A Migrate 2003

Migrating Windows Small Business Server 2003 to Windows Small Business Server 2011 Essentials

Microsoft Corporation

Published: May 2011

Version: 11.05.12

AbstractThis guide explains how to install Windows SBS 2011 Essentials in migration mode on a new

server, and then migrate the settings and data from the old server that is running Windows Small

Business Server 2003 to the new server that is running Windows SBS 2011 Essentials. This

guide also helps you demote and remove your old server from the network after you finish the

migration process.

This document is provided “as-is”. Information and views expressed in this document, including

URL and other Internet Web site references, may change without notice. You bear the risk of

using it.

This document does not provide you with any legal rights to any intellectual property in any

Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Internet Explorer, SharePoint, SQL Server, Windows, Windows

Server, Windows XP, Windows PowerShell, and Windows Vista are trademarks of the Microsoft

group of companies.

All other trademarks are property of their respective owners.

Contents

Migrating Windows Small Business Server 2003 to Windows Small Business Server 2011

Essentials.................................................................................................................................... 1

Abstract.................................................................................................................................... 1

Contents.......................................................................................................................................... 3

Migrating Windows Small Business Server 2003 to Windows Small Business Server 2011

Essentials.................................................................................................................................... 5

Additional resources.................................................................................................................... 5

Terms and definitions...................................................................................................................5

Migration process summary.........................................................................................................5

Prepare your Source Server for Windows SBS 2011 Essentials migration.....................................7

Back up your Source Server....................................................................................................7

Install the most recent service packs........................................................................................7

Verify the network configuration...............................................................................................9

Reconfiguring your existing network.....................................................................................9

Verify the settings for the DHCP Server role.......................................................................10

Use Windows SBS 2003 Best Practice Analyzer to evaluate the health of the Source Server

............................................................................................................................................ 11

Run the Windows SBS 2003 Best Practices Analyzer............................................................11

Run the Windows Support Tools............................................................................................12

Synchronize the Source Server time with an external time source.........................................13

Raise the functional level of the Active Directory domain and forest......................................13

Prepare Active Directory for migration....................................................................................15

Create a plan to migrate line-of-business applications...........................................................16

Create a plan to migrate email that is hosted on Windows Small Business Server 2003.......17

Create a migration answer file for Windows SBS 2011 Essentials migration................................17

Copy the migration answer file to removable media..................................................................18

Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011 Essentials

migration.................................................................................................................................... 19

Install Windows SBS 2011 Essentials on the Destination Server..............................................19

Configure the DNS of the local network adapter........................................................................20

Join the Destination Server to the domain of the Source Server...............................................21

Back up and remove the Certification Authority from the Destination Server.........................21

Promote the Destination Server to a domain controller .........................................................22

Install and restore the Certification Authority.............................................................................23

Transfer the operations master roles for Windows SBS 2011 Essentials migration......................25

Transfer the global catalog to the Destination Server for Windows SBS 2011 migration..............26

Transfer the global catalog to the Destination Server................................................................26

Enable the UPnP beacon for the Destination Server.................................................................27

Verify the health of the domain controller...................................................................................28

Reconfigure DNS for the local network adapter.........................................................................28

Import users and the Destination Server into the Dashboard for Windows SBS 2011 Essentials

migration.................................................................................................................................... 29

Join computers to the new Windows SBS 2011 Essentials network.............................................32

Domain-joined client computers.............................................................................................33

Non-domain-joined client computers......................................................................................33

Ensure that Group Policy has updated...................................................................................33

Move settings and data to the Destination Server for Windows SBS 2011 Essentials migration. .34

Copy data to the Destination Server..........................................................................................34

Configure the network................................................................................................................35

Verify that Terminal Services Gateway has configured the correct certificates..........................35

Remove legacy logon settings and Active Directory Group Policy objects................................36

Remove old logon scripts (optional)...........................................................................................36

Remove legacy Active Directory Group Policy objects (optional)..............................................36

