Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions
-
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
I have SBS 2008 in Hyper-V and VMWare as well as SBS 2011 in VMWare at various clients. They all have 2 vProcs and 8GB of vRAM assigned to them. If I was not using Exchange on those boxes I would cut it down to 4GB of vRAM.
-
@JaredBusch said:
@DenisKelley said:
My virtual DC is just 2 cores (EDIT: it is actually only one core) and 3GB RAM and that might be overpowered. I've decided to not join my VMware hosts to Active Directory so I can connect to them in an unfortunate event when all DCs may be unavailable. I only have 3, so not really a big deal.
You realize that you still have access with the local users to VMWare if needed.
Yeah, I do now. I was thinking about that when I wrote it, but yeah, you're right. At the time, it seemed much simpler.
-
@DenisKelley said:
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
DNS is going to be part of the DC anyway. File Server won't be heavily reliant on more RAM or processor cores, but IOPS and Bandwidth, but for a small server, no big deal. The RAM/CPU should be adjusted upwards based on the requirements of the A/V and Backup applications. Why not just leave it a DC and build another VM for the other stuff?
So, say:
VM1: Domain/DNS
VM2: File Server/Web Services/Print Server/Backup Services/Anti-Virus SuiteHow much memory for the VM2 would you suggest then for VM2?
-
@garak0410 said:
So, say:
VM1: Domain/DNS
VM2: File Server/Web Services/Print Server/Backup Services/Anti-Virus SuiteHow much memory for the VM2 would you suggest then for VM2?
I would start with 4
-
@garak0410 said:
And these suggestions are even when I allow my DC to be my file server/DNS and also being my anti-virus and backup program host?
You'll want to increase allotments as you add things but not very much. Those roles typically use very few resources. Although you want to separate stuff to some degree, not be all one server.
-
I agree. 4GB in the second VM is a good starting point. Remember that you can adjust anytime. There is nothing locking you down.
-
You guys are forcing me to think. LOL. I've gotten so spoiled to the one stop shop of Small Business Server. So if I separate them, how does that affect my files and permissions? I know that sounds like a rudimentary question but as Scott said earlier, my nerves are showing and I am perhaps more capable and more knowledgeable than I think I am. If I serve my files on another server, how does that come into play when I do the migration. That is, when promoted, how will my new domain server know to assign permission to the new file server? I know that sounds like a dumb question and it may not be clear, but trying to cross every T and dot every I...
-
If they are just DC's you can get away with running 2GB RAM, 1 vCPU and 60-80GB's disk space, thin provisioned and using dynamic memory allocation.
-
File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.
When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.
Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.
-
@Dashrender said:
File permissions have nothing to do with the server they are on, and more to do with the files themselves. Now that being said - the folders that files are in typically push their permissions down to the files.
When you copy your files from the old server to the new one - use something like Robocopy and use the commands that keep the file permissions the same on the copied files.
Also - now is a great time to look at setting up DFS instead of old school UNC shares. This will make life easier for you in 4-7 years when you have to migrate again.
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
-
@garak0410 said:
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.
-
Are you migrating from and SBS system to a Windows Server 2012 R2? There are migration paths for this that don't require making new domains. This keeps you from having to recreate all of the users, move the computers to a new domain, fix profile problems from logging onto a new domain, etc, etc, etc.
If you are moving from a Windows Server 2003, 2003 R2, 2008, 2008 R2 or 2012 domain (NON SBS) then life is relatively simple.
-
@Dashrender said:
@garak0410 said:
OK...so when I Robocopy them over, it doesn't matter if domain has changed or if I now have a new file server, as long as it is on the new domain, the permissions (based upon groups and users) should carry over, correct? Again, sorry for my ignorance. I will look at DFS if I have time.
Sorry I didn't realize you were changing domains (why are you doing that?). You'll lose all of the SID associations when you change domains so your permissions won't flow if you are changing domains.
I am migrating from SBS 2003 to Server 2012 R2. Got all the steps from Microsoft. I had originally planned to let my DC do the same as SBS 2003 (file server, DNS, etc. as mentioned above) but now that there are suggestions to split them up, getting a little confused.
So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?
-
@garak0410 said:
So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?
Correct. Just the server name changes. But this can and does effect a lot.
For example your file shares. Today they are probably something like \sbsserver\share and after you move to 2012R2 they will change to \2012r2server\share. This means that you have to update all of the connection points that are pointing to the old files shares (normally done through a logon script).
