here is my *MIGRATION* timeline for the last dozen or so I've done.

Install OS.  Fire up coffee pot.
Join domain.  Drink coffee
Promote to DC. Finish first cup of coffee.
Uninstall Exchange. Pour second cup of coffee.
Demote SBS server.  Start drinking second cup of coffee.
Update DNS to point to point to new server.  Take one *sip* of coffee.
Unplug old server....while reading facebook.

I think I just beat your five hours of touching every machine (which was a grossly underestimated timeline anyways) by about 4.5 hours.  Just sayin.
LockDown32OwnerAuthor Commented:
The five hours was your mess. You know... all those SSID changes and copying problems. Total time consumer. As far as you are concerned it can't be done. Just sayin.

   Your the one turning a $10, 10 minute job in to a fiasco. I'm glad your done. I love real answers. Too bad you didn't offer one. I don't think I have ever seen someone so full of themselves. Your way or no way huh? OK. I'll take the no way. I suppose I better close this question before you stroke out. I'll ask it again. Please don't respond this time. Your input is no longer welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.