Map permitted computers to user accounts...............................................................................38

Demote and remove the Source Server from the new Windows SBS 2011 Essentials network...39

Prepare your organization for the removal of the last server running Exchange Server 200339

Uninstall Exchange Server 2003............................................................................................39

Disconnect printers that are directly connected to the Source Server....................................40

Demote the Source Server.....................................................................................................40

Move the DHCP Server role from the Source Server to the router.........................................41

Remove and repurpose the Source Server............................................................................42

Delete the old folder redirection Group Policy object for Windows SBS 2011 Essentials migration

.................................................................................................................................................. 42

Perform optional post-migration tasks for Windows SBS 2011 Essentials migration....................43

Move natively joined Active Directory computer objects.........................................................43

Delete DNS entries of the Source Server...............................................................................44

Share line-of-business and other application data folders......................................................44

Fix client computer issues after migrating..............................................................................45

Run the Windows Server Solutions Best Practices Analyzer........................................................46

Migrating Windows Small Business Server 2003 to Windows Small Business Server 2011 Essentials

This guide describes how to migrate an existing Windows SBS 2003 domain to Windows SBS

2011 Essentials on new hardware, and then to migrate the settings and data. This guide also

describes how to remove your existing server from the Windows SBS 2011 Essentials network

after you finish the migration.

Windows SBS 2011 Essentials requires a 64-bit environment. Windows SBS 2011

Essentials does not support a 32-bit environment.

To avoid problems during migration, we recommend that you read this document before

you begin the migration.

To download the most recent printable version of this guide, see Migrating Windows

Small Business Server 2003 to Windows Small Business Server 2011 Essentials in the

Microsoft® Download Center.

Additional resourcesFor links to additional information, tools, and community resources to help guide you through the

migration process, visit the Windows Small Business Server Migration website.

Terms and definitionsSource Server: The existing server from which you are migrating your settings and data.

Destination Server: The new server to which you are migrating your settings and data.

Migration process summaryThis Migration Guide includes the following steps:

1. Prepare your Source Server for Windows SBS 2011 Essentials migration. You must ensure that your Source Server and network are ready for migration. This section guides you through backing up the Source Server, evaluating the Source Server system health, installing the most recent service packs and fixes, and verifying the network configuration.

5

Important

Important

Note

http://go.microsoft.com/fwlink/?LinkId=217520



2. Create a migration answer file for Windows SBS 2011 Essentials migration. Windows SBS 2011 Essentials Setup uses an answer file to automate the installation and run Setup in migration mode. This section guides you through creating the migration answer file.

3. Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011 Essentials migration. This section explains how to use the migration answer file to install Windows SBS 2011 Essentials on the Destination Server in migration mode.

4. Transfer the operations master roles for Windows SBS 2011 Essentials migration. The operations master roles must be transferred to the Destination Server within 21 days of installing Windows SBS 2011 Essentials on the Destination Server.

5. Transfer the global catalog to the Destination Server for Windows SBS 2011 migration. To transfer the global catalog from the Source Server, you will create a new global catalog on the Destination Server, and then remove the existing global catalog on the Source Server.

6. Import users and the Destination Server into the Dashboard for Windows SBS 2011 Essentials migration. You can use Windows PowerShell® commands to import user names and the Destination Server into the Dashboard, or you can use a script to automate the import process.

7. Join computers to the new Windows SBS 2011 Essentials network. This section covers joining client computers to the new Windows SBS 2011 Essentials network and updating Group Policy settings.

8. Move settings and data to the Destination Server for Windows SBS 2011 Essentials migration. This section provides information about migrating data and settings from the Source Server.

9. Demote and remove the Source Server from the new Windows SBS 2011 Essentials network. Prior to removing the Source Server from the network, you must force a Group Policy update and demote the Source Server.

10. Delete the old folder redirection Group Policy object for Windows SBS 2011 Essentials migration. Use the Group Policy Management Console to delete the old Folder Redirection Group Policy object from the Destination Server.

