Windows 2008 R2 Domain Rebuild
I have taken on a client that has had several IT support groups over the years. Needless to say, this environment represents a series of break fixes, experiments and failed attempts.
It looks like the last support group was trying to move from Small Business Server 2003 to Windows Server 2008 R2 Standard.
They have a daily failing SBS 2003 server, a 2003 Standard Member server (Housing their business application Sage Peach Tree) and an Exchange 2008 R2 server.
The old IT group managed to join the 2008 R2 server as a DC along side the old SBS 2003 (which doesn't play well with other servers - even though Microsoft says it's doable). This move was extremely messy due to the fact that SBS 2003 comes out of the box with DNS and the Exchange server (they were using before the 2008 R2 install) . Long story short, I was never convinced of the health of the AD.
With the failing hardware of the SBS 2003 server, I decided to shut it down. The network works OK off the 2008 R2 - DHCP, DNS and files service. Unfortunately, the Exchange service is now corrupt and will not communicate well with the AD. Even with the SBS 2003 turned on, there has always been AD issues I could never resolve due to past history mistakes.
So........... I want to start from Scratch.
Remove the old original SBS 2003
Wipe Out/Rebuild the 2008 R2 server with a fresh AD
Join the member application server into the new Domain
Join the existing 10 user/computer accounts into the new domain
It's always a good idea to pulse other resource before you make a big change.
Here's the question:
What do I need to watch out for? Where is the pit fall, before I pull the rug out from underneath me?
I'm thinking:
Perform a FULL backup
Ensure I have a local admin account on all systems
Remove all systems from the current AD domain
Remove the 2003 Standard Member server from the AD Domain
Wipe the 2008 R2 server clean
Rebuild the 2008 R2 with a fresh AD Domain
Join the 2003 Standard Member Server to the new AD Domain
Join all windows workstations to the new AD domain using the local admin account
A
It looks like the last support group was trying to move from Small Business Server 2003 to Windows Server 2008 R2 Standard.
They have a daily failing SBS 2003 server, a 2003 Standard Member server (Housing their business application Sage Peach Tree) and an Exchange 2008 R2 server.
The old IT group managed to join the 2008 R2 server as a DC along side the old SBS 2003 (which doesn't play well with other servers - even though Microsoft says it's doable). This move was extremely messy due to the fact that SBS 2003 comes out of the box with DNS and the Exchange server (they were using before the 2008 R2 install) . Long story short, I was never convinced of the health of the AD.
With the failing hardware of the SBS 2003 server, I decided to shut it down. The network works OK off the 2008 R2 - DHCP, DNS and files service. Unfortunately, the Exchange service is now corrupt and will not communicate well with the AD. Even with the SBS 2003 turned on, there has always been AD issues I could never resolve due to past history mistakes.
So........... I want to start from Scratch.
Remove the old original SBS 2003
Wipe Out/Rebuild the 2008 R2 server with a fresh AD
Join the member application server into the new Domain
Join the existing 10 user/computer accounts into the new domain
It's always a good idea to pulse other resource before you make a big change.
Here's the question:
What do I need to watch out for? Where is the pit fall, before I pull the rug out from underneath me?
I'm thinking:
Perform a FULL backup
Ensure I have a local admin account on all systems
Remove all systems from the current AD domain
Remove the 2003 Standard Member server from the AD Domain
Wipe the 2008 R2 server clean
Rebuild the 2008 R2 with a fresh AD Domain
Join the 2003 Standard Member Server to the new AD Domain
Join all windows workstations to the new AD domain using the local admin account
A
SBS2003 and 2008 (even 2012) can run side-by-side with the latter as a DC without problems. The most likely issue is that the domain was not healthy to begin with. Knowing 2003 I would first look and see if the 2008 DC is actually a DC or if it is spitting out FRS related errors. If in fact it is, then restore the 2003 server to a running state and perform and reinitialize the FRS from the replica sets. This will allow for the domain to stabilize so that you can continue to remove the SBS2003 server.
Refer to https:/Q_28946540.html#a41601909 for additional information
-saige-
Refer to https:/Q_28946540.html#a41601909 for additional information
-saige-
ASKER
Sorry about my sketchy opening presentation. It is hard to give a full picture without getting to wordy.
I't only 10 users.
I don't have to migrate the users. I am going to recreate them in the new AD.
