Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions
-
This is where my "jack of all IT trades and master of nothing" is coming into play, especially in a solo IT shop. I've managed several hundred terabytes SAN's, managed the VMWare ESX VM's, enterprise backup, server support. But I never get the time to dive into the guts of anything, especially with this job, where I am needed for the smallest or biggest IT need.
So, this may help. Here's my remaining to do list before tomorrow night:
Add the AD role.
•http://technet.microsoft.com/en-us/library/hh472162
•After adding the AD DS role and DNS roles to your new Windows 2012 R2 Server simply click the link under Post-deployment configuration from your server manager titled "Promote this server to a Domain Controller"
•Walk through the wizard and add your new domain controller to your existing domain.
•Transfer FSMO Roles to new Server 2012 R2 Domain Controller
•Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
•http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
•Demote old Server 2003 Domain Controllers
•Run dcpromo and follow steps.
•Remember: Do NOT demote any domain controller that does not have FSMO roles on them.
•http://technet.microsoft.com/en-us/library/cc740017(v=ws.10).aspx
•Raise Domain Functional Level
•Raise the functional level by opening Active Directory Domains and Trusts. Then right click on domain and trusts and select "Raise Forest Functional Level"
•http://technet.microsoft.com/en-us/library/cc730985.aspx
•Migration Complete! grinningNeed to rethink my backup solution and since you are suggesting the free unitrends, I will get that installed on my services VM.
Also remaining post migration:
- Move antivirus over (got a plan from Symantec to make it work, even with server name change)
- RoboCopy files over from old DC to the E drive on services01
- Get login scripts edited to point to services01 for drive mappings.
- Test and verify some workstation logins.
-
@garak0410 said:
@scottalanmiller said:
@garak0410 said:
How do I remote into my host if it isn't on my domain?
I'm lost here. How do you access it when it is on the domain? I've never had being on the domain make a difference. You are running into an implied obstacle that I can't visualize.
The Host is currently in WORKGROUP, so I cannot RDP into it. I can only access it physically. Though all I've read over the months, it doesn't get joined to the domain, correct?
I'm still confused. How does this block RDP? I can RDP into non-domain machines.
-
If you have VMware experience, why go through the extra complication of HyperV?
-
What do you mean by your "services VM". I'm not sure I understand the reference.
-
@scottalanmiller said:
What do you mean by your "services VM". I'm not sure I understand the reference.
My file server will be called services01.
-
I do apologize for my ignorance. I just don't think I am ready (at least by tomorrow) to virtualize. Way too many questions remain and are unclear.
-
@scottalanmiller said:
If you have VMware experience, why go through the extra complication of HyperV?
I'm a Microsoft guy at heart...plus no next to nothing about Linux, should I need to troubleshoot ESXi problems.
-
@garak0410 said:
@scottalanmiller said:
If you have VMware experience, why go through the extra complication of HyperV?
I'm a Microsoft guy at heart...plus no next to nothing about Linux, should I need to troubleshoot ESXi problems.
Where does Linux come into the equation? VMware has no Linux or Unix and is managed from a very simple client.
-
Here is what you do. Throw HyperV onto a box. Load everything else onto it the same as if you were doing physical. Done.
Don't change one thing other than installing HyperV. Nothing.
Does that fix everything or do problems still arise? Other than the RDP confusion, I think that that addresses all concerns.
-
@scottalanmiller said:
@garak0410 said:
@scottalanmiller said:
@garak0410 said:
How do I remote into my host if it isn't on my domain?
I'm lost here. How do you access it when it is on the domain? I've never had being on the domain make a difference. You are running into an implied obstacle that I can't visualize.
The Host is currently in WORKGROUP, so I cannot RDP into it. I can only access it physically. Though all I've read over the months, it doesn't get joined to the domain, correct?
I'm still confused. How does this block RDP? I can RDP into non-domain machines.
The host is not on my domain, so if I try to remote to it via IP or DNS name, it doesn't connect...it does have a static IP for both virtual switches in our domain range...
-
Oh. You've just forgotten to make its DNS entry, that's all. Not an AD or RDP issue. Just needs normal DNS management.
-
@scottalanmiller said:
Oh. You've just forgotten to make its DNS entry, that's all. Not an AD or RDP issue. Just needs normal DNS management.
Done...waiting on replication now. Now that I am thinking of it, most of our workstations have static IP's pointing to the current DNS server (also Domain Controller). After the new domain controller is promoted and the other one demoted, it is safe to change the IP on the new one to the old IP?
-
@scottalanmiller said:
Oh. You've just forgotten to make its DNS entry, that's all. Not an AD or RDP issue. Just needs normal DNS management.
The host has two virtual switches...which one do I make the DNS entry for? Doesn't matter really?
-
@garak0410 said:
@scottalanmiller said:
Oh. You've just forgotten to make its DNS entry, that's all. Not an AD or RDP issue. Just needs normal DNS management.
Done...waiting on replication now. Now that I am thinking of it, most of our workstations have static IP's pointing to the current DNS server (also Domain Controller). After the new domain controller is promoted and the other one demoted, it is safe to change the IP on the new one to the old IP?
That's not a good process. I've done that and it is unnecessarily painful. Instead use DHCP to push out the new IP address as the primary and the old one as the secondary.
-
@garak0410 said:
@scottalanmiller said:
Oh. You've just forgotten to make its DNS entry, that's all. Not an AD or RDP issue. Just needs normal DNS management.
The host has two virtual switches...which one do I make the DNS entry for? Doesn't matter really?
The one that RDP is listening on
-
I think I am going to wait until NEXT Friday. Either I am making this harder than it is or I am constantly encountering more detours and new considerations.
-
@scottalanmiller said:
@garak0410 said:
@scottalanmiller said:
Oh. You've just forgotten to make its DNS entry, that's all. Not an AD or RDP issue. Just needs normal DNS management.
Done...waiting on replication now. Now that I am thinking of it, most of our workstations have static IP's pointing to the current DNS server (also Domain Controller). After the new domain controller is promoted and the other one demoted, it is safe to change the IP on the new one to the old IP?
That's not a good process. I've done that and it is unnecessarily painful. Instead use DHCP to push out the new IP address as the primary and the old one as the secondary.
IN a sick way, I am OK with manually going to each PC on the night I do this to change the preferred DNS server address...that way, I can catch the PC's not on a static and make them static...it is also another way I can verify the migration worked and all PC's look good.
-
You want them to all be static? Why not DHCP?
-
Why not run the old system and the new side by side for a few weeks?
-
@scottalanmiller said:
You want them to all be static? Why not DHCP?
Again, my weak areas are showing. Networking...I've never configured DHCP.