ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Small Business Server 2003 to 2012 R2 Migration and Virtualized Domain Controller Questions

    Scheduled Pinned Locked Moved IT Discussion
    windowswindows serversbswindows server 201small business seractive directorydomain controller
    321 Posts 12 Posters 100.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ @garak0410
      last edited by IRJ

      @garak0410 said:

      Well, I am in a position where I do need the CNAME of the old server in place so we can fix an in house software quirk.

      Going back to my check list, this appears to be the next step:

        	§ Transfer FSMO Roles to new Server 2012 R2 Domain Controller
        		□ Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
        		□ http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
      

      And all of the suggestions lead to that I can do this during business hours....so, taking this step by step. OK to proceed as according to the link above?

      You can do it during business hours, but I wouldn't.

      IRJI DashrenderD 2 Replies Last reply Reply Quote 0
      • IRJI
        IRJ @IRJ
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @IRJ
          last edited by

          FSMO roles should be no problem transfering during the day, I've done it many times in the past, never had a problem.

          Even demoting it shouldn't be an issue.

          Where you can run into an issue is if DHCP and DNS are still active on the old server. And in reality, as long as it remains a domain member you could/should be OK with those - but you should migrate them off that box before you demote it to make the system more clean.

          garak0410G 1 Reply Last reply Reply Quote 0
          • garak0410G
            garak0410 @Dashrender
            last edited by

            @Dashrender

            Right, I do need to migrate DNS off the old server...VPN services are also still there...

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              DNS should be transparent. The two servers both run DNS. Then just make sure that everyone is pointing primarily to the new one or, to be extra sure, exclusively to the new one. Then just turn off the service on the old one. DNS is one of the easiest services to migrate.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                I believe that this is our first thread to top 300 posts.

                1 Reply Last reply Reply Quote 0
                • NaraN
                  Nara @IRJ
                  last edited by

                  @IRJ said:

                  @garak0410 said:

                  As ignorant as my posts may have looked during this process...now that is complete, it makes so much more sense now...

                  You cant be that ignorant. You just did a major migration on your own. Sure alot of Mangolassies gave you info, but no one remoted in your server and did the work.

                  Mangolassies sounds nice. Are the guys Mangoladdies?

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    I think so.

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      As good a name as any 🙂

                      1 Reply Last reply Reply Quote 0
                      • garak0410G
                        garak0410 @garak0410
                        last edited by

                        @garak0410 said:

                        Well, I am in a position where I do need the CNAME of the old server in place so we can fix an in house software quirk.

                        Going back to my check list, this appears to be the next step:

                          	§ Transfer FSMO Roles to new Server 2012 R2 Domain Controller
                          		□ Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
                          		□ http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
                        

                        And all of the suggestions lead to that I can do this during business hours....so, taking this step by step. OK to proceed as according to the link above?

                        I'm doing all remaining steps tonight...before I demote the old one, can it be tested by simply shutting down the old server before I demote, to make sure the new DC is handling it OK?

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @garak0410
                          last edited by

                          @garak0410 said:

                          @garak0410 said:

                          Well, I am in a position where I do need the CNAME of the old server in place so we can fix an in house software quirk.

                          Going back to my check list, this appears to be the next step:

                            	§ Transfer FSMO Roles to new Server 2012 R2 Domain Controller
                            		□ Transfer all 5 or one at a time and start demoting your old Server 2003 DC's in the next step. But the key to remember is to NOT demote any of the current domain controllers that have any of your FSMO roles on them. Be sure to transfer them off first before proceeding to DC demotion.
                            		□ http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
                          

                          And all of the suggestions lead to that I can do this during business hours....so, taking this step by step. OK to proceed as according to the link above?

                          I'm doing all remaining steps tonight...before I demote the old one, can it be tested by simply shutting down the old server before I demote, to make sure the new DC is handling it OK?

                          Sure. Don't even shut it down, just pull the Ethernet out.

                          1 Reply Last reply Reply Quote 0
                          • garak0410G
                            garak0410
                            last edited by

                            And About the CNAME for the old server...basically CNAME it to the new file server, correct? And that application that basically "hard codes' the old server's IP address...can I also CNAME the IP?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Not sure what you mean.

                              An "A" record maps a hostname to IP address.

                              A CNAME is an alias of one hostname to another.

                              That's is all that either one does. What exactly do you want to have happen?

                              garak0410G 1 Reply Last reply Reply Quote 0
                              • garak0410G
                                garak0410 @scottalanmiller
                                last edited by garak0410

                                @scottalanmiller said:

                                Not sure what you mean.

                                An "A" record maps a hostname to IP address.

                                A CNAME is an alias of one hostname to another.

                                That's is all that either one does. What exactly do you want to have happen?

                                Sometime back, you suggested a CNAME for the file server to point to the new one. Understand that one...easily done.

                                In another post here: HERE

                                I mentioned a VBA project that "hard coded" the IP of the old file server to older jobs and it doesn't change with subsequent openings. Only the NEW jobs have the new server info. Someone mentioned a CNAME but if that is only for a DNS name, I may be screwed. I wouldn't use an A record, would I for this? The file server already has an A record for it's current IP address.

                                From what I learned in this thread, giving the new file server the same IP as the old one is NOT recommended, right?

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  You can't do an IP alias in DNS because if you think about the mechanics, hitting an IP address means you never talk to DNS. So that wouldn't do anything.

                                  Instead just add the IP address to the NIiC of the new server.

                                  garak0410G 1 Reply Last reply Reply Quote 0
                                  • garak0410G
                                    garak0410 @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    You can't do an IP alias in DNS because if you think about the mechanics, hitting an IP address means you never talk to DNS. So that wouldn't do anything.

                                    Instead just add the IP address to the NIiC of the new server.

                                    OK...so complete the DC migration, test it, then demote it and then put its old IP in the NIiC on the new one and bam, problem solved?

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @garak0410
                                      last edited by scottalanmiller

                                      @garak0410 said:

                                      @scottalanmiller said:

                                      You can't do an IP alias in DNS because if you think about the mechanics, hitting an IP address means you never talk to DNS. So that wouldn't do anything.

                                      Instead just add the IP address to the NIiC of the new server.

                                      OK...so complete the DC migration, test it, then demote it and then put its old IP in the NIiC on the new one and bam, problem solved?

                                      Yup. That should do it.

                                      1 Reply Last reply Reply Quote 0
                                      • garak0410G
                                        garak0410
                                        last edited by

                                        Question about moving VPN services...it is as easy as assigning the role (Remote Services) to the server and then point the firewall L2TP and PPTP to the new IP of the server?

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Is that the Windows built in VPN service?

                                          garak0410G 1 Reply Last reply Reply Quote 0
                                          • garak0410G
                                            garak0410 @scottalanmiller
                                            last edited by

                                            Let me digress some. I didn't get too far this weekend. For one, it was the first weekend our shop had Friday/Saturday workers all year. So just to be safe, I didn't complete the demotion.

                                            However, I did try adding remote services to the new domain controller and it kept failing, saying it needed to reboot. I would reboot, retry and it still said cannot install until I reboot. Sounds as if the component store is corrupted and will check that out soon.

                                            So currently, my new and old domain controllers are running but here's a problem I am having now.

                                            My VPN users can sign into VPN but can no longer remote desktop. They have all the required permissions but alas, since that aborted install, they cannot remote desktop. If they are a domain admin (me and my manager), it works. Any ideas here? We've used the general Remote Desktop security group in the past and it is no longer working.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 13
                                            • 14
                                            • 15
                                            • 16
                                            • 17
                                            • 16 / 17
                                            • First post
                                              Last post