I have tested the Peach Tree application/data base restore on a test workstation - successful. It is just a shared folder over the network to 4 users.
I have moved this client to an on-line POP 3 email setup. They don't need to have an in-house exchange server. The POP 3 is currently working for them.
Do I need to pull the member server/network workstation out of the domain before I do the rebuild of the 2008 R2?
I'm concerned about the desktop profiles. I know they have to be rebuilt. The top concerns are for their Accounting (3 workstations)/Shipping department (1 workstation). I beleive for the Peach Tree accounting software, it's just a matter of remapping the drive.
The workstation in their shipping department is hooked up to a scale and label printers, utilizing several pieces of software (Peach Tree for labels, UPS, FedEx, etc.) to facilitate shipping, in his current profile. I'm hoping I don't need to reinstall the miscellaneous software in order to realign and re point.
I know my question is very broad, but, I just want to make sure that I'm not missing some crucial step that will put me in a world of hurt.
Thank you for any advice and any support you can supply
I't only 10 users.
I don't have to migrate the users. I am going to recreate them in the new AD.
I have tested the Peach Tree application/data base restore on a test workstation - successful. It is just a shared folder over the network to 4 users.
I have moved this client to an on-line POP 3 email setup. They don't need to have an in-house exchange server. The POP 3 is currently working for them.
Do I need to pull the member server/network workstation out of the domain before I do the rebuild of the 2008 R2?
I'm concerned about the desktop profiles. I know they have to be rebuilt. The top concerns are for their Accounting (3 workstations)/Shipping department (1 workstation). I beleive for the Peach Tree accounting software, it's just a matter of remapping the drive.
The workstation in their shipping department is hooked up to a scale and label printers, utilizing several pieces of software (Peach Tree for labels, UPS, FedEx, etc.) to facilitate shipping, in his current profile. I'm hoping I don't need to reinstall the miscellaneous software in order to realign and re point.
I know my question is very broad, but, I just want to make sure that I'm not missing some crucial step that will put me in a world of hurt.
Thank you for any advice and any support you can supply
ASKER
Hello it_saige
The list is long on event log errors. Among the errors is the inability to replicated between the two DC'S . The list goes on. Too much to resolve to save an old failing 2003 SBS server. Also, the 2003 SBS server (The main DC) has hardware failures. I have shut it down before it decides to shut down on me permanently. Yes, I wanted to keep what ever past I could - when I needed it (just very unstable)
The 2008 R2 server is authenticating users, offering DHCP and DNS services without the help of the SBS 2003 - currently off-line.
I have no way of knowing if the SBS 2003 server started from a healthy domain. All I know, is it is not healthy now.
I do like your line of thinking, an appreciate the excellent advice. I welcome any further thoughts on the matter.
Thank you
The list is long on event log errors. Among the errors is the inability to replicated between the two DC'S . The list goes on. Too much to resolve to save an old failing 2003 SBS server. Also, the 2003 SBS server (The main DC) has hardware failures. I have shut it down before it decides to shut down on me permanently. Yes, I wanted to keep what ever past I could - when I needed it (just very unstable)
The 2008 R2 server is authenticating users, offering DHCP and DNS services without the help of the SBS 2003 - currently off-line.
I have no way of knowing if the SBS 2003 server started from a healthy domain. All I know, is it is not healthy now.
I do like your line of thinking, an appreciate the excellent advice. I welcome any further thoughts on the matter.
Thank you
If you are going to rebuild the 2008 server into a DC for a new domain, then the state of the existing domain doesn't really matter. As long as you have their data stored then as you stated the biggest concern is desktop profiles. There are many different tools that are available to assist with this; USMT for example. Microsoft however states -
-saige-
USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use PCmover Express. PCmover Express is a tool created by Microsoft's partner, Laplink.I personally have never used PCMover Express so I cannot provide any insight into it's reliability.
- Source
-saige-
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm going to get on-site to review the different pieces of software utilized in the shipping department. I need to ID if they have the install files or CD. This is the area I expect to give me the most trouble. It's a production area that prints shipping labels from their Peach Tree accounting software over the network. So, there is 3rd party shipping software, scales and label printers that will all be disrupted (I predict) the moment I pull them out of the Domain.
I am just planning for the worst and hoping for the best, prior to a total rebuild of the this small companies AD domain.
I am just planning for the worst and hoping for the best, prior to a total rebuild of the this small companies AD domain.
