Step-by-step DC migration from SBS 2003 to Essentials 2012R2

Almost all of us, administrators of SBS servers, did a migration from one version to another several times. But in this moment we have at least two problems: SBS doesn’t exist anymore (and we have to do a hybrid deployment) and the new situation – the Essentials server 2012R2 doesn’t have a migration mode. So, I decided to write a blog how to migrate the SBS 2003 AD to the Essentials Server 2012R2 step by step.

Maybe in this steps there is a restart that is not really necessary, but please, do it. This is the only way that grants you success to migrate the AD and finally install the Essentials role successfully. Take your time and go through this steps:

 

  • Start with uninstalling or disabling features of the SBS 2003. The first thing to do is to uninstall the ISA server (if it is installed – not covered in this article) and run the Connect to internet wizard again.
  • Restart the SBS Server. If you have enabled the VPN, run the Configure Remote Access Wizard and disable the VPN access. Don’t forget it! You will not be able to disable it later!SBS_Mig1
  • Shutdown the SBS Server and remove the second NIC (the NIC that is connected to Internet).
  • Add the router to the network and configure the port redirection (for now to the SBS server – you need this step because you must receive E-Mails, grant remote access,…Do not forget to forward ports 80, 443, 25 and 987 – not covered in this article).
  • Start the SBS Server and run the Connect to Internet Wizard again:
    • Select the Broadband connection.SBS_Mig2
    • From the dropdown menu select I have a router device with an IP address.SBS_Mig3
    • Add DNS names from your ISP and the gateway address (the IP of the router).SBS_Mig4
    • Finish the wizard with defaults settings.SBS_Mig5
  • From C:\Windows\Sysvol\Sysvol\DomainName\scripts delete the SBS_LOGIN_SCRIPT.bat file. This file is present in any SBS user as logon script and you have to delete it from all of the users as well.
  • Form the Start Menu > Administrative tools, start the Active Directory Domains and Trusts. In the left panel, right click on Active Directory Domains and Trusts and select Raise Forest Functional Level. Raise the forest level to the Windows Server 2003 version.SBS_Mig6
  • Restart the SBS Server.
  • On the Essentials server, on the Configure Windows Server Essentials wizard, press Cancel.SBS_Mig8
  • Open the Control Panel > System and Security > System and change Computer name. Leave the compute member of workgroup. Be careful: you have to rename the computer in this step, you cannot rename it after the Configure Windows Server Essentials wizard is finished.SBS_Mig9
  • My suggestion: From Start > Run type ncpa.cpl, right click on the network connection. Select properties and configure the static IPv4 address. As a DNS server, add a SBS Server IP address.SBS_Mig10
  • Restart the Essentials Server.
  • Open the Server Manager (not Dashboard!) and select Add roles and features. In the Add Roles and Features Wizard, install the Active Directory Domain Services role.
  • Restart the Essentials server.
  • On the Configure Windows Server Essentials wizard, press Cancel again and start the Server Manager again.
  • From Server Manager > Notifications (up right corner) run Promote this server to a domain controller task.
  • When the wizard is open, on the first page select Add a domain controller to an existing domain and enter the SBS admin credentials. When you will confirm this credentials, the Domain field will fill automatically. Click Next.SBS_Mig11
  • The next step is to enter the DSRM password (complex, 8 or more characters) and be careful to check the checkbox of the DNS server! Click Next.SBS_Mig12
  • Clear the checkbox on Update DNS delegation and click Next.SBS_Mig13
  • In the next few steps click Next. In the Review Options check that all options are OK and click Next once again. SBS_Mig14
  • In the Prerequisites Check step, you will receive some warnings. This is nothing serious and you are ready to promote this server as an additional DC in the SBS domain. Click Install.SBS_Mig15
  • During the installation, the domain schema and the forest schema will be automatically upgraded. The process could take a while. After the installation is finished, the server will restart.
  • Logon to the server with the SBS administrator domain credentials.
  • Complete the Configure Windows Server Essentials wizard.SBS_Mig16SBS_Mig17
  • My suggestion: Install the DHCP server on the Essentials Server. Do not use the router as DHCP server. Check forwarders in the DNS server. You have to use only the ISP DNS servers as forwarders or, if you prefer, you could not use any forwarder.

At this point, the Essentials Server 2012R2 is added as an additional DC in the SBS domain. Be careful, because you have only 21 days to complete the migration and you still have a lot of work. You have to transfer all the shared folders data, the Exchange mailboxes, the SharePoint data,… Please do not forget to control and change some settings on the GPO. Remove some GPO (some are set strictly for the SBS).

