SBS 2011 Migration

Right now I am running SBS 2011 with Exchange. I am about to hit my 75 user max so I ordered 2 new servers. One for Exchange 2016 and another for Server 2012 R2 Standard. Does anyone have any migrations documents for this process. I'm pretty sure that I will migrate the DC first then the exchange portion. Thank you.
Robert Janics Jr M.C.PSystem AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hypercat (Deb)Commented:
It's fairly straightforward. You would install your new servers, join them to the SBS domain, promote one to DC, install Exchange on the other one, and then proceed with migrating documents, data and mailboxes and FSMO roles.  Once the migration is done, you would uninstall Exchange 2010, demote the SBS server and remove it from the domain.

Here's a post that might help with a few more details:
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'd return one server - it's not needed unless you plan on clustering and/or creating a remote DR site - one machine can run everything in separate VMs - and with a single 2012 license you can run two VMs.  

1. Install Hyper-V on the new server
2. Install a VM and join it to the domain
3. Run DCDIAG /C /E /V on the SBS 2011 server and correct any unexpected errors
4. Promote the 2012 VM to a DC
5. Transfer all data from the SBS server to new server - file sharing, print sharing, Sharepoint (if you use), web sites (excluding OWA/RWW).  DO NOT transfer the FSMO roles or DHCP (these are the last things to transfer).
6. Setup a second VM.
7. Install Exchange 2016
8. Migrate your mailboxes / Exchange config
9. Migrate your FSMO roles.
10. Uninstall Exchange 2010 from SBS
11. Demote the SBS server
12. Remote the SBS Server

Perform FULL backups at every step!

If you don't understand more than 2 of the above items you should hire a pro to do this for you.  Even if you DO understand most of these steps you should setup a test environment (Virtual machines are great for this) and PRACTICE a couple of times - Exchange 2016 was just released and even pros haven't done this too many times - and Microsoft wants you moving to the cloud so documention can be tougher to find than in the past since the Microsoft preferred Migration is NOT SBS to Exchange 2016, it's SBS to Office 365.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
Also on my current sbs server my exchange is on SP1 can I update directly to SP3
Hypercat (Deb)Commented:
Yes, you can.  Also straightforward, and simple since you have only a single Exchange server:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
I have attached my DCDIAG on the current server it seems to be ready to migrate.  Besides the DCOM errors does everything else look ok?
Hypercat (Deb)Commented:
Looks OK to me.  The only potential concern is these entries:

Starting test: NCSecDesc


            Replicating Directory Changes In Filtered Set
         access rights for the naming context:


            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         ......................... WENDY failed test NCSecDesc

This is a problem only if you're planning on using a RODC (read-only domain controller), which I'm assuming wouldn't be something that you'd be contemplating.

You should also run the SBS Best Practices Analyzer just to be sure that you're SBS installation doesn't have any problems.  I think this also checks your Exchange organization but if not you would also want to run the Exchange Best Practices Analyzer.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
I'll run those in the morning and see what we get.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
Here is the SBS BPA. it look like it looked at Exchange as well.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
So i finally have the new servers up and running for a month. No errors reports company wide. I still have FSMO DHCP, DNS, AD on old server. Exchange has been uninstalled. The new server is replicating DHCP, DNS, and AD as well. It is all working fine. What should the next step be? Just Move FSMO to new server and ADPrep old server out?
Hypercat (Deb)Commented:
Yes, you need to move all the FSMO roles to the new DC:

Assuming that you've already moved all data, including Exchange, company website, SharePoint and SQL databases that you might need, you can then demote the old server, remove it from the domain and shut it down.  NOTE that you can't keep it running, as SBS will automatically shut itself down once it's been demoted.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
All data was moved already moved to the proper servers.  I just moved over the FSMO roles, just did a "netdom Query FSMO" and it reports the new server as FSMO holder on each server. The process I was looking for was on demoting the old server. Right now it hold the following roles i took a screen shot of. Do i just uncheck the box for all of them and remove?
Hypercat (Deb)Commented:
First demote it using "dcpromo".

Then remove the services by running the Add/Remove Roles and Services and uncheck everything domain-related.