11. Perform optional post-migration tasks for Windows SBS 2011 Essentials migration. After you finish migrating all settings and data to Windows SBS 2011 Essentials, you may want to map permitted computers to user accounts.

12. Run the Windows Server Solutions Best Practices Analyzer. After you finish migrating settings and data to Windows SBS 2011 Essentials, you should download and run the Windows Server Solutions BPA.

Several of the migration procedures require that you open a Command Prompt window as an

Administrator.

1. Click Start.

2. In the search box, type cmd.

3. In the list of results, right-click cmd, and then click Run as administrator.

6

To open a Command Prompt window as an

Prepare your Source Server for Windows SBS 2011 Essentials migration

Complete the following preliminary steps to ensure that the settings and data on your Source

Server migrate successfully to the Destination Server.

1. Back up your Source Server

2. Install the most recent service packs

3. Verify the network configuration

4. Use Windows SBS 2003 Best Practice Analyzer (BPA) to evaluate the health of the Source Server

5. Synchronize the Source Server time with an external time source

6. Prepare Active Directory

7. Create a plan to migrate line-of-business applications

8. Create a plan to migrate email that is hosted on Windows Small Business Server 2003

Back up your Source ServerBack up your Source Server before you begin the migration process. Making a backup helps

protect your data from accidental loss if an unrecoverable error occurs during migration.

1. Perform a full backup of the Source Server. For more information about backing up Windows SBS 2003, see Backing Up and Restoring Windows Small Business Server 2003 .

2. Verify that the backup ran successfully. To test the integrity of the backup, select random files from your backup, restore them to an alternate location, and then confirm that the restored files are the same as the original files.

Install the most recent service packsYou must install the latest updates and service packs on the Source Server prior to migration. If

updates or service packs are missed, the Source Server will not be eligible for migration, and the

Migration Preparation Tool will report the problem and ask you to install the necessary updates

before proceeding.

Before installing a service pack, back up your server.

7

To prepare for

To back up the Source



1. Click Start, click All Programs, and then click Windows Update.

2. Click Check for updates.

3. If you are asked to configure Windows Update settings, perform the following steps:

a. Click OK.

b. Click Change settings, which is located under the Check for updates link, and then configure the Windows Update settings.

c. Click Check for updates.

4. Click Install Updates to apply identified updates.

5. For each Microsoft Software License Term that is displayed, review the text and click Yes to accept.

6. If prompted, restart the Source Server

7. To verify that the updates are installed, click Start, click Control Panel, click Programs, and then click View installed updates.

Next, install individual service packs by performing the following procedures that apply to your

Source Server.

Install Windows SBS 2003 Service Pack 1 (SP1), if it is not yet installed. You can download Windows SBS 2003 SP1 at the Microsoft Windows Small Business Server 2003 Service Pack 1 (SP1) website.

Important

To ensure that the correct version of Microsoft .NET Framework is installed, you

must install Windows SBS 2003 SP1 before you install Windows Server 2003

Service Pack 2 (SP2).

Install Windows Server 2003 SP2, if it is not yet installed. You can download Windows Server 2003 SP2 at the Windows Server 2003 Service Pack 2 website.

Notes

If you experience network-related issues after installing SP2, see article 948496 in the Microsoft Knowledge Base.

To learn more about the best practices and known issues that are related to SP2 for Windows Server 2003, see article 939421 in the Microsoft Knowledge Base.

Although Exchange Server and SharePoint® Services are not migrated during the

process documented here, we recommend that you create a well-known configuration for

these applications by applying the required service packs.

8

To install updates by using Windows

Install Windows SBS 2003 Service

Install Windows Server 2003 Service

Note






Install Exchange Server 2003 Service Pack 2 (SP2), if it is not installed. You can download Exchange Server 2003 SP 2 from the Service Pack 2 for Exchange Server 2003 website.