Be aware, that all workstations have to be added to the “new” domain once again true the connect site.

Be careful also when you will turn off your old server. You cannot just turn it off. You have to uninstall at least the Exchange and the DC role, but I prefer to uninstall all the installed roles, remove the server from the domain (make it part of a workgroup) and after this I turn it off.

Please let me know if you want me to write additional blog posts on migrating other functionalities of SBS..

Recommended Reading

Comments Icon20 comments found on “Step-by-step DC migration from SBS 2003 to Essentials 2012R2

  1. Hello Elvis, Nice blog. It would be best if after the migration I could rename the 2012 R2 Essentials server to be the same name as the SBS 2003 server was. Can this be done?

    1. No!
      I know, that this is a limitation, but once the Essential role is deployed, the server does not be renamed.

  2. Hi,

    Thank you so much for this step-by-step tuto!

    I just have a little problem… After the server rebooted (Essentials 2012 R2), I logued in with the SBS administrator domain credentials. I tried to runvthe Configure Windows Server Essentials wizard but it stops and tells me to “click to reply” I tried the link provided but there is no answer or any resolution step…

    Have you ever seen that? Do you know is theres logs that I can check?

    Source server: SBS 2003 x86
    Destination server: Essentials 2012 R2.

    Thank you!

    Patricio

  3. Found the solution!

    It helped me so I am posting it here in case someone gets the same issue!

    check if we have \ServerAdmin$ added to “Log on As a Service” Under
    “Default Domain Controllers Policy\Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment”

    Here is the link to the solution: http://social.technet.microsoft.com/Forums/windowsserver/en-US/d415934e-9793-42b1-80e1-66be25e39a82/unable-to-complete-configuration-of-windows-server-essentials?forum=winserveressentials

    Basically, the user I was using did not have permission to “log on as a Service”. You have to change it in the policies…

    Thanks again and have a good day!

    Patricio

  4. Hi Elvis, can you tell me a little more about what happens with the DSRM password? Does it ask for a new password on raising the Forest Functional Level, or on reboot after? Or is it only set when the Essentials wizard is run?
    Thanks

    1. If we talk only on raising Forest level the password remain the same, but if you promote additional domain controler (as in this case) then you have to type new or same DSRM password on this DC.
      Is this that you mean?

  5. My problem is I had to raise domain and forest level on windows sbs 2003 from windows 2000 to windows server 2003 level. After doing so, on the Essentials server when trying to add to existing domain, I get the error…a domain controller running windows server 2008 or later could not be found…I raised the levels correctly. Why is Essentials now requiring windows server 2008?

    1. Windows Server Essentials 2012 does not require the Server 2008 DC for migration.
      Do you have installed all service packs on the source server? This could be the source of the problem.

  6. Hey, great guide, I am having one issue though, I get a third warning message in the prerequisites check telling me at least one physical network adapter has no static IP assigned and that if both IPv4 and IPv6 are enabled then both should be assigned. I clicked next anyway but it’s been working (status bar going) for 16 hours now so I guess something is wrong 🙁

  7. Hi, sorry to trouble you again, I followed your guide and managed to do everything up to and including the bit where the Essentials box is added as a DC in the SBS domain, however after that I suffered a death in the family and have been off work attending to family matters, however now the is only a couple of days left in the 21 day period and the chances of finishing are basically 0, is it possible to abort the migration and remove the Essentials box from the domain?

    Thanks.

    1. According to a NetDOM query the SBS2003 box still holds all the FSMO roles, does that mean the 21 day timer hasn’t started yet? finding conflicting information on this online.

  8. I need to migrate sbs 2003 premium (with exchange server) to server 2012 essentials R2 and migrate the exchange part to another server running 2012 standard with exchange 2013. However I need to change the Domain name (create a new Domain) and get new mx records pointing to the new exchange server.

    1. Well, this should not be a migration. I prefer to clean install new server with new domain and migrate user computers in new environment.
      You can use ForensIT to migrate user profiles. All data from serves can be migrated thru net; just do the right configuration.
      SBS enviroments are so small that any other approach is too lot of work.

  9. Once this is done and your run the connector on each of the PC’s that are already in the domain, what happens to the local user’s profiles? Do they remain unchanged because they are still in the same domain? If a new one is created, can the connector successfully move that over?

    1. Yes, the profiles remains as are previously. They are the same profiles, connector is just a software that is installed.

  10. Hello would you mind letting me know which hosting company you’re
    utilizing? I’ve loaded your blog in 3 different browsers and
    I must say this blog loads a lot quicker then most. Can you recommend a
    good hosting provider at a reasonable price? Thank you,
    I appreciate it!

Discuss

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.