Month: March 2013

Migrate from SBS 2008 or 2011 (Part 2)

Published on in Exchange Server, Windows, Windows SBS Server, Windows Server by Elvis

Environments with Limited Hardware Resources

This document assumes that most installations will have sufficient resources to bring up additional servers (physical or virtual) to complete the migration of SBS. It is highly recommended and very advantageous to perform the migration to three additional servers (physical or virtual). Another option is to decommission the SBS server role you do not plan to migrate in order to reallocate its hardware.

Install the server for new Domain Controller

Install a new server, using the Windows Server 2008R2 Standard Edition media. Assign to the server a static IP address. When prompted, join the existing domain. Before you can promote a new machine to a domain controller, you have to upgrade the AD schema using this steps:

  1. Go to SBS Server.
  2. Insert the Windows Server 2008R2 Standard Edition media. Click Start, locate the Command prompt and run it as Administrator.
  3. Navigate to <Installation media drive>sourcesadprep.
  4. Type adprep /forestprep and wait for completing the command. It could take a lot of time, depends on the structure of your AD.
  5. Type adprep /domainprep and wait for completing the command. It could take a lot of time, depends on the structure of your AD.
  6. Type Exit to close the Command prompt window.

Now you can return to new domain controller machine and promote it to a Domain Controller using the following steps:

  1. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.
  2. In Roles Summary, click Add Roles.
  3. If necessary, review the information on the Before You Begin page and then click Next.
  4. On the Select Server Roles page, click the Active Directory Domain Services check box and then click Next.
  5. If necessary, review the information on the Active Directory Domain Services page and then click Next.
  6. On the Confirm Installation Selections page click Install.
  7. On the Installation Results page click Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).
  8. On the Welcome to the Active Directory Domain Services Installation Wizard page click Next.
  9. On the Operating System Compatibility page review the warning about the default security settings for Windows Server 2008 and Windows Server 2008 R2 domain controllers and then click Next.
  10. On the Choose a Deployment Configuration page click Existing forest, click Add a domain controller to an existing domain and then click Next.
  11. On the Network Credentials page type the name of the SBS domain. Under Specify the account credentials to use to perform the installation click My current logged on credentials or click Alternate credentials and then click Set. In the Windows Security dialog box provide the user name and password for an account that can install the additional domain controller. To install an additional domain controller, you must be a member of the Enterprise Admins group or member of the Domain Admins group. When you finished providing credentials, click Next.
  12. On the Select a Domain page, select the domain of the new domain controller and then click Next.
  13. On the Select a Site page, select a site from the list or select the option to install the domain controller in the site that corresponds to its IP address. Then click Next.
  14. On the Additional Domain Controller Options page make the following selections, and then click Next:
    • DNS server: This option is selected by default so that your domain controller can function as a Domain Name System (DNS) server.
    • Global Catalog: This option is selected by default. It adds the global catalog, read-only directory partitions to the domain controller and it enables global catalog search functionality.
    • Read-only domain controller. This option is not selected by default. It makes the additional domain controller read only – it makes the domain controller a RODC. Leave this setting unchecked. If you do not have static IPv4 and IPv6 addresses assigned to your network adapters, a warning message might appear advising you to set static addresses for both of these protocols, before you can continue. If you have assigned a static IPv4 address to your network adapter and your organization does not use IPv6, you can ignore this message and click Yes, the computer will use a dynamically assigned IP address (not recommended).
  15. On the Location for Database, Log Files, and SYSVOL page click Next.
  16. On the Directory Services Restore Mode Administrator Password page type and confirm the restore mode password and then click Next. This password must be used to start AD DS in Directory Service Restore Mode (DSRM) for tasks that must be performed offline.
  17. On the Summary page review your selections. Click Back to change any selections, if necessary. To save the settings that you have selected to an answer file, that you can use to automate subsequent AD DS operations, click Export settings. Type the name for your answer file and then click Save. When you are sure that your selections are accurate, click Next to install AD DS.
  18. On the Completing the Active Directory Domain Services Installation Wizard page click Finish.
  19. You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS installation when you are prompted to do so.

 Reconfigure Document Redirection, User home folders and Share location

Document Redirection is configured by default for new users, added through the SBS Administration Console.  The default share is \<SBS_SERVER>RedirectedFolders, which points to <DRIVE>:UsersFolderRedirections folder (where <SBS_SERVER> is the name of the SBS Server and <DRIVE> is the drive letter that the folder is located on). The settings for this policy are stored in the Small Business Server Folder Redirection Group Policy. By default, the “Redirect the folder back to the local userprofile location when the policy is removed” setting is set. With this setting in place, after the Group Policy is removed, clients will copy the contents of their Documents folder from the server back to their local workstation.

To stop Folder Redirection and copy data back to user workstations, follow this steps:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Group Policy Management.
  2. In the Group Policy Management console tree, expand the domain tree, right-click on Small Business Server Folder Redirection Policy, and then click Edit…. 
  3. In the Group Policy Management Editor, right-click the Small Business Server Folder Redirection Policy [domain name] Policy object and choose Properties.
  4. In the GPO Properties dialog box, click the Security tab and then click on the Authenticated Users group.  Change the Apply group policy permission from the default of Allow to the Deny. Click OK to close the dialog.

