3

This is for a small business with under 20 employees and a single location:

I have this old Windows 2003 SBS server that needs to be ditched. I'm drafting plans now to perform a migration from Win2003 SBS w/ Exchange to Win2012 Std w/o Exchange. The problem is that my old AD is just a mess and over a decade old and I don't want to deal with irregularities in AD on the new Win2012 server. So I am actually considering just creating a new local domain from scratch in 2012, and leaving behind the 2003 SBS server. Email is already shut off on the old SBS server.

Hypothetically, if I were to use the same domain name in the new 2012 server, can I somehow get around having to unjoin my workstations from the old domain and joining them to the new domain? I'm curious if there is some kind of short cut or work around.

Lexikahn
  • 133
  • 5
  • AD isn't like a car or a piece of fruit. It doesn't wear out and it doesn't go bad. If it's set up and managed correctly you could productively operate within its bounds until the sun burns out. You say that your current domain is a mess but you don't specify what that means exactly. What's a mess? Old user and computer accounts? Group Policies? Delegation of control have the ACL's on AD objects all out of whack? Etc., etc. – joeqwerty Feb 16 '13 at 00:23
  • Exactly as you described it. Old user/computer accounts. Strange group policies from the past 4 techs that have managed it. Exchange gpo's no longer used. I just wanted some feedback if its something worth starting from scratch in my situation. I guess I have more experience setting up new a domain, rather than migrating or cleaning. Bottom line: I don't know if it has been managed correctly over the past 10 years. I'm going to go with the migration and cleanup route, but was just curious about others experiences. – Lexikahn Feb 16 '13 at 06:16

2 Answers2

2

The "shortcut" to "having to unjoin my workstations ... and joining them to the new domain" is to preserve the domain. There is no shortcut. Theoretically you could arrange some kind of baroque scripted solution to disjoin the machines, sit in a holding pattern until the new domain exists, and join the new domain, but that would be a lot of work for a small number of computers.

There's nothing that can't be fixed in your current Active Directory domain. Every case where I've been called-in to look at a "mess" in Active Directory has turned out to be fixable.

As such, I try to preserve existing domains whenever possible. It presents the most continuity of user experience (leaving their profiles intact and not requiring any trickery like "User State Migration Tool") and is typically the least amount of work. If it's well-planned you could pull the whole thing off w/o any changes to client computers at all. Replacing a Windows Server 2003 SBS file server with a Windows Server 2012 file server in that environment is an afternoon project.

Edit:

This'll do the trick for you re: removing Exchange: http://support.microsoft.com/kb/833396 Basically, get rid of all your mail-enabled users, groups, etc, then uninstall Exchange.

I'll preface by saying that I haven't done this exact migration before (not to Server 2012), but everything I'm reading makes it look like a migration to Windows Server 2008. Were in your shoes I'd:

  • Update the AD schema (adprep)
  • Promote the new server to a Domain Controller (DC)
  • Install DNS on the server server and configuring both machines to the new server for DNS once replication completes
  • Uninstall Exchange from the old server
  • Copy over all your shared files and recreate the shared folders on the new server
  • Transfer the FSMO roles and demote the existing server

Once you've got the old server demoted you can disjoin it from the domain, remove all references to it from DNS, and use a DNS alias to present the new server with the old server's name. If you recreate your shared folders the same way none of your Folder Redirection Policy, profile paths, user-created shortcuts, etc, will need to change.

Community
  • 1
Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • Thanks for your input. My worry is that cleaning up the "mess" will prove to be more time consuming than unjoining/joining workstations. I'm also worried about the migration of FSMO's since they are depricated now. Also any AD settings related to the old Exchange service, won't the all migrate as well? – Lexikahn Feb 15 '13 at 22:25
  • @Lexikahn - Factor-in the cost of disruption to the users and/or the cost of migrating their profiles to the new domain. There's more than just disjoining / rejoining (unless you don't care about their profiles or happiness). It all depends on what's "wrong" w/ your AD. I don't know what you mean by "...worried about the migration of FSMO's since they are depricated now". Windows Server 2012 Active Directory still has FSMOs and they operate in the same way as prior versions. re: Exchange - You should perform a proper retirement of Exchange rather than just "turning it off". It's not difficult. – Evan Anderson Feb 15 '13 at 22:31
  • I guess I read in some unreliable source that 2012 didn't have FSMO's. I'll trust your advice on it instead. Well you given me much more confidence in proceeding with my original migration plan. The first thing I will do is "properly retire Exchange". Do you have a good link for a best practice on that with SBS 2003? – Lexikahn Feb 15 '13 at 22:36
  • I dropped on an edit. – Evan Anderson Feb 15 '13 at 23:04
0

I did a recreation of Windows NT 4 domain in Windows 2008 Active Directory once (as no straight migration is possible) and this was a mess. Recreating accounts, files etc. was simple but for example cleaning up permissions in each user registry was not.

SetACL tool was very helpful, but definitely not simple to use.

Tometzky
  • 2,649
  • 4
  • 26
  • 32