0

I am currently replacing an Windows "Small Business Server 2008" with a new machine running "Windows Server 2016". The server functions as a Domain Controller and fileserver. One of the many problems I am facing comes when disconnecting Clients/Users from the source server and reconnecting them to the target Server. The target server already is a member if the domain (I believe even has some sort of DC powers) but has not replaced the old SBS in that regards yet.

I have one case where running the Windows Server Essentials Connecter (server is a ServerStandard Edition though) tells me

  • the Computer can not connect to the server under the current Username/password

and suggests to...

  • rename the computer or alternatively to remove the conflicting account

renaming the computer didn't help so I am confronted with the suggestion to remove the account. I guess you go to the Server's Dashboard (or SBS Console) and remove the account. There is no data of users being stored on the server actually but still I am hesitant to do that because I do not want to destroy anything. As I do not have any pre-existing experience with Windows Server, nor what a Domain or AD actually does and likewise would like to hear some feedback on this here. Would it be an option do disable the problematic account rather then removing it.

Actually I expect when I remove the old account. Create a new one same name) and then try to connect from the Clients machine at least a new local profile (of the same name probably) is going to be created, so the user looses all his Settings, bookmarks, links to Outlook datafile and the entire look'n'feel. Is that something I can somehow avoid?

  • which of the 2 current servers would be the one to use for removing the account if I have to? The (to-be-replaced) "SBS" or the new "Server 2016"? Maybe it doesn't matter because the account is not on that machine but on the domain (which is a logical rather then a physical unit)?

EDIT: the new SERVER 2016 has been promoted to be a domain controller (so currently there are 2 DC's in the domain) and as per my understanding I am into a so called 'grace period' which allows 21 days until I remove the old SBS (or at least somehow declare the new server to be the 'main' DC (sorry if terminology is not 100% accurate)

In the SBS Server Manager I can see both servers listed as DC's and I find Computers in >Active Directory Users and Computers >MyBusiness >Computers > SBSComputers

The Server 2016 Servers Dashboard & Server Manager however I can only see one server (not the old SBS machine which still should be the 'main' DC) and only one Computer (which is my own one & the only one that thus far has been 'married' to the server with the Server Connector (the one you get by browsing to http://[servername]/connect), so that is logical to some extent, but would not give me much options to remove a computer (as the computer which can not be connected is not listed as a computer on any of the 2 servers)

EDIT 2: In the meantime I have removed the problematic Computer Account, but that has not helped much. I am confronted with a different error message which does not seem to make much sense to me.

"This computer is connected to a different Windows server network. In order to connect the computer with the Windows Server Essentials network the Computer has to be disconnected from the current network"

I can ping the computer in question. It receives an IP address from the SBS server. So I am not certain what to draw from this.

A new approach has been introduced here. Basically it says connection problem may be caused by group policies not bein updated on the target Serer and the command to check on this (GPRESULT /R) shows the source server instead of the destination server as "group policy was applied from:".
I am advised to run gpupdate /force in order to fix that. I am hesitant because I have not set any group policies in the new server whatsoever. Actually I barely have heard the term before, so I'm not sure whether this will do any good unless there may be default Group Policies which are worth to be forced upon the target server.

vrms
  • 227
  • 4
  • 16
  • 2
    When you set up the new server, did you create a new domain, or did you join it to the existing domain on the 2008 server? – longneck Jun 22 '18 at 20:36
  • I'm confused, but my strong impression is that the error message is not advising you to delete any user accounts. It might be talking about a computer account, though it is hard to tell from your description which computer account that would be. – Harry Johnston Jun 23 '18 at 03:57
  • I think for the moment I joined the existing domain, but at the end the old SBS 2008 will be shut down and the new 2016 Server will be ruling the domain. – vrms Jun 25 '18 at 06:10
  • do you mean @HarryJohnston there are A) user accounts and B) Computer accounts on a domain? I wasn't aware of that honestly and will look into that – vrms Jun 25 '18 at 06:11
  • SBS creates group policies for you. – Katherine Villyard Jun 25 '18 at 17:46
  • so, would you say the mentioned `gpupdate /force` applied on the target (Server 2016) server was the right move here and potentially help to solve my connectiong troubles? @KatherineVillyard – vrms Jun 26 '18 at 06:24

1 Answers1

3

I recently migrated off of SBS2008 myself. I'm a little confused by your question, so bear with me.