The folder Redirection will be stopped the next time that a user processes this GPO. By default the object is cached on the user’s computer and will not be updated, unless another change is detected. To force an update, you must follow these additional steps:

  1. Create or modify a GPO that applies to the computers on which users, who are affected by folder redirection policies, log on.
  2. Edit the GPO. 
  3. Under Computer Configuration expand Policies and then Administrative Templates
  4. Under Administrative Templates expand System
  5. Under System select Group Policy
  6. Double-click the Folder Redirection policy processing setting.
  7. Select the option Enabled and then click to select the second check box Process even if the Group Policy objects have not changed.
  8. Exit the Group Policy Object Editor. Make sure that this new GPO applies to computer accounts for which users are using folder redirection.

For more information, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;888203.

After you are sure, that all users are logged off and on (it is recommended, that you wait a day or two), you can reestablish redirection to the new machine. The settings for this policy are stored in the Small Business Server Folder Redirection Group Policy. By default, the “Redirect the folder back to the local user profile location when the policy is removed” setting is set. With this setting in place, after the Group Policy is removed, clients will copy the contents of their Documents folder from the server back to their local workstation.

To re-enable the Folder Redirection policy, follow this steps:

  1. Create the FolderRedirections share.
  2. Click Start, point to Programs, point to Administrative Tools, and then click Group Policy Management.
  3. In the Group Policy Management console tree expand the domain tree, right-click on Small Business Server Folder Redirection Group Policy and then click Edit….  
  4. On the left pane expand Small Business Server Folder Redirection Group Policy, Computer configuration, then Windows Settings and select Folder Redirection.
  5. In the right pane right click on the Documents (or some other folder you wish to redirect) and select Properties.
  6. On the Target tab, under Root Path, with Browse button, select the new SMB share for folder redirection (do not enter local path).
  7. Click OK for close the properties dialog box.
  8. Repeat steps from 5 to 7 for every redirected folder (it is highly recommended to control all listed folders to prevent future issues)
  9. In the Group Policy Management Editor right-click the Small Business Server Folder Redirection Group Policy [domain name] Policy object and choose Properties.
  10. In the GPO Properties dialog box click the Security tab and then click on the Authenticated Users group.  Change the Apply group policy permission from Deny to Allow. Click OK to close the dialog box.

Folder Redirection will be started the next time that the user processes this GPO. By default, the object is cached on the user’s computer and will not be updated, unless another change is detected. To force an update, you must follow these additional steps:

  1. Create or modify a GPO that applies to the computers on which users who are affected by folder redirection policies log on. 
  2. Edit the GPO. 
  3. Under Computer Configuration expand Administrative Templates
  4. Under Administrative Templates expand System
  5. Under System select Group Policy
  6. Double-click the Folder Redirection policy processing setting. 
  7. Select the Enabled option and then click to select the second check box Process even if the Group Policy objects have not changed.
  8. Exit the Group Policy Object Editor. Make sure that this new GPO applies to computer accounts for which users are using folder redirection.

Users home folders are configured by default for new users, added through the SBS Administration Console.  The default share is \<SBS_SERVER>UserShares, which points to <DRIVE>:Shares folder (where <SBS_SERVER> is the name of the SBS Server and <DRIVE> is the drive letter that the folder is located on). You must copy all content of all users folders to the new server with same permissions and change locations of users home folders in Active directory users and computers following this steps:

  1. On the new server create a root folder for Users home folder shares.
  2. Right-click on the folder and go to Properties.
  3. On the Sharing tab click Advanced sharing and check Share this folder.
  4. In Settings, Share name, type the name of the share and click Permissions.
  5. Give Allow full control permission to Everyone group.
  6. Use Robocopy command on SBS server to transfer all content and permissions of the folders:
    robocopy.exe <DRIVE>:UsersShares \<NEW_SERVER><NEW_DRIVE>$UsersShares /Z /R:5 /COPYALL /MIR /FP /LOG+:<DRIVE>:UserShares.log /TEE /XF UserShares.log (where DRIVE is drive letter, where shares are located, NEW_SERVER is the name of the new server and NEW_DRIVE is the destination drive letter on the new server).
    Example: robocopy.exe C:UsersShares \My_NewServerD$UsersShares /Z /R:5 /COPYALL /MIR /FP /LOG+:C:UserShares.log /TEE /XF UserShares.log
  7. Open Active Directory Users and Computers and go to MyBusinessSBSUsers Organization Unit.
  8. Select all active users, click on Properties.
  9. On Profile tab check Home Folder and select Connect.
  10. Select drive letter to connect home folder. In field To write: \<NEW_SERVER><SHARE_NAME>%username% (where <NEW_SERVER> is the name of the new server, <SHARE_NAME> is the name of the share of users home folders).
  11. Close all Windows with OK.
  12. Repeat all steps between step 8 and 10 for Organization unit MyBusinessSBSPowerUsers.
  13. Optional: it is recommended, on Users home folders on SBS Server, to change sharing permissions for Everyone group to Deny Full control (it is only to prevent any duplicate using of home folders).

