ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions

    IT Discussion
    windows windows server sbs windows server 201 small business ser active directory domain controller
    12
    321
    81.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @garak0410
      last edited by

      @garak0410 said:

      And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?

      I have SBS 2008 in Hyper-V and VMWare as well as SBS 2011 in VMWare at various clients. They all have 2 vProcs and 8GB of vRAM assigned to them. If I was not using Exchange on those boxes I would cut it down to 4GB of vRAM.

      1 Reply Last reply Reply Quote 1
      • DenisKelleyD
        DenisKelley @JaredBusch
        last edited by

        @JaredBusch said:

        @DenisKelley said:

        My virtual DC is just 2 cores (EDIT: it is actually only one core) and 3GB RAM and that might be overpowered. I've decided to not join my VMware hosts to Active Directory so I can connect to them in an unfortunate event when all DCs may be unavailable. I only have 3, so not really a big deal.

        You realize that you still have access with the local users to VMWare if needed.

        Yeah, I do now. I was thinking about that when I wrote it, but yeah, you're right. At the time, it seemed much simpler.

        1 Reply Last reply Reply Quote 0
        • garak0410G
          garak0410 @DenisKelley
          last edited by

          @DenisKelley said:

          @garak0410 said:

          And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?

          DNS is going to be part of the DC anyway. File Server won't be heavily reliant on more RAM or processor cores, but IOPS and Bandwidth, but for a small server, no big deal. The RAM/CPU should be adjusted upwards based on the requirements of the A/V and Backup applications. Why not just leave it a DC and build another VM for the other stuff?

          So, say:

          VM1: Domain/DNS
          VM2: File Server/Web Services/Print Server/Backup Services/Anti-Virus Suite

          How much memory for the VM2 would you suggest then for VM2?

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @garak0410
            last edited by

            @garak0410 said:

            So, say:

            VM1: Domain/DNS
            VM2: File Server/Web Services/Print Server/Backup Services/Anti-Virus Suite

            How much memory for the VM2 would you suggest then for VM2?

            I would start with 4

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @garak0410
              last edited by

              @garak0410 said:

              And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?

              You'll want to increase allotments as you add things but not very much. Those roles typically use very few resources. Although you want to separate stuff to some degree, not be all one server.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                I agree. 4GB in the second VM is a good starting point. Remember that you can adjust anytime. There is nothing locking you down.

                1 Reply Last reply Reply Quote 0
                • garak0410G
                  garak0410
                  last edited by

                  You guys are forcing me to think. LOL. I've gotten so spoiled to the one stop shop of Small Business Server. So if I separate them, how does that affect my files and permissions? I know that sounds like a rudimentary question but as Scott said earlier, my nerves are showing and I am perhaps more capable and more knowledgeable than I think I am. If I serve my files on another server, how does that come into play when I do the migration. That is, when promoted, how will my new domain server know to assign permission to the new file server? I know that sounds like a dumb question and it may not be clear, but trying to cross every T and dot every I...

                  1 Reply Last reply Reply Quote 0
                  • Bill KindleB
                    Bill Kindle
                    last edited by

                    If they are just DC's you can get away with running 2GB RAM, 1 vCPU and 60-80GB's disk space, thin provisioned and using dynamic memory allocation.

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.

                      When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.

                      Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.

                      garak0410G 1 Reply Last reply Reply Quote 1
                      • garak0410G
                        garak0410 @Dashrender
                        last edited by

                        @Dashrender said:

                        File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.

                        When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.

                        Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.

                        OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @garak0410
                          last edited by

                          @garak0410 said:

                          OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.

                          Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.

                          garak0410G 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender
                            last edited by Dashrender

                            Are you migrating from and SBS system to a Windows Server 2012 R2? There are migration paths for this that don't require making new domains. This keeps you from having to recreate all of the users, move the computers to a new domain, fix profile problems from logging onto a new domain, etc, etc, etc.

                            If you are moving from a Windows Server 2003, 2003 R2, 2008, 2008 R2 or 2012 domain (NON SBS) then life is relatively simple.

                            1 Reply Last reply Reply Quote 0
                            • garak0410G
                              garak0410 @Dashrender
                              last edited by

                              @Dashrender said:

                              @garak0410 said:

                              OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.

                              Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.

                              I am migrating from SBS 2003 to Server 2012 R2. Got all the steps from Microsoft. I had originally planned to let my DC do the same as SBS 2003 (file server, DNS, etc. as mentioned above) but now that there are suggestions to split them up, getting a little confused.

                              So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @garak0410
                                last edited by Dashrender

                                @garak0410 said:

                                So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?

                                Correct. Just the server name changes. But this can and does effect a lot.

                                For example your file shares. Today they are probably something like \sbsserver\share and after you move to 2012R2 they will change to \2012r2server\share. This means that you have to update all of the connection points that are pointing to the old files shares (normally done through a logon script).

