Solved

Adding a 2nd DC to a current SBS 2008 and demoting SBS 2008?

Posted on 2016-10-26
12
159 Views
Last Modified: 2016-11-05
I have a customer with a SBS 2008 server.  The customer has approved an upgrade to Windows 2012 R2 with Exchange 2016 OR Windows 2016 with Exchange 2016.  The goal would be to add the 2nd/new DC to the network and then, remove the SBS 2008 server.  
I'm seeking recommendations on how to remove the SBS 2008 server while making the new Windows server the primary DC.
Unlike Standard Windows Server (2008/2012/2016), can SBS 2008 be demoted using DCPromo?
0
Comment
Question by:eitconsulting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 41861562
Yes, but then it must be retired. You cannot run SBS as a member server. It will know it is out of licensing compliance.
0
 
LVL 18

Expert Comment

by:Mal Osborne
ID: 41861563
An SBS box has to be the FSMO role holder for all roles, and cannot be demoted. You can transfer the FSMO roles on the 2012DC, however the SBS box will get upset and shutdown periodically.

If you want to keep the SBS box I operation, then it has to remain a DC, with all FSMO roles.
0
 

Author Comment

by:eitconsulting
ID: 41861574
@Malmensa "If you want to keep the SBS box I operation, then it has to remain a DC, with all FSMO roles."
As I stated above, I want SBS 2008 out of the network once the new 2012 R2 server is added.
My goal is to keep the AD data hence, adding a new Standard server and Exchange Server followed by removing the SBS.  
I'm seeking recommendations on how to remove the SBS 2008 server while making the new Windows server the primary DC and ultimately maintaining the Active Directory content.  I want to avoid having to remove each computer from a current DC (SBS) and add the computers to a new DC since it'll take longer and can be messy due to having to restore end-user profiles.

@Cliff  No mention of keeping the SBS server.  SBS 2008 must go after I add a 2nd DC hence, I'm seeking a way to remove SBS after I've added the 2nd DC.  So, you mentioned "retiring" but no further information on how to retire SBS 2008.   How would the SBS be retired so that the added/new DC can be the primary DC?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 41861580
Same as any other DC. Move FSMO roles. Dcpromo (which is what you asked and I said "yes"), then remove the computer object from AD. Nothing unique to SBS here.

Just spelled out that it must be retired (using normal methods') pretty much as soon as you remote it with dcpromo. So demoting it should be one of the last things you do. Don't plan in moving mailboxes', removing exchange, copying files after. Do all of it beforehand.
0
 
LVL 6

Expert Comment

by:mbkitmgr
ID: 41861658
This is just my opinion.

Being SBS means its a small domain.  For the sites that I have migrated to NON SBS Servers I have just created a new domain and moved their data and workstations to the new domain.

I ran some scripts provided my MS Support for one migration, and they even admitted the process the scripts "ran" didn't always succeed.  I have seen postings on several forums showing ways of doing it, but I can move mailboxes, data and workstations to a new domain in 12 hours
0
 
LVL 18

Assisted Solution

by:Mal Osborne
Mal Osborne earned 200 total points
ID: 41861745
"As I stated above, I want SBS 2008 out of the network once the new 2012 R2 server is added.
 My goal is to keep the AD data hence, adding a new Standard server and Exchange Server followed by removing the SBS."

Yep, that will work. Just make sure you are finished with the SBS box before you transfer FSMO roles. Once you transfer, it needs to be removed. You might need to run a metadata cleanup, to tidy things afterwards, but that is no big drama.

https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
0
 

Author Comment

by:eitconsulting
ID: 41864709
When "Adding a Domain (Win2016 Srv Std) to an existing Domain (SBS 2011), will the FSMO roles replicate over to the new server (win2016 Srv Std)?  If not, what other step(s) is necessary to ensure the added domain has the FSMO role(s)?
Adding-a-domain.png
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 41864711
FSMO roles do not replicate. Only one server holds any given role at any given time. You can gracefully transfer them. Technet has official documentation that a quick google search will churn up (I'm on my mobile so can't really do so easily at the moment or I'd paste a link.)
0
 

Author Comment

by:eitconsulting
ID: 41864714
Yeah, I've googled that.  In the past, I've added a Win2012 R2 domain to an existing Win2012 domain.  Then, proceeded to remove the first (Win2012) domain Not Checking "This is the Last Domain in the Network".  The second domain (Win2012 R2) therefore had the roles transferred over without any issues or the use of NTDSUTIL.
https://support.microsoft.com/en-us/kb/255504
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 300 total points
ID: 41864721
Same still applies, and won't be an issue *if* the environment is guaranteed healthy. But I am a firm believer in baby steps. I always prefer to transfer roles as a separate step. That way you can check event logs and diag tools to see that all DCs agree that the roles indeed transferred. I've seen people simply transfer, or just demote, but one of their DCs was in journal wrap and therefore didn't take the changes. Then *couldn't * take the changes because fixing the particular journal wrap condition required it be able to contact the machine it thought still had the schema master role. A lot of extra work was creeated in rebuilding that DC and migrating some other data that existed on it. A situation that could've been avoided with more careful monitoring and smaller steps.
0
 

Author Comment

by:eitconsulting
ID: 41864729
I converted the customer's SBS 2008 Std to a VM using the Disk2VHD utility and transferred it over to my laptop.   Boots up fine.  I'm going to install a Windows 2016 Server VM with Exchange 2016 on my laptop and test everything out.  My Dell Precision laptop has 64GB of RAM, a 2TB SSD, and a decent i-7 processor so, testing from  the laptop should be good.  I'll post an update here after I've tested adding a 2nd domain, transfer issues (if any) of FSMOs, and removal of the SBS 2008 server from the network.
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 300 total points
ID: 41864738
The way your comment reads, it sounds you plan on running only one 2016 VM. While slightly off-topic....please don't. Exchange really is not designed to be on a domain controller. And while SBS "got away" with it, SBS clearly is no more.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
In-place Upgrading Dirsync to Azure AD Connect
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question