Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions
-
@Dashrender said:
File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.
When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.
Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
-
@garak0410 said:
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.
-
Are you migrating from and SBS system to a Windows Server 2012 R2? There are migration paths for this that don't require making new domains. This keeps you from having to recreate all of the users, move the computers to a new domain, fix profile problems from logging onto a new domain, etc, etc, etc.
If you are moving from a Windows Server 2003, 2003 R2, 2008, 2008 R2 or 2012 domain (NON SBS) then life is relatively simple.
-
@Dashrender said:
@garak0410 said:
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.
I am migrating from SBS 2003 to Server 2012 R2. Got all the steps from Microsoft. I had originally planned to let my DC do the same as SBS 2003 (file server, DNS, etc. as mentioned above) but now that there are suggestions to split them up, getting a little confused.
So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?
-
@garak0410 said:
So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?
Correct. Just the server name changes. But this can and does effect a lot.
For example your file shares. Today they are probably something like \sbsserver\share and after you move to 2012R2 they will change to \2012r2server\share. This means that you have to update all of the connection points that are pointing to the old files shares (normally done through a logon script).
To save yourself this hassle in the future, you can setup DFS now this will change your connection points a little, to something like \domain.name\share\folder The good thing is that in the future when you have to this again, you won't have to change the logon scripts because the \domain.name portion never changes, and you can do all of the changes behind the scenes.
Also don't forget about things like your AV console. If the clients connect to a specifically named server you'll need to change them to point to the new one.
-
As for share names, you can fix that by abstracting in DNS. For example, if the old server (sbs2003srv) has a DNS CNAME of fileguy then people would access \fileguy\public\dilbertcomics\
When migrating to a new file server, you would need to do nothing but copy the data and repoint the CNAME.
-
@scottalanmiller said:
As for share names, you can fix that by abstracting in DNS. For example, if the old server (sbs2003srv) has a DNS CNAME of fileguy then people would access \fileguy\public\dilbertcomics\
When migrating to a new file server, you would need to do nothing but copy the data and repoint the CNAME.
This assumes you're able to shut the old server off as soon as you've moved the data.
I suppose another option going forward would be to create a generic cname pointing to the current location of the data, then in the future you can change it to point to the new new server, but why? DFS I'm sure for something (that I don't currently know, other than you can introduce replication) is a better solution. -
@Dashrender said:
@garak0410 said:
So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?
Correct. Just the server name changes. But this can and does effect a lot.
For example your file shares. Today they are probably something like \sbsserver\share and after you move to 2012R2 they will change to \2012r2server\share. This means that you have to update all of the connection points that are pointing to the old files shares (normally done through a logon script).
To save yourself this hassle in the future, you can setup DFS now this will change your connection points a little, to something like \domain.name\share\folder The good thing is that in the future when you have to this again, you won't have to change the logon scripts because the \domain.name portion never changes, and you can do all of the changes behind the scenes.
Also don't forget about things like your AV console. If the clients connect to a specifically named server you'll need to change them to point to the new one.
Good idea. In fact, I've done that today. This place is DESKTOP SHORTCUT CRAZY! So I went and made sure all of the shortcuts were to DRIVE LETTERS instead of the servername path. That way, when I roll out new login scripts with the new file server name, the shortcuts will still work.
-
Seems like "nerves" are creeping in again. Heading into this week, I thought this was all I really needed to do as far as the migration goes:
•Order New Server
•Configure
•Install Windows Server 2012 R2
•Download All Updates
•Configure RAID Drives
•Currently Set As:
•Set Roles On Server
•Hypervisor
•Old Server Prep
•Run dcdiag
•Results
•Services
•IsmServ Service is stopped on [PINNSTRDC]
•System Log
•An Error Event occured. EventID: 0x00000457
•8 Of These
•Set Current Domain Functional Level to Windows Server 2003
•Locate your FSMO Roles
•All On Main Server
•Schema Master
•Domain naming master
•Infrastructure Master
•Relative ID (RID) Master
•PDC Emulator
•Prepare your Domain for your new Server 2012 R2 Domain Controllers
•Run adprep /forstprep from the 2012 DVD on the old server.
•Set Up Virtual Machines
•Install Windows Server 2012 R2 and make it a Domain Controller
•Add the AD role.
•http://technet.microsoft.com/en-us/library/hh472162
•After adding the AD DS role and DNS roles to your new Windows 2012 R2 Server simply click the link under Post-deployment configuration from your server manager titled "Promote this server to a Domain Controller"
•Walk through the wizard and add your new domain controller to your existing domain.
•Transfer FSMO Roles to new Server 2012 R2 Domain Controller
•Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
•http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
•Demote old Server 2003 Domain Controllers
•Run dcpromo and follow steps.