                                To save yourself this hassle in the future, you can setup DFS now this will change your connection points a little, to something like \domain.name\share\folder The good thing is that in the future when you have to this again, you won't have to change the logon scripts because the \domain.name portion never changes, and you can do all of the changes behind the scenes.

                                Also don't forget about things like your AV console. If the clients connect to a specifically named server you'll need to change them to point to the new one.

                                garak0410G 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  As for share names, you can fix that by abstracting in DNS. For example, if the old server (sbs2003srv) has a DNS CNAME of fileguy then people would access \fileguy\public\dilbertcomics\

                                  When migrating to a new file server, you would need to do nothing but copy the data and repoint the CNAME.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    As for share names, you can fix that by abstracting in DNS. For example, if the old server (sbs2003srv) has a DNS CNAME of fileguy then people would access \fileguy\public\dilbertcomics\

                                    When migrating to a new file server, you would need to do nothing but copy the data and repoint the CNAME.

                                    This assumes you're able to shut the old server off as soon as you've moved the data.
                                    I suppose another option going forward would be to create a generic cname pointing to the current location of the data, then in the future you can change it to point to the new new server, but why? DFS I'm sure for something (that I don't currently know, other than you can introduce replication) is a better solution.

                                    1 Reply Last reply Reply Quote 0
                                    • garak0410G
                                      garak0410 @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      @garak0410 said:

                                      So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?

                                      Correct. Just the server name changes. But this can and does effect a lot.

                                      For example your file shares. Today they are probably something like \sbsserver\share and after you move to 2012R2 they will change to \2012r2server\share. This means that you have to update all of the connection points that are pointing to the old files shares (normally done through a logon script).

                                      To save yourself this hassle in the future, you can setup DFS now this will change your connection points a little, to something like \domain.name\share\folder The good thing is that in the future when you have to this again, you won't have to change the logon scripts because the \domain.name portion never changes, and you can do all of the changes behind the scenes.

                                      Also don't forget about things like your AV console. If the clients connect to a specifically named server you'll need to change them to point to the new one.

                                      Good idea. In fact, I've done that today. This place is DESKTOP SHORTCUT CRAZY! So I went and made sure all of the shortcuts were to DRIVE LETTERS instead of the servername path. That way, when I roll out new login scripts with the new file server name, the shortcuts will still work.

                                      1 Reply Last reply Reply Quote 0
                                      • garak0410G
                                        garak0410
                                        last edited by

                                        Seems like "nerves" are creeping in again. Heading into this week, I thought this was all I really needed to do as far as the migration goes:

                                        •Order New Server
                                        •Configure
                                        •Install Windows Server 2012 R2
                                        •Download All Updates
                                        •Configure RAID Drives
                                        •Currently Set As:
                                        •Set Roles On Server
                                        •Hypervisor
                                        •Old Server Prep
                                        •Run dcdiag
                                        •Results
                                        •Services
                                        •IsmServ Service is stopped on [PINNSTRDC]
                                        •System Log
                                        •An Error Event occured. EventID: 0x00000457
                                        •8 Of These
                                        •Set Current Domain Functional Level to Windows Server 2003
                                        •Locate your FSMO Roles
                                        •All On Main Server
                                        •Schema Master
                                        •Domain naming master
                                        •Infrastructure Master
                                        •Relative ID (RID) Master
                                        •PDC Emulator
                                        •Prepare your Domain for your new Server 2012 R2 Domain Controllers
                                        •Run adprep /forstprep from the 2012 DVD on the old server.
                                        •Set Up Virtual Machines
                                        •Install Windows Server 2012 R2 and make it a Domain Controller
                                        •Add the AD role.
                                        •http://technet.microsoft.com/en-us/library/hh472162
                                        •After adding the AD DS role and DNS roles to your new Windows 2012 R2 Server simply click the link under Post-deployment configuration from your server manager titled "Promote this server to a Domain Controller"
                                        •Walk through the wizard and add your new domain controller to your existing domain.
                                        •Transfer FSMO Roles to new Server 2012 R2 Domain Controller
                                        •Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
                                        •http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
                                        •Demote old Server 2003 Domain Controllers
                                        •Run dcpromo and follow steps.
                                        •Remember: Do NOT demote any domain controller that does not have FSMO roles on them.
                                        •http://technet.microsoft.com/en-us/library/cc740017(v=ws.10).aspx
                                        •Raise Domain Functional Level
                                        •Raise the functional level by opening Active Directory Domains and Trusts. Then right click on domain and trusts and select "Raise Forest Functional Level"
                                        •http://technet.microsoft.com/en-us/library/cc730985.aspx
                                        •Migration Complete! 🙂

                                        Now, got some considerations to make as far as splitting up my DC and file services...

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          RAID configuration goes before any install.

                                          garak0410G 1 Reply Last reply Reply Quote 0
                                          • garak0410G
                                            garak0410 @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            RAID configuration goes before any install.

                                            Right and that is done now. 🙂 I went with RAID 10 as you suggested! :0

                                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 16
                                            • 17
                                            • 2 / 17
                                            • First post
                                              Last post