ASKER
I created local Admin accounts on all workstations, including the applications server housing an accounting software (Peach Tree).
The APP server is just a member server. Unfortunately it has this old industrial work horse label printer attached to LPT1. I can't find the drivers for it anywhere. So I haven't been able to plug it into any other PC, successfully, to create a fail safe environment. Peach Tree and the ability to print to that label printer has to exist when I joined the new domain. Being I don't make this move everyday, I can't remember whether it makes a difference if I drop the APP server to a work group 1st, before I wipe the AD, or just login in as a local admin after the AD Build - drop it to a work group - then join the new AD.
At the end of the day - Is it possible to join the new AD through the APP server, get a the new logged in profile and just reorient the pointers to the Peach Tree software/Label Printer (already installed from the previous build)? I know this seems like a simple question, but, this network has been relying on the one server I'm about to wipe clean.
The APP server is just a member server. Unfortunately it has this old industrial work horse label printer attached to LPT1. I can't find the drivers for it anywhere. So I haven't been able to plug it into any other PC, successfully, to create a fail safe environment. Peach Tree and the ability to print to that label printer has to exist when I joined the new domain. Being I don't make this move everyday, I can't remember whether it makes a difference if I drop the APP server to a work group 1st, before I wipe the AD, or just login in as a local admin after the AD Build - drop it to a work group - then join the new AD.
At the end of the day - Is it possible to join the new AD through the APP server, get a the new logged in profile and just reorient the pointers to the Peach Tree software/Label Printer (already installed from the previous build)? I know this seems like a simple question, but, this network has been relying on the one server I'm about to wipe clean.
Should be just that simple. Nothing that you have mentioned is influenced by AD (peachtree has it's own user repository and the printer drivers are installed on the server). The only thing you would loose would be any user specific peachtree settings that are bound to the AD profile (if any) on the member server.
-saige-
-saige-
ASKER
Should I pull the member server out of the domain before I proceed with the rebuild?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok
I made the big move over the weekend.
As I predicted, I'm struggling with the 3rd party software in the shipping department. No shipments went out on Monday.
I called all 3rd party vendors prior to the rebuild, in anticipation of the move, and all stated the software will be able to make the transition without any issue - yea right!!!!
No matter how much you prepare, and attempt to circumvent and issue you know will happen, It will bite you in the ass anyway.
Here's the good news. The New AD domain has been created, and all the new workstation profiles have been setup successfully (except for shipping).
I will follow up with final note on this project - I feel is worth noting
Thank you all for your great advice
I made the big move over the weekend.
As I predicted, I'm struggling with the 3rd party software in the shipping department. No shipments went out on Monday.
I called all 3rd party vendors prior to the rebuild, in anticipation of the move, and all stated the software will be able to make the transition without any issue - yea right!!!!
No matter how much you prepare, and attempt to circumvent and issue you know will happen, It will bite you in the ass anyway.
Here's the good news. The New AD domain has been created, and all the new workstation profiles have been setup successfully (except for shipping).
I will follow up with final note on this project - I feel is worth noting
Thank you all for your great advice
ASKER
Final Note:
I receive the following message:
A Required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.
Note: If the windows installation media is in the CD/DVD drive, you can safely remove it for this step.
This message occurred during the install of Windows 2008 R2. It stumped me for a while. It was really looking for the RAID Controller driver. That was not fun while I was under a serious time constraint.
Also, I did remove all the workstations, and member server, out of the Domain prior to the rebuild. It was hard to let go of the old world, but, it was the cleanest option moving forward.
Thank you for all your support!
I receive the following message:
A Required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.
Note: If the windows installation media is in the CD/DVD drive, you can safely remove it for this step.
This message occurred during the install of Windows 2008 R2. It stumped me for a while. It was really looking for the RAID Controller driver. That was not fun while I was under a serious time constraint.
Also, I did remove all the workstations, and member server, out of the Domain prior to the rebuild. It was hard to let go of the old world, but, it was the cleanest option moving forward.
Thank you for all your support!
I have read your question and I guess you are dealing with a mess and about to create a new Mess..Sorry for saying that but you are on the way
There would be lot of stuff that will needs reconfiguration if you keep the approach of new forest few listed below for eg
Profile Migration
Permission reconfiguration
Application migration are some of them
Can you let us know the specific current issues being faced so we can suggest