Shared folders should be in SBS server configured thru SBS Console and are all visible there. You can do a migration of shared folders in two different ways, but you must pay attention, to move all of them and that users will not be able to write in both shared folders (the old and the new one) while the migration is going on.
First you must locate all of the shared folders:

  1. Go to SBS Administration console.
  2. Click to Shared folders and Web sites and go to Shared folders.
  3. Annotate all the shared folders locations and share names.

Now you have to move all data to the new server, but you must preserve all security and share permissions:

  1. On the new server create a new folder for share.
  2. Right-click on it and select properties.
  3. Click on Security tab and give to folder exactly the same permissions as those in the source folder.
  4. Click on Sharing tab, Advanced Sharing and type the name of the share (it is recommended, that is the same as old one).
  5. Click on Permissions and give to share exactly the same permissions as those in the source share.
  6. It is recommended that in this time you open properties of Share on the SBS server and change all share permissions from Allow to Deny (just for prevent users to modify content in share, during and after the migration).
  7. On the SBS Server run robocopy.exe <DRIVE>:<OLD_FOLDER> \<NEW_SERVER><NEW_DRIVE>$<NEW_FOLDER> /Z /R:5 /COPYALL /MIR /FP /TEE /XF /LOG+:<DRIVE>:ShareLog.log (where DRIVE is the drive letter where share is located, OLD_FOLDER is the folder of share on SBS Server, NEW_SERVER is the name of the new server, NEW_DRIVE is the destination drive letter on the new server and NEW_FOLDER is the folder of share in the new sever), to copy data to the new server.
  8. Repeat all steps for any shared folder.

 

Migrate from SBS 2008 or 2011 (Part 3)

Migrate from SBS 2008 or 2011 (Part 1).

Migrate from SBS 2008 or 2011 (Part 1)

Published on in Exchange Server, Virtualization, Windows SBS Server, Windows Server by Elvis

Migrate from Windows Small Business Server 2008 to Standard Edition Products

This guide outlines how to migrate an existing Windows Small Business Server 2008 or 2011 domain to a standard version Windows 2008 domain. Migration of some component settings and data are also covered. This guide tells you how to remove your existing servers from the Windows Server 2008 network as you proceed through the migration. It assumes that you have obtained licensed copies of the following products:
• Windows Server 2008R2 Standard Edition (2 Copies, 3 Copies optional),
• Microsoft Exchange Server 2010 Standard Edition,
• Windows Sharepoint Foundation (Optional Download).

The following product may also be a part of the SBS 2008 product, but will not be discussed in this migration document:
• Forefront Security for Exchange 2007 (FSE).
 

Windows Small Business Server Migration Overview

There are several basic upgrade scenarios for the SBS 2008 customers. Most installations will fall into one of these broad categories:

•  The SBS 2008 installations will be migrated to Windows Server 2008 R2 Standard, Exchange Server 2010 Standard and SharePoint Foundation. This scenario is covered in this document.
•  Hybrid migrations. In some cases, it may be preferable to selectively migrate only some components (for example, if an installation chooses to continue using Exchange Server) or to consolidate or distribute roles. This paper will address the main steps of these processes, but will not attempt to cover all the possible variations.
•  Any additional domain controllers and services running on servers, other than the Windows Small Business Servers in the environment, do not need to be migrated. For instance, if DHCP is not running on the SBS server, it does not need to be migrated. If Sharepoint Services is hosted on a non SBS server, it does not need to be migrated.
 

Backup the Existing Environment

It is strongly recommended that SBS server is completely backed up before beginning the steps in this document. This includes full server backup, as well as System State backup of the SBS Server (in case that data needs to be restored or the migration rolled back).

In addition, configuration and data of component applications should be backed up separately, before beginning the migration. The output of the various backup tools will be used later in the migration.

 
Obtain Installation Media

It is important not to start the migration until all media are physically on site. The original SBS media cannot be used to install stand-alone versions of the products.
Consider downloading any component Service Packs that are currently installed in the environment, such as:
• Windows Server 2008R2 Service Pack 1 or later,
• Exchange Server 2010 Service Pack 2 or later.
 

Components Not Upgraded

SBS-specific components cannot be moved or copied to other installations. These components will cease to work and are not supported after SBS is migrated. This list includes:
• Remote Web Workplace (RWW),
• SBS 2008 Administration Console,
• SBS wizards,
• SBS licensing.
 

Premium Edition Upgrades

SBS 2008 Premium Edition includes a separate copy of Windows Server 2008 Standard (32 and 64 bit) and a copy of Microsoft SQL Server. This server does not need to be upgraded or migrated as a part of this process. No action is needed for the server to continue to work and will be licensed once the SBS domain is migrated. It is highly recommended to back up this server separately, because of other changes in the environment that may affect it.

In some cases the SQL instance from this SKU may have been installed on SBS server. In this case, the databases will need to be backed up and restored to a new server installation.

If you used your Premium Edition server to act as a Hyper-V host machine, you can safely leave this server running without additional changes. There is no need to reinstall the Premium Server.

 

Migrate from SBS 2008 or 2011 (Part 2) .