Nova Consult ApS
asked on
SBS 2007 remove AD ?
Hello
I have a setup with an old SBS 2008 server with AD and Exchange 2007, and a new server 2012 R2 with AD
so i have 2 AD server with domain function level 2008.
i will migrate Exchange to Office365 with AAD Connect and Bittitan, but to get Password Sync to work i need an AD with
server 2008 R2 or greater.
To upgrade the domain function level i need to remove the old SBS server from the ad(it can e a member server) so i need demote the SBS server to a member server, and keep Exchange on it for a wile ( 1-2 weeks ).
so the question is : is it possible to demote a SBS to a member server and keep exchange on it.
or can i just install AAD connect on the 2012 R2 domain controller and dont think about domain function level ?
/Anders
I have a setup with an old SBS 2008 server with AD and Exchange 2007, and a new server 2012 R2 with AD
so i have 2 AD server with domain function level 2008.
i will migrate Exchange to Office365 with AAD Connect and Bittitan, but to get Password Sync to work i need an AD with
server 2008 R2 or greater.
To upgrade the domain function level i need to remove the old SBS server from the ad(it can e a member server) so i need demote the SBS server to a member server, and keep Exchange on it for a wile ( 1-2 weeks ).
so the question is : is it possible to demote a SBS to a member server and keep exchange on it.
or can i just install AAD connect on the 2012 R2 domain controller and dont think about domain function level ?
/Anders
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I might have misunderstood the question:
The way I read it was to move to 2008R2 then demote the SBS server and make it an exchange server which is rather simple and straightforward.
The first steps would be to roll-out the new AD and transfer the roles which I assumed was the game plan with moving to AAD to leverage password write-back etc.
Moving everything to the new infra then rolling out the old SBS as your exchange is rather simple.
Here is a walkthrough for migrating.
https://blogs.technet.microsoft.com/infratalks/2012/09/06/transition-from-small-business-server-to-standard-windows-server/
Here are the steps for then moving exchange to your member server:
http://msexchangeguru.com/2011/02/27/move-exchange-to-a-member-server/
The way I read it was to move to 2008R2 then demote the SBS server and make it an exchange server which is rather simple and straightforward.
The first steps would be to roll-out the new AD and transfer the roles which I assumed was the game plan with moving to AAD to leverage password write-back etc.
Moving everything to the new infra then rolling out the old SBS as your exchange is rather simple.
Here is a walkthrough for migrating.
https://blogs.technet.microsoft.com/infratalks/2012/09/06/transition-from-small-business-server-to-standard-windows-server/
Here are the steps for then moving exchange to your member server:
http://msexchangeguru.com/2011/02/27/move-exchange-to-a-member-server/
I have to disagree with some of the comments above:
1. SBS CANNOT be a member server for long - it will start shutting down 3 weeks after you demote it.
2. You WILL break exchange if you demote it. Anyone who has ever worked with Exchange should know this - once Exchange is installed you cannot DEMOTE or PROMOTE a server as a Domain Controller.
3. The proper way to do this is to get your mailboxes migrated, uninstall Exchange, Demote the SBS server, remove the SBS server from the network and THEN setup single sign-on.
1. SBS CANNOT be a member server for long - it will start shutting down 3 weeks after you demote it.
2. You WILL break exchange if you demote it. Anyone who has ever worked with Exchange should know this - once Exchange is installed you cannot DEMOTE or PROMOTE a server as a Domain Controller.
3. The proper way to do this is to get your mailboxes migrated, uninstall Exchange, Demote the SBS server, remove the SBS server from the network and THEN setup single sign-on.
yes if that's true then yes, move away from it. I understood to remove AD from SBS but keep exchange 2007 which won't work.
once the FSMO roles are moved, you get 24 hours and it will shut down every hour.
I think it came from how I read this line:
To upgrade the domain function level i need to remove the old SBS server from the ad(it can e a member server) so i need demote the SBS server to a member server, and keep Exchange on it for a wile ( 1-2 weeks ).
I applied more common sense than I should have :(
The inference was the the op understood that the env upgrade was a foregone conclusion and would be moving to 2008 then simply rolling out an exchange server which was not on his primary server.
I completely missed for a while 1-2 weeks, I assumed a re-purpose to a member server then running exchange on it.
To upgrade the domain function level i need to remove the old SBS server from the ad(it can e a member server) so i need demote the SBS server to a member server, and keep Exchange on it for a wile ( 1-2 weeks ).
I applied more common sense than I should have :(
The inference was the the op understood that the env upgrade was a foregone conclusion and would be moving to 2008 then simply rolling out an exchange server which was not on his primary server.
I completely missed for a while 1-2 weeks, I assumed a re-purpose to a member server then running exchange on it.
had to read it a couple of times myself. :)
ASKER
First i need to say sorry about my bad english :-) i try :-)
and next i need to say that all of you only make me more confused.
i belive that the demotion of the SBS server is a bad idea, so i'll not do that right now if it breaks exchange
maybe i'll setup AAD connect without Password Sync for now and then set that op at a later time.
i tried AAD connect the other day at a friends house, and on that server 2008 it told me that AAD did not support
password sync on server 2008, now i installed it on the server 2012 R2 ( still on Domain function level 2008 ) and i dont get that error,
so maybe it just need some functionality from the server 2012 R2 to work, and the domain function level don't matter.
Do you thin that is right ??
and next i need to say that all of you only make me more confused.
i belive that the demotion of the SBS server is a bad idea, so i'll not do that right now if it breaks exchange
maybe i'll setup AAD connect without Password Sync for now and then set that op at a later time.
i tried AAD connect the other day at a friends house, and on that server 2008 it told me that AAD did not support
password sync on server 2008, now i installed it on the server 2012 R2 ( still on Domain function level 2008 ) and i dont get that error,
so maybe it just need some functionality from the server 2012 R2 to work, and the domain function level don't matter.
Do you thin that is right ??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Exchange is not recommended on a DC, so with that in mind it is perfectly safe on the demoted SBS server.
Forward thinking (making the most out of moving to O365 and AAD), will be best served in the environment as you initially described:
Demote SBS to member server with 2008R2 or greater and upgraded functional level.