Then unjoin it from the domain.

Then shut it down.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
my NSLOOKUP is still pointing to my old DNS server which is the old DC. The DNS does replicate the the new server though. Is this just because I have not ran DCPROMO yet?
Hypercat (Deb)Commented:
Could be:

1.  You've not changed your DNS settings in DHCP and/or static settings of your NIC card to point to the new server.

2.  Your DNS cache is old and still holds a record for the old server as primary DNS.

So, first make sure that your new server is set as primary DNS server on the properties of your NIC, whether provided by DHCP or statically.  Then, open a command prompt and run "ipconfig /flushdns." Once the DNS cache is flushed, run "ipconfig /registerdns" and then recheck nslookup.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
It was my fault, I fixed it on the DHCP server. I now get the new server as in my NSlookup. Before i DC promo it, I should be able to shut it down and everything works as normal correct? I ran DCpromo and it erred out for the AD certificate role. Looks like i need to remove that first.
Hypercat (Deb)Commented:
Yes, I would recommend that you shut it down as a trial first just in case.  Give the DHCP/DNS setting time to be updated on the workstations, and also make sure that the DNS settings on any statically assigned devices, such as printers, routers, switches, firewall, etc., have also been changed to point to the new server.

Another thing - make sure that your new DC is a global catalog server too!!
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
The workstations will change when the lease expires correct? Or should i just tell them all to reboot tonight.  Ive already got my staff going around changing printers, scanners, etc...
Hypercat (Deb)Commented:
Yes, the workstations will change when the lease renews (1/2 the TTL), or they are rebooted as you noted.  Depends on how long your lease is, but probably rebooting the workstations will speed the process and you'll be sure that everyone is updated at that point.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
I booted back up today snapped and image, removed Active Directory Certificate Service, Ran DC promo, removed active directory domains and services, dchp, and DNS. What left as a role is IIS, Network policy and access services, and application server. Do I need to remove those roles before my final shut down?
Hypercat (Deb)Commented:
Nope, but you do need to unjoin the server from the domain, otherwise there will be remnants of it in AD that you wouldn't necessarily want to be hanging around.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
Ok great that is all done. I am having this weird issue that started with users outlook disconnecting. When i go to connection status it says connecting. I attached a screen shot of the connectino statis. There is an Error that you can see. To get it to work i have to Ipconfig relese, Renew, DNS flush, DNS register. and it works. Or the end user will reboot. I'm not sure the dns is necessary i just tried it on one and it worked.
Hypercat (Deb)Commented:
Are you sure that the SSL cert is set up and applied correctly for autodiscovery?  Check your DNS setting to make sure your autodiscover entry is correct also.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
It looks correct to me am i missing something?  Under my Autodiscover Authentication tab i have Integrated windows authentication and Basic Authentication checked.
I also went ahead and rebooted the DC and the Exchange server in that order. Just now, i have not done that since the old SBS sever was decommissioned.
Hypercat (Deb)Commented:
Is there an autodiscover record in either your remote or mail zones?  I have a similar setup, as the domain name for my internal AD domain is different from my external domain name.  I have internally and for the external name.  I have a zone "" with the DNS server names in it, and below that I have a _tcp folder with the following autodiscover entry:

DNS autodiscover record
Try adding a similar record to whichever domain is designated as the internal URL for your mail server.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
Where does it go? Attached is my Tree.
Hypercat (Deb)Commented:
It looks like your internal URL is, so that's where the autodiscover entry needs to be.
Robert Janics Jr M.C.PSystem AdministratorAuthor Commented:
Ok so correct me if I'm wrong ill go to Forward look up zones -->
Right click in the window select other new record choose Service Location
Then the domain box is
i have to type in _autodiscover it is not in the service list
i have to type in _Tcp it is not in the protocol list
Port 443
now what do I use for Host offering this service? My Mail server name or my DNS server name?
Hypercat (Deb)Commented:
Your mail server name.

I found this thread looking for solid information for uninstalling Exchange 2010 from an SBS2011 server after migrating to Exchange 2016 like you did. What steps did you take?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.