Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions
-
This post is deleted! -
FSMO roles should be no problem transfering during the day, I've done it many times in the past, never had a problem.
Even demoting it shouldn't be an issue.
Where you can run into an issue is if DHCP and DNS are still active on the old server. And in reality, as long as it remains a domain member you could/should be OK with those - but you should migrate them off that box before you demote it to make the system more clean.
-
Right, I do need to migrate DNS off the old server...VPN services are also still there...
-
DNS should be transparent. The two servers both run DNS. Then just make sure that everyone is pointing primarily to the new one or, to be extra sure, exclusively to the new one. Then just turn off the service on the old one. DNS is one of the easiest services to migrate.
-
I believe that this is our first thread to top 300 posts.
-
@IRJ said:
@garak0410 said:
As ignorant as my posts may have looked during this process...now that is complete, it makes so much more sense now...
You cant be that ignorant. You just did a major migration on your own. Sure alot of Mangolassies gave you info, but no one remoted in your server and did the work.
Mangolassies sounds nice. Are the guys Mangoladdies?
-
I think so.
-
As good a name as any
-
@garak0410 said:
Well, I am in a position where I do need the CNAME of the old server in place so we can fix an in house software quirk.
Going back to my check list, this appears to be the next step:
§ Transfer FSMO Roles to new Server 2012 R2 Domain Controller □ Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion. □ http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
And all of the suggestions lead to that I can do this during business hours....so, taking this step by step. OK to proceed as according to the link above?
I'm doing all remaining steps tonight...before I demote the old one, can it be tested by simply shutting down the old server before I demote, to make sure the new DC is handling it OK?
-
@garak0410 said:
@garak0410 said:
Well, I am in a position where I do need the CNAME of the old server in place so we can fix an in house software quirk.
Going back to my check list, this appears to be the next step:
§ Transfer FSMO Roles to new Server 2012 R2 Domain Controller □ Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion. □ http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
And all of the suggestions lead to that I can do this during business hours....so, taking this step by step. OK to proceed as according to the link above?
I'm doing all remaining steps tonight...before I demote the old one, can it be tested by simply shutting down the old server before I demote, to make sure the new DC is handling it OK?
Sure. Don't even shut it down, just pull the Ethernet out.
-
And About the CNAME for the old server...basically CNAME it to the new file server, correct? And that application that basically "hard codes' the old server's IP address...can I also CNAME the IP?
-
Not sure what you mean.
An "A" record maps a hostname to IP address.
A CNAME is an alias of one hostname to another.
That's is all that either one does. What exactly do you want to have happen?
-
@scottalanmiller said:
Not sure what you mean.
An "A" record maps a hostname to IP address.
A CNAME is an alias of one hostname to another.
That's is all that either one does. What exactly do you want to have happen?
Sometime back, you suggested a CNAME for the file server to point to the new one. Understand that one...easily done.
In another post here: HERE
I mentioned a VBA project that "hard coded" the IP of the old file server to older jobs and it doesn't change with subsequent openings. Only the NEW jobs have the new server info. Someone mentioned a CNAME but if that is only for a DNS name, I may be screwed. I wouldn't use an A record, would I for this? The file server already has an A record for it's current IP address.
From what I learned in this thread, giving the new file server the same IP as the old one is NOT recommended, right?
-
You can't do an IP alias in DNS because if you think about the mechanics, hitting an IP address means you never talk to DNS. So that wouldn't do anything.
Instead just add the IP address to the NIiC of the new server.
-
@scottalanmiller said:
You can't do an IP alias in DNS because if you think about the mechanics, hitting an IP address means you never talk to DNS. So that wouldn't do anything.
Instead just add the IP address to the NIiC of the new server.
OK...so complete the DC migration, test it, then demote it and then put its old IP in the NIiC on the new one and bam, problem solved?
-
@garak0410 said:
@scottalanmiller said:
You can't do an IP alias in DNS because if you think about the mechanics, hitting an IP address means you never talk to DNS. So that wouldn't do anything.
Instead just add the IP address to the NIiC of the new server.
OK...so complete the DC migration, test it, then demote it and then put its old IP in the NIiC on the new one and bam, problem solved?
Yup. That should do it.
-
Question about moving VPN services...it is as easy as assigning the role (Remote Services) to the server and then point the firewall L2TP and PPTP to the new IP of the server?
-
Is that the Windows built in VPN service?
-
Let me digress some. I didn't get too far this weekend. For one, it was the first weekend our shop had Friday/Saturday workers all year. So just to be safe, I didn't complete the demotion.
However, I did try adding remote services to the new domain controller and it kept failing, saying it needed to reboot. I would reboot, retry and it still said cannot install until I reboot. Sounds as if the component store is corrupted and will check that out soon.
So currently, my new and old domain controllers are running but here's a problem I am having now.
My VPN users can sign into VPN but can no longer remote desktop. They have all the required permissions but alas, since that aborted install, they cannot remote desktop. If they are a domain admin (me and my manager), it works. Any ideas here? We've used the general Remote Desktop security group in the past and it is no longer working.
-
It's been nine months since the last update. Where are things now with this?