locked
Getting rid of SBS and creating a new PDC etc - Will my plan work? RRS feed

  • Question

  • So we have a ancient SBS 2011 server and to get GDPR compliant we need to have our AD/DHCP etc on a compliant server.

    The SBS Server is a VM via Hyper V on a physical server host that has a spare license for Server 2016 and lots of free space/ram etc.

    The old SBS 2011 server has lots of issues and furthermore then internal domain name is based on our old company name. We have another Server VM (Server 2016 standard) currently running as a basic domain connected server with just File Services role - It shares Sage Accounts data that's it!

    I have tried (and failed) to migrate SBS to the Sage Server but it fails to replicate DNS , The SBS randomly crashes, AD sync is not working - Basically it was not working and the SBS if fundamentally broken. I have restored the Sage Server back to its previous file share server state.

    Given the above and the fact we only have 18 users and very basic requirements (1 shared network drive , 2 security groups and no login scrips or custom GP scripts - Email already moved to O365 etc) I am tempted to use the spare Server 2016 license to spin up a fresh VM server on the host - Given it a fresh name / different internal IP address/range and setup from scratch - i.e. manually add the AD/DNS/DHCP roles and manually create the user accounts. Move the company data and redirected desktop/documents data via Robocopy. I would copy the data from the SBS Server to the Host first and after making a note of all AD user accounts etc I would demmote the SBS server and disconnect from domain leaving it just workgroup connected - I would actually then power it down - Can always be spun back up again if needed.

    Then just make a note of the the current users computer settings (Sticky notes / Chrome favs etc) and drop them off the current (old) domain (all computers have local admin account setup already) and reconnect to the new domain with the newly created user accounts etc. I would make sure that GP is set to point DESKTOP and DOCUMENTS to previously copied data from SBS, I would also have added a DNS redirect on new PDC DNS settings to say "SBSSERVER = IP OF NEW SERVER" so that any Excel/word/shortcuts etc that reference the old server i.e. "\\SBSServer\COMPANY\WORD DOC.docx" goes to the same location on the new server - I could always just add a entry in the computer host file as an option too.

    I know the above is a long winded approach but my thinking is that the new setup would ensure that no crap is replicated from the old server and no reference to old internal domain / incorrect DNS etc is copied over.

    My questions are given the above:

    1. Would creating a new VM Server 2016 with a completely different IP to SBS allow me to start the process of configuring it without screwing up the current environment (For example SBS is on 10.0.0.2 but I would set new Server on 192.168.10.2)?

    2. Would my above process actually work i.e. is my logic valid?

    Any advice would be most appreciated. 

    Saturday, July 18, 2020 10:19 AM

All replies

  • Hi,

    here are some points, in no particular order,  that will/may bite you:

    • pointing to file shares by DNS alias is more involved than one might think so this will have to be tested throughly. Personally, I would rather let those pointers break and be corrected by the users than hardwire the old name into my new environment forever.
    • if you have AADConnect for your O365 email, you will have to remap to the users of new AD. This is not a straightforward process and many things can go sideways,
    • You will have to assign permissions on everything. PowerShell can be of great help here, as can SetACL by Helge Klein.

    Apart from that,

    • Two IP ranges on the same Layer 2 network will work, as long as you only have one DHCP running
    • There is nothing to be gained from demoting your SBS. When you are ready to decommission it, just shut it down
    • For user profile transformation, you can either use USMT, or even remap/repermission the existing profiles. PowerShell and SetACL are your friends here also.

    Evgenij Smirnov

    http://evgenij.smirnov.de

    Saturday, July 18, 2020 11:50 AM
  • Hello whunt,

    SBS is a unique situation where the server has to be the PDC and hold the FSMO roles and Exchange. The ideal situation would have been to install a second DC, then uninstall Exchange from SBS, transfer the roles and services then remove it from the network.

    A fresh start is better. From what you mentioned it seems some parts of the SBS are borked. Some parts will not transfer easily, especially folder redirections. They need to be gracefully removed first. You will not be able to set a GPO for folder redirects on the new domain, it will not work. SID's will differ so even if the user names match, ACL's will not work. I would take ownership, remove ACL's, then move them to the new domain's redirectyed folders location manually.

    Create a new ADDS server, create users, etc. Juts keep in mind you will need to set up ACL's again as the old ACL's will not work on the new domain.

    You don't need to change the subnet for the new server, just keep it in the same subnet. You may also want to remove local admin from the workstation, just for added security.

    1. Install new ADDS, create users, set up DNS for new server.

    2. Move files/folders/shares to the new server.

    3. Disable DHCP on the old server and enable DHCP on the new server

    4. IPCONFIG /Renew the workstations and they will get a new IP and the DNS of the new server

    5. Join the workstations to the new domain

    6. The old user profile will still be available on each workstation user user.old domain, you can copy it or the parts that you need to the new user profile on the workstation.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Saturday, July 18, 2020 5:06 PM
  • Hello,

    Thank you for posting in our TechNet forum.

    Just checking in to see if the provided information was helpful. If the replies as above are helpful, we would appreciate you to mark them as answers. 

    Please let us know if you would like further assistance. Thanks.

    Best Regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 20, 2020 5:46 AM
  • Hello,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    Thank you so much for your time and support.

    Best regards,
    Hannah Xiong

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 23, 2020 2:00 AM