To save yourself this hassle in the future, you can setup DFS now this will change your connection points a little, to something like \domain.name\share\folder The good thing is that in the future when you have to this again, you won't have to change the logon scripts because the \domain.name portion never changes, and you can do all of the changes behind the scenes.
Also don't forget about things like your AV console. If the clients connect to a specifically named server you'll need to change them to point to the new one.
-
As for share names, you can fix that by abstracting in DNS. For example, if the old server (sbs2003srv) has a DNS CNAME of fileguy then people would access \fileguy\public\dilbertcomics\
When migrating to a new file server, you would need to do nothing but copy the data and repoint the CNAME.
-
@scottalanmiller said:
As for share names, you can fix that by abstracting in DNS. For example, if the old server (sbs2003srv) has a DNS CNAME of fileguy then people would access \fileguy\public\dilbertcomics\
When migrating to a new file server, you would need to do nothing but copy the data and repoint the CNAME.
This assumes you're able to shut the old server off as soon as you've moved the data.
I suppose another option going forward would be to create a generic cname pointing to the current location of the data, then in the future you can change it to point to the new new server, but why? DFS I'm sure for something (that I don't currently know, other than you can introduce replication) is a better solution. -
@Dashrender said:
@garak0410 said:
So, if I migrate, my domain name stays the same, correct? Just the server name will change, correct?
Correct. Just the server name changes. But this can and does effect a lot.
For example your file shares. Today they are probably something like \sbsserver\share and after you move to 2012R2 they will change to \2012r2server\share. This means that you have to update all of the connection points that are pointing to the old files shares (normally done through a logon script).
To save yourself this hassle in the future, you can setup DFS now this will change your connection points a little, to something like \domain.name\share\folder The good thing is that in the future when you have to this again, you won't have to change the logon scripts because the \domain.name portion never changes, and you can do all of the changes behind the scenes.
Also don't forget about things like your AV console. If the clients connect to a specifically named server you'll need to change them to point to the new one.
Good idea. In fact, I've done that today. This place is DESKTOP SHORTCUT CRAZY! So I went and made sure all of the shortcuts were to DRIVE LETTERS instead of the servername path. That way, when I roll out new login scripts with the new file server name, the shortcuts will still work.
-
Seems like "nerves" are creeping in again. Heading into this week, I thought this was all I really needed to do as far as the migration goes:
•Order New Server
•Configure
•Install Windows Server 2012 R2
•Download All Updates
•Configure RAID Drives
•Currently Set As:
•Set Roles On Server
•Hypervisor
•Old Server Prep
•Run dcdiag
•Results
•Services
•IsmServ Service is stopped on [PINNSTRDC]
•System Log
•An Error Event occured. EventID: 0x00000457
•8 Of These
•Set Current Domain Functional Level to Windows Server 2003
•Locate your FSMO Roles
•All On Main Server
•Schema Master
•Domain naming master
•Infrastructure Master
•Relative ID (RID) Master
•PDC Emulator
•Prepare your Domain for your new Server 2012 R2 Domain Controllers
•Run adprep /forstprep from the 2012 DVD on the old server.
•Set Up Virtual Machines
•Install Windows Server 2012 R2 and make it a Domain Controller
•Add the AD role.
•http://technet.microsoft.com/en-us/library/hh472162
•After adding the AD DS role and DNS roles to your new Windows 2012 R2 Server simply click the link under Post-deployment configuration from your server manager titled "Promote this server to a Domain Controller"
•Walk through the wizard and add your new domain controller to your existing domain.
•Transfer FSMO Roles to new Server 2012 R2 Domain Controller
•Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
•http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
•Demote old Server 2003 Domain Controllers
•Run dcpromo and follow steps.
•Remember: Do NOT demote any domain controller that does not have FSMO roles on them.
•http://technet.microsoft.com/en-us/library/cc740017(v=ws.10).aspx
•Raise Domain Functional Level
•Raise the functional level by opening Active Directory Domains and Trusts. Then right click on domain and trusts and select "Raise Forest Functional Level"
•http://technet.microsoft.com/en-us/library/cc730985.aspx
•Migration Complete!
Now, got some considerations to make as far as splitting up my DC and file services...
-
RAID configuration goes before any install.
-
@scottalanmiller said:
RAID configuration goes before any install.
Right and that is done now.
I went with RAID 10 as you suggested! :0
