Alexandre Takacs
asked on
Migrating from SBS - cont
A follow up to this question
In fact I might have an issue...
And when trying to demote said SBS
But is a SBS server supposed to "see" other DC ?
Also I know there are limitation in SBS - is migrating to a "full" server going to lift them or there anything I should do to "unlock" my domain (on of the thing we are looking forward to be able to do is to establish trust with other domains).
In fact I might have an issue...
C:\Windows\system32>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\MYSBS
DSA Options: (none)
Site Options: (none)
DSA object GUID: e19027c0-4d2c-478a-af05-05faa2718310
DSA invocationID: f27788ec-bdc0-497f-a78d-5825ad87aa54
==== INBOUND NEIGHBORS ======================================
DC=genericdomain,DC=local
Default-First-Site-Name\AD-SX-01 via RPC
DSA object GUID: 64335acb-58f2-473b-be96-0677ad15b1c1
Last attempt @ 2017-01-20 10:33:08 was successful.
CN=Configuration,DC=genericdomain,DC=local
Default-First-Site-Name\AD-SX-01 via RPC
DSA object GUID: 64335acb-58f2-473b-be96-0677ad15b1c1
Last attempt @ 2017-01-20 10:07:53 was successful.
CN=Schema,CN=Configuration,DC=genericdomain,DC=local
Default-First-Site-Name\AD-SX-01 via RPC
DSA object GUID: 64335acb-58f2-473b-be96-0677ad15b1c1
Last attempt @ 2017-01-20 09:49:07 was successful.
DC=DomainDnsZones,DC=genericdomain,DC=local
Default-First-Site-Name\AD-SX-01 via RPC
DSA object GUID: 64335acb-58f2-473b-be96-0677ad15b1c1
Last attempt @ 2017-01-20 10:07:50 was successful.
DC=ForestDnsZones,DC=genericdomain,DC=local
Default-First-Site-Name\AD-SX-01 via RPC
DSA object GUID: 64335acb-58f2-473b-be96-0677ad15b1c1
Last attempt @ 2017-01-20 10:20:17 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
And when trying to demote said SBS
But is a SBS server supposed to "see" other DC ?
Also I know there are limitation in SBS - is migrating to a "full" server going to lift them or there anything I should do to "unlock" my domain (on of the thing we are looking forward to be able to do is to establish trust with other domains).
Have you followed a method similar, or the same as described in this article? https://www.server-essentials.com/support/articleid/103/migrate-from-sbs-2011-standard-to-windows-server-2012-r2-essentials
Hi,
are you migrating from SBS to standard, or are you removing DC role from SBS, which would kill the server?
If you are migrating, then you should follow guides like @David Needham said, and don't try to remove DC role on SBS before you have migrated everything.
Regards,
Ivan.
are you migrating from SBS to standard, or are you removing DC role from SBS, which would kill the server?
If you are migrating, then you should follow guides like @David Needham said, and don't try to remove DC role on SBS before you have migrated everything.
Regards,
Ivan.
ASKER
Yep - except that I don't want to retire the exchange server (yet)
ASKER
Well we are migrating from SBS to "full" architecture but wanted to tackle this step by step - ie first moving the domain controller role to a new "full" server (actually 2 eventually) and the migrating exchange. Is this not supported ?
We don't really need to remove AD role from the SBS right now except that we are hampered by some of the limitations (namely can't establish trust to other domains).
We don't really need to remove AD role from the SBS right now except that we are hampered by some of the limitations (namely can't establish trust to other domains).
Hi,
if you want to use your SBS for Exchange, then you can simple deploy additional Windows server, and install DC role on it. That way you would have redundancy for DC role, but not for Exchange/ SharePoint, since they would be hosted only on SBS machine.
As for installing additional DC in SBS 2011 environment, simple install server, add Active Directory Domain Services role and choose option "Existing forest --> Add a domain controller to existing domain".
There are many guides online, like: http://mscerts.programming4.us/windows_server/Windows%20Small%20Business%20Server%202011%20%20%20Deploying%20a%20Second%20Domain%20Controller.aspx
Regards,
Ivan.
if you want to use your SBS for Exchange, then you can simple deploy additional Windows server, and install DC role on it. That way you would have redundancy for DC role, but not for Exchange/ SharePoint, since they would be hosted only on SBS machine.
As for installing additional DC in SBS 2011 environment, simple install server, add Active Directory Domain Services role and choose option "Existing forest --> Add a domain controller to existing domain".
There are many guides online, like: http://mscerts.programming4.us/windows_server/Windows%20Small%20Business%20Server%202011%20%20%20Deploying%20a%20Second%20Domain%20Controller.aspx
Regards,
Ivan.
ASKER
f you want to use your SBS for Exchange, then you can simple deploy additional Windows server, and install DC role on it. That way you would have redundancy for DC role, but not for Exchange/ SharePoint, since they would be hosted only on SBS machine.
But would that lift the limitations of SBS domains (namely, but there are others, on setting up trust to external domains) ?
Hi,
you can do this step by step, and it is supported. Deploy new Windows server, and install it as additional DC, then deploy new machine and migrate Exchange. If you are using SP then deploy new machine and migrate SP and everything else...SQL, etc.
you can do this step by step, and it is supported. Deploy new Windows server, and install it as additional DC, then deploy new machine and migrate Exchange. If you are using SP then deploy new machine and migrate SP and everything else...SQL, etc.
ASKER
Well thanks for confirming that what I'm doing is supported.
Any suggestion / idea about the error I am seeing above ? Why can't I move the DC role from SBS ?
Any suggestion / idea about the error I am seeing above ? Why can't I move the DC role from SBS ?
Hmm..
I don't think it is supported. SBS domain must be the root domain in forest, and he does not support adding sub domain or anything.
This new DC would simple be for redundancy, and limitations would still exist, since it is the same domain.
Here is a interesting thing about SBS 2008. It says that if you try to establish trust from SBS, you are in license violation.
https://technet.microsoft.com/en-us/library/ee247409(v=ws.10).aspx
The Microsoft Software License Terms for Windows SBS 2008 explicitly disallows changing the system in order to work around the "no trusts" rule. So not only is Windows SBS 2008 configured not to allow trusts, but you also break your licensing agreement if you try!
PS: On some forums people who have tried to configure trust from SBS 2011, says that it works, but as expected, it is not supported by MS.
I would suggest that you simple follow guide for migrating SBS 2011 to multiple standalone servers, like described in posts above, and then configure trust with new forest/ company.
Regards,
Ivan.
I don't think it is supported. SBS domain must be the root domain in forest, and he does not support adding sub domain or anything.
This new DC would simple be for redundancy, and limitations would still exist, since it is the same domain.
Here is a interesting thing about SBS 2008. It says that if you try to establish trust from SBS, you are in license violation.
https://technet.microsoft.com/en-us/library/ee247409(v=ws.10).aspx
The Microsoft Software License Terms for Windows SBS 2008 explicitly disallows changing the system in order to work around the "no trusts" rule. So not only is Windows SBS 2008 configured not to allow trusts, but you also break your licensing agreement if you try!
PS: On some forums people who have tried to configure trust from SBS 2011, says that it works, but as expected, it is not supported by MS.
I would suggest that you simple follow guide for migrating SBS 2011 to multiple standalone servers, like described in posts above, and then configure trust with new forest/ company.
Regards,
Ivan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you added your new DC's IP address as a DNS Server on the SBS? That would be required before you are able to demote it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oops... I missed Lee's BOLD shout about Exchange... so I'll just 2nd what he said. :-)
ASKER
Thanks for all comments - clearly not as simple as I would have expected... but now I have all the relevant information !