Confused - Do I need to copy my SBS 2008  to a virtual machine to perform a migration to 2012?

Posted on 2016-11-15
Medium Priority
Last Modified: 2016-11-16
All the documentation I am seeing talks about somehow doing this to debug the process before doing this for real .
All te documentation talks about 2008 r2 not SBS 2008
The problem is I don't have the resources for this and i'm concerned what this would do to the network to have another identical server on it .
Please tell me that I can just migrate the roles one by one from the existing server .
I have already migrated the exchange 2007 to office 365 .
Ideally I would like to bring up the r 2012 server on the same  network as the SBS  and migrate the desktops  then shutdown the SBS box .
Here are my concerns .
1. The SBS 2008 (mycompany.local) box is in production and I would rather not be patching or otherwise changing its configuration due to the risk of downtime.  ( I am hoping for a migration where I export a file from one server and import it into another .
2. I need to do the migration in the background until cutover .
3. I need to have the new server run in parallel so i can configure services and roles etc without disruption of the existing setup .
I was told in another question that I cannot simply have a new AD domain (Mycompany-v2.local ) on the new server and copy the other roles so now I am stuck because I also cant have the new server on the old tree without disruption either .
I don't have the luxury of a separate network lab environment .
Please help me get past this issue . Where I am stuck is how to have AD on the new server so I can begin setting up groups and policies the way they need to be . ( EX: can I copy and rename the AD and bring it up as a separate new domain so I can work on it ?)
Question by:Andre P
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 34

Expert Comment

ID: 41888646
Just to paraphrase, you have an existing 2008 Small Business Server (SBS) controlled domain.  You wish to add a new server that has 2012 on it and promote it to a domain controller.  After the promotion, you want to move your roles and services (where applicable) from the 2008 SBS to the new 2012 server.  Once completed you want to demote and retire the 2008 SBS?

Do I have this correct?

If so, at this point in time it sounds as if you have already stood up the new 2012 server and have moved Exchange from the 2008 SBS to O365.  Have you joined the new 2012 server to the domain?

LVL 59

Expert Comment

by:Cliff Galiher
ID: 41888721
You don't need to virtualize at all to do this. Many admins do so because they feel that taking a snapshot/checkpoint provides a quick way back. But since that isn't a good idea with older domain controllers, that really isn't an issue here.

You can add your 2012 servers, join them to your existing domain, make them DCs (to replicate AD), and migrate roles and data all without virtualizing and the only downtime is the movement of the actual roles (when you move a printer, chances are there will be some interruption of that printer, etc.)

But paying attention to your event logs and looking for errors is critical.

Also keep in mind SBS's restrictions. Move the FSMO roles and demote the SBS server *last* to keep it in licensing compliance.

I've done literally hundreds of migrations like this and it all works well when properly planned.

Author Comment

by:Andre P
ID: 41888724
Yes you have it correct .
I guess i am confused as to when is the process the new server comes online as the primary domain controller .
It is currently a virtual machine and has no roles installed yet . It has not been added to any domains.
I would like to configure the new server with all roles and cutover once the data dns etc has been migrated
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

LVL 59

Expert Comment

by:Cliff Galiher
ID: 41888751
The concept of a "primary" domain controller went away with NT4. Your new server will be *a* domain controller as soon as you install and configure the "Active Directory Domain Services" role.

Author Comment

by:Andre P
ID: 41888794
Ok .. So i guess what I need to know is this . I install AD role tonight  .. I add it to the existing domain
I have not done anything else . What happens when my users come in tomorrow ? Is there a disruption ? Or are they still using the SBS 2008 server .
Can i continue migrating but not activating the other roles DNS ,DHCP ? I want to to make some changes to the group policies etc before I cut over . I DO NOT want them to take effect until after i have tested the changes on a test desktop .
Once I do the initial replication can i work on the new server without affecting the operation of the old server or the people attached to it ?
LVL 59

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 41888803
"I have not done anything else . What happens when my users come in tomorrow ? Is there a disruption ? Or are they still using the SBS 2008 server . "

There is not a disruption. But for AD requests, such as logon or group policy, they may use the SBS server or the new server. AD is multi-master which means any server can be connected to and *all* servers get any changes made.

"Can i continue migrating but not activating the other roles DNS ,DHCP ?"

DHCP, yes.  DNS is a required role in AD and those zones will replicate as part of AD. They will be live when you do so. Any changes you make to those DNS zones will replicate back to SBS as well.

"Once I do the initial replication can i work on the new server without affecting the operation of the old server or the people attached to it ? "

No. Any changes will replicate.  It is not uncommon for admins to use a security group or even an OU with just test machines and test users. Then you can create new group policies, linking them only to the OU, or filtering by those groups, so they can test without the group policy applying to other machines.  Then when you are ready to apply the setting more broadly, you can simply link to another OU and/or add security groups to the filter.  But the created group policy will "exist" on the live network the whole time.  You can't do what *you* want...fully isolated test desktops, etc, without setting up a full test network end-to-end.

Note that this is not a migration challenge. This is true even if you weren't migrating. It is also true for any sysadmin who regularly needs to manage desktops on 2012.  SBS is not a factor, nor is the migration scenario.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question