Note

Windows SBS 2011 Essentials does not directly support migrating Windows

SharePoint Services 3.0 or Windows Server Update Services 3.0 from Windows

SBS 2003 to Windows SBS 2011 Essentials. For information about migrating

Windows SharePoint Services 3.0, see Upgrading to SharePoint

Foundation 2010 .

Install Windows SharePoint Services 2.0 Service Pack 3, if it is not installed. Download it from the Windows SharePoint Services Service Pack 3 (SP3) website, and then install it.

Download MSXML 6.0 from the Microsoft Core XML Services (MSXML) 6.0 Service Pack 1 website.

Verify the network configurationTo prepare for migration, you must install a router on your network to use as a gateway to the

Internet. You must also configure your Source Server to use one network adapter, and disable

your virtual private network (VPN) on the Source Server (if it is running).

Reconfiguring your existing network

Before you can migrate your network to Windows SBS 2011 Essentials, you must install and

configure a router on your network and configure the Source Server to use one network adapter.

When you are done, your network will look like the following figure:

9

Install Exchange Server 2003 Service

Install Windows SharePoint Services 2.0 Service

Install Microsoft Core XML Services (MSXML) 6.0 Service








1. Unplug the network adapter from the broadband connection.

2. Install a router on your network as shown in the previous figure.

3. To make sure that the Windows SBS 2011 Essentials Installation Wizard can find the router on your network, ensure that the IP address on the network adapter within the router is set to 192.168.x.1 or 192.168.x.254, where x is a number from 1 to 254. This IP address is the default gateway address for your network.

Note

For information about installing and configuring a router, see the documentation

from your router manufacturer.

4. On the Source Server, run the Configure E-mail and Internet Connection Wizard to configure the Source Server for one network adapter, as follows:

To configure the Source Server for one network adapter

a. Click Start, and then click Server Management.

b. In the console pane, click To Do List.

c. In the details pane, click Connect to the Internet.

d. Complete the wizard.

5. If you are using a VPN on the Source Server, disable it. To disable the VPN on the Source Server, run the Remote Access Wizard, as follows:

To disable the VPN on the Source Server

a. Click Start, and then click Server Management.

b. In the console pane, click Internet and E-mail.

c. In the details pane, click Configure Remote Access.

d. Complete the wizard, and make sure that you click Disable remote access on the Remote Access Method page.

6. If you have computers or devices that are configured with static IP addresses or DHCP Server role settings, you must manually update each of them with the new default gateway IP address.

Verify the settings for the DHCP Server role

Windows SBS 2003 is configured to run the DHCP Server role. However, Windows SBS 2011

Essentials does not use the DHCP Server role, and you will eventually need to move the DHCP

Server role to the router. During migration, you can manage the DHCP Server role from the

Source Server or from the router, depending on your current network configuration:

1

To configure the Source Server to use one network

If you are running the DHCP Server role on the Source Server, we recommend that you continue to run this role from the Source Server during migration. After you have removed the Source Server from the network, move the DHCP Server role to the router.

If your network already runs the DHCP Server role from the router, and it is running without issues, we recommend that you continue to run the DHCP Server role from the router during migration.

Ensure that your Source Server is in a healthy state before you proceed by performing

the procedures in the following section.

Use Windows SBS 2003 Best Practice Analyzer to evaluate the health of the Source Server

If your Source Server is running Windows SBS 2003, you can run the Windows SBS 2003 Best

Practices Analyzer (BPA) to verify that there are no issues on your server, network, or domain

before you start the migration process.

If your Source Server is running Windows Server 2003 Standard Edition, you cannot use

the Windows SBS 2003 BPA. In these cases, make sure that you run the Windows

Support Tools to determine if there are any network issues that you need to resolve.

Run the Windows SBS 2003 Best Practices Analyzer

Your Source Server must be running Windows SBS 2003 to run the Windows SBS 2003

BPA.