You said:

I am currently replacing an Windows "Small Business Server 2008" with a new machine running "Windows Server 2016". The server functions as a Domain Controller and fileserver. One of the many problems I am facing comes when disconnecting Clients/Users from the source server and reconnecting them to the target Server. The target server already is a member if the domain (I believe even has some sort of DC powers) but has not replaced the old SBS in that regards yet.

You then described an error message asking you to delete or rename an account, and asked which server you should do that on. The answer to your question depends on whether or not the new Windows Server 2016 server is a domain controller.

Windows Small Business Server 2008 basically puts simplified administrative consoles on a standard Windows server install and includes some licensing limitations. You can tell if the new server is a domain controller or not by launching Active Directory Users and Computers from Administrative Tools and looking in the Domain Controllers OU.

enter image description here

The answer to your question is that if the new machine is a domain controller you should be able to remove the account on either server.

That said, I would be hesitant to remove the account because when I migrated, I basically added the new server, promoted it to domain controller, and let Active Directory migrate my accounts with its standard AD replication behavior. It's possible that, if you've already promoted the second server, the accounts have already migrated and it's complaining because you're asking it to migrate a duplicate. If the new machine is a domain controller, and you open Active Directory Users and Computers on the new machine, you should see all your users and computers there. If you right-click on the domain name, you should be able to select "switch domain controllers" and verify this, although it's probably not necessary.

enter image description here

You're correct that deleting and recreating the account would cause issues, including a new profile for the user and their old data belonging to a different SID.

Hopefully, I've correctly understood your question and that helps.

Edit in response to your edit:

EDIT: the new SERVER 2016 has been promoted to be a domain controller (so currently there are 2 DC's in the domain) and as per my understanding I am into a so called 'grace period' which allows 21 days until I remove the old SBS (or at least somehow declare the new server to be the 'main' DC (sorry if terminology is not 100% accurate)

This is untrue. You're allowed (and even encouraged) to have a second domain controller. What you can't do is transfer FSMO roles off the old SBS08 server. That starts your grace period, and will need to be done as the last stage of your migration.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
  • yes, new Server 2016 IS promoted to DC and what u have described (Change Domain Controller on the old, to be replaced Server is on my list, but only at a later point in time). I am stuck at present due to the inability to connect (and that is a new machine that was not connected to the old DC). 2 (out a total of 9) pre-existing Computers I have tried thus far couldn't connect). I have uninstalled the old SBS Client Connector, installed the Server 2016 connector, but when I want to run it I hit a brick wall. – vrms Jun 25 '18 at 06:46
  • If they're both domain controllers on the same domain, your computers should already be there. [Also, you are absolutely allowed to have more than one domain controller in an SBS environment.](https://blogs.technet.microsoft.com/sbs/2007/10/04/debunking-myths-about-additional-domain-controllers-in-sbs-domains/) – Katherine Villyard Jun 25 '18 at 17:55
  • yes, they are there (in the domain) but due to the manual I am following (https://docs.microsoft.com/windows-server-essentials/migrate/migrate-from-previous-versions-to-windows-server-essentials-or-windows-server-essentials-experience) I should remove the computers connection (done by a tool called 'Client Share .... ' or something) with the SBS and then connect them to the Windows Server with a tool called 'Windows Server Essentials Connector'. Why this step is required is not really clear to me to be honest. As much as I understand this is not about user- but computer accounts. – vrms Jun 25 '18 at 19:42
  • calrification: users **are** listed on the target ´Server 2016` @katherine but only computers which could be connected using the aforemention "Windows Server Esssentials Connector" – vrms Jun 26 '18 at 06:29
  • listed in `Windows Server 2016`'s >Dashboard >Devices – vrms Jun 26 '18 at 08:23