Solved

Adding a 2nd DC to a current SBS 2008 and demoting SBS 2008?

Posted on 2016-10-26
12
45 Views
Last Modified: 2016-11-05
I have a customer with a SBS 2008 server.  The customer has approved an upgrade to Windows 2012 R2 with Exchange 2016 OR Windows 2016 with Exchange 2016.  The goal would be to add the 2nd/new DC to the network and then, remove the SBS 2008 server.  
I'm seeking recommendations on how to remove the SBS 2008 server while making the new Windows server the primary DC.
Unlike Standard Windows Server (2008/2012/2016), can SBS 2008 be demoted using DCPromo?
0
Comment
Question by:eitconsulting
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Yes, but then it must be retired. You cannot run SBS as a member server. It will know it is out of licensing compliance.
0
 
LVL 16

Expert Comment

by:Malmensa
Comment Utility
An SBS box has to be the FSMO role holder for all roles, and cannot be demoted. You can transfer the FSMO roles on the 2012DC, however the SBS box will get upset and shutdown periodically.

If you want to keep the SBS box I operation, then it has to remain a DC, with all FSMO roles.
0
 

Author Comment

by:eitconsulting
Comment Utility
@Malmensa "If you want to keep the SBS box I operation, then it has to remain a DC, with all FSMO roles."
As I stated above, I want SBS 2008 out of the network once the new 2012 R2 server is added.
My goal is to keep the AD data hence, adding a new Standard server and Exchange Server followed by removing the SBS.  
I'm seeking recommendations on how to remove the SBS 2008 server while making the new Windows server the primary DC and ultimately maintaining the Active Directory content.  I want to avoid having to remove each computer from a current DC (SBS) and add the computers to a new DC since it'll take longer and can be messy due to having to restore end-user profiles.

@Cliff  No mention of keeping the SBS server.  SBS 2008 must go after I add a 2nd DC hence, I'm seeking a way to remove SBS after I've added the 2nd DC.  So, you mentioned "retiring" but no further information on how to retire SBS 2008.   How would the SBS be retired so that the added/new DC can be the primary DC?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Same as any other DC. Move FSMO roles. Dcpromo (which is what you asked and I said "yes"), then remove the computer object from AD. Nothing unique to SBS here.

Just spelled out that it must be retired (using normal methods') pretty much as soon as you remote it with dcpromo. So demoting it should be one of the last things you do. Don't plan in moving mailboxes', removing exchange, copying files after. Do all of it beforehand.
0
 
LVL 5

Expert Comment

by:mbkitmgr
Comment Utility
This is just my opinion.

Being SBS means its a small domain.  For the sites that I have migrated to NON SBS Servers I have just created a new domain and moved their data and workstations to the new domain.

I ran some scripts provided my MS Support for one migration, and they even admitted the process the scripts "ran" didn't always succeed.  I have seen postings on several forums showing ways of doing it, but I can move mailboxes, data and workstations to a new domain in 12 hours
0
 
LVL 16

Assisted Solution

by:Malmensa
Malmensa earned 200 total points
Comment Utility
"As I stated above, I want SBS 2008 out of the network once the new 2012 R2 server is added.
 My goal is to keep the AD data hence, adding a new Standard server and Exchange Server followed by removing the SBS."

Yep, that will work. Just make sure you are finished with the SBS box before you transfer FSMO roles. Once you transfer, it needs to be removed. You might need to run a metadata cleanup, to tidy things afterwards, but that is no big drama.

https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:eitconsulting
Comment Utility
When "Adding a Domain (Win2016 Srv Std) to an existing Domain (SBS 2011), will the FSMO roles replicate over to the new server (win2016 Srv Std)?  If not, what other step(s) is necessary to ensure the added domain has the FSMO role(s)?
Adding-a-domain.png
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
FSMO roles do not replicate. Only one server holds any given role at any given time. You can gracefully transfer them. Technet has official documentation that a quick google search will churn up (I'm on my mobile so can't really do so easily at the moment or I'd paste a link.)
0
 

Author Comment

by:eitconsulting
Comment Utility
Yeah, I've googled that.  In the past, I've added a Win2012 R2 domain to an existing Win2012 domain.  Then, proceeded to remove the first (Win2012) domain Not Checking "This is the Last Domain in the Network".  The second domain (Win2012 R2) therefore had the roles transferred over without any issues or the use of NTDSUTIL.
https://support.microsoft.com/en-us/kb/255504
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 300 total points
Comment Utility
Same still applies, and won't be an issue *if* the environment is guaranteed healthy. But I am a firm believer in baby steps. I always prefer to transfer roles as a separate step. That way you can check event logs and diag tools to see that all DCs agree that the roles indeed transferred. I've seen people simply transfer, or just demote, but one of their DCs was in journal wrap and therefore didn't take the changes. Then *couldn't * take the changes because fixing the particular journal wrap condition required it be able to contact the machine it thought still had the schema master role. A lot of extra work was creeated in rebuilding that DC and migrating some other data that existed on it. A situation that could've been avoided with more careful monitoring and smaller steps.
0
 

Author Comment

by:eitconsulting
Comment Utility
I converted the customer's SBS 2008 Std to a VM using the Disk2VHD utility and transferred it over to my laptop.   Boots up fine.  I'm going to install a Windows 2016 Server VM with Exchange 2016 on my laptop and test everything out.  My Dell Precision laptop has 64GB of RAM, a 2TB SSD, and a decent i-7 processor so, testing from  the laptop should be good.  I'll post an update here after I've tested adding a 2nd domain, transfer issues (if any) of FSMOs, and removal of the SBS 2008 server from the network.
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 300 total points
Comment Utility
The way your comment reads, it sounds you plan on running only one 2016 VM. While slightly off-topic....please don't. Exchange really is not designed to be on a domain controller. And while SBS "got away" with it, SBS clearly is no more.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This video discusses moving either the default database or any database to a new volume.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now