The Windows SBS 2003 BPA collects configuration information from the following sources:

Active Directory® Windows Management Instrumentation (WMI)

The registry

The Internet Information Services (IIS) metabase

The Windows SBS 2003 BPA checks the following services and applications:

Exchange Server

Update Services

Network configuration

Windows SharePoint Services

Microsoft SQL Server™

1. Download and install the Windows SBS 2003 BPA from the Microsoft Windows Small Business Server 2003 Best Practices Analyzer website.

11

Note

Note

Note

To use the Windows SBS 2003 BPA to analyze your Source



2. After the download is complete, click Start, click All Programs, and then click SBS Best Practices Analyzer Tool.

Note

Check for updates before you scan the server.

3. In the navigation pane, click Start a scan.

4. In the details pane, type the scan label. The scan label is the name of the scan report, for example SBS BPA Scan 8Jun2011. Click Start scanning.

5. After the scan finishes, click View a report of this Best Practices scan.

After the Windows SBS 2003 BPA collects and analyzes the information, it presents a list of

issues that are sorted by severity. The Windows SBS 2003 BPA describes each issue that it

encountered and suggests solutions. Three report types are available:

Report Type Description

List Reports Displays reports in a one-dimensional list.

Tree Reports Displays reports in a hierarchical list.

Other Reports Displays reports such as a Run-Time Log.

To view the description and the solutions for an issue, click the issue in the report. Not all of the

issues that are reported by the Windows SBS 2003 BPA affect migration, but you should solve as

many of the issues as possible to ensure that the migration is successful.

Run the Windows Support ToolsTo determine if there are any other problems with the network, run the Windows Support Tools

after you run the Windows SBS 2003 BPA.

The following table lists the tools that you can use to diagnose issues on your server, network,

and domain:

Tool Description

Netdiag.exe Helps isolate networking and connectivity

issues. For more information and to download

this tool, see Netdiag.

Dcdiag.exe Analyzes the state of domain controllers in a

forest or enterprise, and reports issues to assist

you in troubleshooting. For more information

and to download this tool, see Dcdiag.

Repadmin.exe Assists you in diagnosing replication issues

between domain controllers. This tool requires

1



Tool Description

command-line parameters to run. For more

information and to download this tool, see

Repadmin.

You should correct all the issues that these tools report before you proceed with the migration.

Synchronize the Source Server time with an external time sourceThe time on the Source Server must be set to within five minutes of the time on the Destination

Server, and the date and time zone must be the same on both servers. If the Source Server is

running in a virtual machine, the date, time, and time zone on the host server must match that of

the Source Server and the Destination Server. To help ensure that Windows SBS 2011 Essentials

is installed successfully, you must synchronize the Source Server time to the Network Time

Protocol (NTP) server on the Internet.

1. Log on to the Source Server with a domain administrator account and password.

2. Click Start, click Run, type cmd in the text box, and then press ENTER.

3. At the command prompt, type w32tm /config /syncfromflags:domhier /reliable:no /update, and then press ENTER.

4. At the command prompt, type net stop w32time, and then press ENTER.

5. At the command prompt, type net start w32time, and then press ENTER.

During the Windows SBS 2011 Essentials installation, you have an opportunity to verify

the time on the Destination Server and change it, if necessary. Ensure that the time is

within five minutes of the time that is set on the Source Server. When the installation

finishes, the Destination Server synchronizes with the NTP. All domain-joined computers,

including the Source Server, synchronize to the Destination Server, which assumes the

role of the primary domain controller (PDC) emulator master.

Raise the functional level of the Active Directory domain and forest

When Windows SBS 2003 is installed on a server, the functional level of the Active Directory

domain and forest are set to the Microsoft Windows 2000 operating system. To finish the

migration successfully, you must raise the level of the domain and forest to Windows

Server 2003. For more information about raising the functional level of the AD DS domain and

forest, see article 322692 in the Microsoft Knowledge Base.