•Remember: Do NOT demote any domain controller that does not have FSMO roles on them.
•http://technet.microsoft.com/en-us/library/cc740017(v=ws.10).aspx
•Raise Domain Functional Level
•Raise the functional level by opening Active Directory Domains and Trusts. Then right click on domain and trusts and select "Raise Forest Functional Level"
•http://technet.microsoft.com/en-us/library/cc730985.aspx
•Migration Complete!
Now, got some considerations to make as far as splitting up my DC and file services...
-
RAID configuration goes before any install.
-
@scottalanmiller said:
RAID configuration goes before any install.
Right and that is done now.
I went with RAID 10 as you suggested! :0 -
@garak0410 said:
@scottalanmiller said:
RAID configuration goes before any install.
Right and that is done now.
I went with RAID 10 as you suggested! :0Great
-
Looks like a good start. As Scott mentioned, some of the things in that list are out of order - but looks good.
Now you need to add on all of the other migration things. Email, AV, DBs, Printers, Files, etc.
-
It seems like the more questions I ask, the more off course I get. LOL. I thought I "had this" going into my "penciled in" Friday evening migration.
So, in the helpful but still perplexing discussion above, here's what remains and where I want to get back on course...
-
If I migrate, the domain remains the same, correct?
-
If I move the file server to a separate VM, as long as my domain name doesn't change, I should be good, right? That is, permissions to the file server should be OK?
We have NO Email to migrate (no Exchange) and this isn't counting AV, Files, etc. I just want to get a successful migration in stone, in order first, and then will do the rest of it later...
Thanks as always...wish I could buy everyone in here Pizza!
-
-
@garak0410 said:
- If I migrate, the domain remains the same, correct?
Yes
- If I move the file server to a separate VM, as long as my domain name doesn't change, I should be good, right? That is, permissions to the file server should be OK?
How would you move the file server without moving files? The only thing that makes a file server a file server is the files it serves. The permissions are what you set them to be. Using Robocopy will help in keeping them the same as they were in the old file server. (FYI - MS changed the default permissions on folders I think in Windows 2008 Server - I'd setup the root folder to be the same as the root folder on your old SBS server before you use Robocopy just to make sure don't run into more problems.
-
@Dashrender said:
@garak0410 said:
- If I migrate, the domain remains the same, correct?
Yes
- If I move the file server to a separate VM, as long as my domain name doesn't change, I should be good, right? That is, permissions to the file server should be OK?
How would you move the file server without moving files? The only thing that makes a file server a file server is the files it servers. The permissions are what you set them to be. Using Robocopy will help in keeping them the same as they were in the old file server. (FYI - MS changed the default permissions on folders I think in Windows 2008 Server - I'd setup the root folder to be the same as the root folder on your old SBS server before you use Robocopy just to make sure don't run into more problems.
Where do you want the pizza delivered?
I am moving the files AFTER I promote the new one and demote the other one, correct? Or in between the promotion and demotion? (and yes, plan on keeping them on the root of D)
-
@garak0410 said:
I am moving the files AFTER I promote the new one and demote the other one, correct? Or in between the promotion and demotion? (and yes, plan on keeping them on the root of D)
Actually you could move the files anytime after you join the new server to the old Domain. Once that is done, the new server will understand the security principals of the domain and you'd be covered. Now, that being said, I would wait until after you promote the new server to an AD DS server, but you don't have to.
-
@Dashrender said:
@garak0410 said:
I am moving the files AFTER I promote the new one and demote the other one, correct? Or in between the promotion and demotion? (and yes, plan on keeping them on the root of D)
Actually you could move the files anytime after you join the new server to the old Domain. Once that is done, the new server will understand the security principals of the domain and you'd be covered. Now, that being said, I would wait until after you promote the new server to an AD DS server, but you don't have to.
And again, it doesn't matter if I have a separate file server now...same permissions, right? My new login scripts that map the drives will map to the new server...that is if I don't end up with time to do your recommendation of DFS.
-
You have to set the permission. They don't magically appear. I don't mean to sound curt, I want to make sure we're on the same page. You'll have to set the permissions manually on the sharepoint itself (like your did years ago on the old server) and when using Robocopy supply the correct arguments so that file level permissions are kept during the file copy (I hope you have full access - If you don't I'm not sure how to get around that).
-
@Dashrender said:
You have to set the permission. They don't magically appear. I don't mean to sound curt, I want to make sure we're on the same page. You'll have to set the permissions manually on the sharepoint itself (like your did years ago on the old server) and when using Robocopy supply the correct arguments so that file level permissions are kept during the file copy (I hope you have full access - If you don't I'm not sure how to get around that).
Not curt at all. I'll clarify in the morning...thanks for the help!
