Solved

Moving desktops from SBS to Windows 2012 can server config be done in place ?

Posted on 2016-10-20
9
31 Views
Last Modified: 2016-10-25
I am implementing 2k12 on a network which currently has SBS 2008.
I am recreating AD from scratch because the legacy is filled with junk .
I plan on migrating DHCP an DNS and data but not much else .
my question is can I do this on the same network without affecting production until i promote DC ?
I dont have the luxury of configuring it in a lab .
0
Comment
Question by:Andre P
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 41853304
You can't have two domains with the same name on the same physical subnet.  And if these are two different domains, then desktops will have to be disjoined from the SBS 2008 domain and rejoined to the Server 2012 domain.
0
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 41853498
Even if you could keep the domain name you still have to move the workstations as Cris states.
Also you'll create new SIDs for every user of the new domain, meaning everyone will have a fresh user profile when logging in.

You have to decide between its easier to live with the junk in AD vs. having to reconfigure all clients and user profiles. How many users/clients are on this SBS network?
0
 
LVL 4

Accepted Solution

by:
Alexandre Michel earned 167 total points
ID: 41853552
Hi Andre

Some questions that would make it easier to help you:
- How many users?
- How many PCs?
- Email/Exchange migration?
- The new AD is on a different than the old server?  

Here is a plan you can follow

1. Create your new AD
2. Add your users in the new AD
3. Migrate DNS and DHCP .... or not and recreate them
4. Use this tool (http://www.forensit.com/domain-migration.html) to migrate the profiles on the desktops from the old domain to the new domain. This is an easy tool to use. You can automate the process of keep it manual.

Alexandre
0
 
LVL 4

Expert Comment

by:Alexandre Michel
ID: 41853556
Andre

Microsoft has a documented article and instruction on how to migrate from SBS2011 to windows 2012 Essential ... but it works as well for Windows 2012

http://technet.microsoft.com/en-us/library/jj721754.aspx

Alexandre
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:Andre P
ID: 41853616
thanks for all the answers  very helpful information
there are 35 users and desktops approx
The old SBS 2k8 server has hundreds of active but enabled  users because of high turnover over the years .
Creating a new Domain sounds like a plan .
I'd like to migrate DNS DHCP
exchange is being moved to online exchange
I would also like to migrate printers and the subset of current user information .I would also like to migrate groups as well .
it would be also great if there was a script (PowerShell)which could move desktops from.one domain to another so it does not have to be done one by one .
0
 
LVL 21

Assisted Solution

by:Larry Struckmeyer MVP
Larry Struckmeyer MVP earned 167 total points
ID: 41853995
Just a suggestion going forward... regardless of migration or start fresh.  As you have said the AD is full of disabled users.  I would NOT give user accounts human names going forward but rather position names such as Accounting1, Engineering1, HR1 and so on, and name the computers in the same way as Accounting01, Engineering01, HR01.

Regardless of the person that occupies the position the names don't change.  We do this for staff with the possible exception of the core management, and even then we sometimes use CEO1, COO1, Controller1 and so on.

For your current issue, seems the easiest path would be to verify the email system, make sure you have everything you want in some format, either in a current users mailbox or a pst., make a valid backup or two and an image, then clean up the AD and do a migration.  35 desktops is a lot to change over a weekend, and more time consuming that the migration.
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 166 total points
ID: 41854429
A side-by-side migration is fairly straight forward.

Make sure the new domain is _not_ the same as the old domain. There are GUIDs behind everything. The desktops would get really confused if the domain name was the same. Cleaning that up is very painful.

I suggest using ForensiT's Profile Migration Wizard tool to automate the desktop flip onto the new domain. Users don't lose Pretty Kitty and all of their security tickets and such move along with the change. It's slick and worth it.

Set up DHCP in the new DC but don't enable it right away to serve IPs. With DNS, you can do one of two things:
1: S/U a domain in DNS for OLDDOMAIN.Local and manually add the necessary record(s). Have DHCP deliver IPs via the new server with DNS pointing to itself. That should take care of any resolution issues.

2: S/U DHCP on the new server to point DNS to SBS temporarily. When ready to cut over delete the reference and add the DC.

Make sure the root folder for their data has Domain Users with MOD rights prior to copying data in. Enable Access-based Enumeration so that folders users don't have permissions to will not be seen by them.

Disinherit on sub folders, make sure to choose to COPY/KEEP existing permissions, remove the Domain Users group, and finally add the necessary group(s).

These last two steps can be done in PowerShell if there are a lot of them to simplify the procedure.
0
 

Author Comment

by:Andre P
ID: 41854752
Larry , I am intrigued by your approach .
So if you have an accounting office per say :
You have 10 people in tax
5 people in international
5 people in small business

Are you saying .. That instead of using groups ? Tax , INT , SB ,
You have username Tax1 - Tax10 ?
INT1 -INT5
SB1-SB5 ?
So when a new person starts .. How does that work ? Arent certain licenses and fax services tied to that ?
How can you then tell who worked on what ?  In a document management setting would that not breed confusion ?
Im not sure I understand . Please elaborate .. If there is an article about this can you send it ?

For your current issue, seems the easiest path would be to verify the email system,
The email system will be exchange online so I dont understand what you are saying there
That migration via pst will be done weeks ahead of the server upgrade .
Will be copying pst files to server for safe keeping as well

make sure you have everything you want in some format, either in a current users mailbox or a pst., make a valid backup or two and an image,


 then clean up the AD and do a migration.  

If I have an inherited AD with 80% garbage  Why would it not be easier \Less time consuming to Create an AD from scratch on the new domain ?


35 desktops is a lot to change over a weekend, and more time consuming that the migration.

I dont understand the above ?
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 41859147
You can continue to use groups.  User Tax1 and Tax2 can both belong to the group TAX for security and distribution purposes.

The goal is to reduce the AD impact and the confusion when there is high turnover.  I am not sure I under stand your concern.  If Sally used to be TAX5, but she leaves and is replaced by John, the domain user and the desktop are still being used by user TAX5.  Emails can go out under TAX5@domain.com, but the user can disclose their actual identity if they choose to.

As far as changing desktops, if you change domains you have to disjoin and rejoin the new domain and verify all the settings.  All I am saying is that 35 of those will take one, or even two, admins a long time and you may have to work more than the expected time over a weekend.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now