Moving desktops from SBS to Windows 2012 can server config be done in place ?

I am implementing 2k12 on a network which currently has SBS 2008.
I am recreating AD from scratch because the legacy is filled with junk .
I plan on migrating DHCP an DNS and data but not much else .
my question is can I do this on the same network without affecting production until i promote DC ?
I dont have the luxury of configuring it in a lab .
Andre PAsked:
Who is Participating?
Alexandre MichelConnect With a Mentor Manager; IT ConsultantCommented:
Hi Andre

Some questions that would make it easier to help you:
- How many users?
- How many PCs?
- Email/Exchange migration?
- The new AD is on a different than the old server?  

Here is a plan you can follow

1. Create your new AD
2. Add your users in the new AD
3. Migrate DNS and DHCP .... or not and recreate them
4. Use this tool ( to migrate the profiles on the desktops from the old domain to the new domain. This is an easy tool to use. You can automate the process of keep it manual.

Cris HannaCommented:
You can't have two domains with the same name on the same physical subnet.  And if these are two different domains, then desktops will have to be disjoined from the SBS 2008 domain and rejoined to the Server 2012 domain.
Michael PfisterCommented:
Even if you could keep the domain name you still have to move the workstations as Cris states.
Also you'll create new SIDs for every user of the new domain, meaning everyone will have a fresh user profile when logging in.

You have to decide between its easier to live with the junk in AD vs. having to reconfigure all clients and user profiles. How many users/clients are on this SBS network?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Alexandre MichelManager; IT ConsultantCommented:

Microsoft has a documented article and instruction on how to migrate from SBS2011 to windows 2012 Essential ... but it works as well for Windows 2012

Andre PAuthor Commented:
thanks for all the answers  very helpful information
there are 35 users and desktops approx
The old SBS 2k8 server has hundreds of active but enabled  users because of high turnover over the years .
Creating a new Domain sounds like a plan .
I'd like to migrate DNS DHCP
exchange is being moved to online exchange
I would also like to migrate printers and the subset of current user information .I would also like to migrate groups as well .
it would be also great if there was a script (PowerShell)which could move desktops domain to another so it does not have to be done one by one .
Larry Struckmeyer MVPConnect With a Mentor Commented:
Just a suggestion going forward... regardless of migration or start fresh.  As you have said the AD is full of disabled users.  I would NOT give user accounts human names going forward but rather position names such as Accounting1, Engineering1, HR1 and so on, and name the computers in the same way as Accounting01, Engineering01, HR01.

Regardless of the person that occupies the position the names don't change.  We do this for staff with the possible exception of the core management, and even then we sometimes use CEO1, COO1, Controller1 and so on.

For your current issue, seems the easiest path would be to verify the email system, make sure you have everything you want in some format, either in a current users mailbox or a pst., make a valid backup or two and an image, then clean up the AD and do a migration.  35 desktops is a lot to change over a weekend, and more time consuming that the migration.
Philip ElderConnect With a Mentor Technical Architect - HA/Compute/StorageCommented:
A side-by-side migration is fairly straight forward.

Make sure the new domain is _not_ the same as the old domain. There are GUIDs behind everything. The desktops would get really confused if the domain name was the same. Cleaning that up is very painful.

I suggest using ForensiT's Profile Migration Wizard tool to automate the desktop flip onto the new domain. Users don't lose Pretty Kitty and all of their security tickets and such move along with the change. It's slick and worth it.

Set up DHCP in the new DC but don't enable it right away to serve IPs. With DNS, you can do one of two things:
1: S/U a domain in DNS for OLDDOMAIN.Local and manually add the necessary record(s). Have DHCP deliver IPs via the new server with DNS pointing to itself. That should take care of any resolution issues.

2: S/U DHCP on the new server to point DNS to SBS temporarily. When ready to cut over delete the reference and add the DC.

Make sure the root folder for their data has Domain Users with MOD rights prior to copying data in. Enable Access-based Enumeration so that folders users don't have permissions to will not be seen by them.

Disinherit on sub folders, make sure to choose to COPY/KEEP existing permissions, remove the Domain Users group, and finally add the necessary group(s).

These last two steps can be done in PowerShell if there are a lot of them to simplify the procedure.
Andre PAuthor Commented:
Larry , I am intrigued by your approach .
So if you have an accounting office per say :
You have 10 people in tax
5 people in international
5 people in small business

Are you saying .. That instead of using groups ? Tax , INT , SB ,
You have username Tax1 - Tax10 ?
SB1-SB5 ?
So when a new person starts .. How does that work ? Arent certain licenses and fax services tied to that ?
How can you then tell who worked on what ?  In a document management setting would that not breed confusion ?
Im not sure I understand . Please elaborate .. If there is an article about this can you send it ?

For your current issue, seems the easiest path would be to verify the email system,
The email system will be exchange online so I dont understand what you are saying there
That migration via pst will be done weeks ahead of the server upgrade .
Will be copying pst files to server for safe keeping as well

make sure you have everything you want in some format, either in a current users mailbox or a pst., make a valid backup or two and an image,

 then clean up the AD and do a migration.  

If I have an inherited AD with 80% garbage  Why would it not be easier \Less time consuming to Create an AD from scratch on the new domain ?

35 desktops is a lot to change over a weekend, and more time consuming that the migration.

I dont understand the above ?
Larry Struckmeyer MVPCommented:
You can continue to use groups.  User Tax1 and Tax2 can both belong to the group TAX for security and distribution purposes.

The goal is to reduce the AD impact and the confusion when there is high turnover.  I am not sure I under stand your concern.  If Sally used to be TAX5, but she leaves and is replaced by John, the domain user and the desktop are still being used by user TAX5.  Emails can go out under, but the user can disclose their actual identity if they choose to.

As far as changing desktops, if you change domains you have to disjoin and rejoin the new domain and verify all the settings.  All I am saying is that 35 of those will take one, or even two, admins a long time and you may have to work more than the expected time over a weekend.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.