1

To synchronize the Source Server time with the NTP

Important



If you have domain controllers that are running the Windows NT® 4.0 operating system

or earlier, or Windows 2000 Server, you must demote them before you can raise the

domain functional level to Windows Server 2003. Also, after you raise the domain

functional level to Windows Server 2003, you cannot change it back to Windows 2000

mixed mode or to Windows 2000 native mode.

You must be a member of the Domain Admins group in the domain for which you want to

raise functionality or the Enterprise Admins group in Active Directory Domain Services

(AD DS), or you must be delegated the appropriate authority. As a security best practice,

you should use Run as to perform this procedure.

1. On the Source Server, click Start, point to Administrative Tools, and then click Active Directory Domains and Trust.

2. In the console pane, right-click the domain for which you want to raise the functional level, and then click Raise Domain Functional Level.

Note

The current domain functional level is displayed in Current domain functional

level, in the Raise Domain Functional Level dialog box.

3. In Select an available domain functional level, click Windows Server 2003, click Raise, and then click OK in the warning dialog box.

1. On the Source Server, click Start, point to Administrative Tools, and then click Active Directory Domains and Trust.

2. In the console pane, right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level.

Note

The current forest functional level is displayed in Current forest functional

level, in the Raise Forest Functional Level dialog box.

3. In Select an available forest functional level, click Windows Server 2003, click Raise, and then click OK in the warning dialog box.

If you receive a warning about having a Windows 2000 Server domain controller and you want to

continue with the migration, you should demote the server that is running Windows 2000 Server

to avoid problems during migration.

1

Important

Important

To raise the functional level of the

To raise the functional level of the

Prepare Active Directory for migrationTo prepare for migration, you need to:

1. Extend the AD DS schema

2. Update permissions on the Source Server

3. Extend the time limit for finishing the migration

You can use the Active Directory Preparation Tool (Adprep32) to extend the AD DS schema and

update permissions as necessary to prepare the forest and domain for a domain controller that is

running Windows SBS 2011 Essentials. The AD DS schema in Windows SBS 2011 Essentials is

not the same as the AD DS schema in Windows SBS 2003 or in Windows Server 2003. To

successfully complete the migration process, you must update the AD DS schema on the Source

Server if it is running Windows SBS 2003 or Windows Server 2003.

Back up your Source Server before you run Adprep32. All changes that the tool makes to

the schema are irreversible. If you experience issues during the migration, you can only

return the Source Server to the state before you ran the tool by restoring the system

backup.

Be sure that you have installed Windows SBS 2003 Service Pack 2 on the Source Server

before you run Adprep32.

To run Adprep32, you need Microsoft .NET Framework 2.0 SP1 on the Source Server. To

download and install Microsoft .NET Framework 2.0 SP1, see Microsoft .NET

Framework 2.0 Service Pack 1 (x86) .

To run Adprep32, you must be a member of the Enterprise Admins group, the Schema

Admins group, and the Domain Admins group.

1. On the Source Server, click Start, and then click Server Management.

2. In the navigation pane, click Users.

3. Right-click the administrator account that you are using for the migration, and then click Properties.

4. Click the Member Of tab, and then verify that Enterprise Admins, Schema Admins, and Domain Admins are listed in the Member of text box.

5. If the groups are not listed, click Add, and then add each group that is not listed.

Note

You must log off and log back on the server for the changes to take effect.

1

Important

Important

Note

Important

To verify that you have the appropriate permissions to run Adprep32 on Windows SBS 2003



1. Open a Command Prompt window as an administrator. See To open a Command Prompt window as an Administrator.

2. At the command prompt, type <DVDDrive>:\support\adprep32 /forestprep, where <DVDDrive> is the drive in which you have Windows SBS 2011 Essentials DVD1, and press ENTER.

3. At the command prompt, type <DVDDrive>:\support\adprep32 /domainprep /gpprep, where <DVDDrive> is the drive in which you have Windows SBS 2011 Essentials DVD1, and press ENTER.

4. Install the update Software Update to Support “Join Domain” Migration of Windows Small Business Server 2003 Data and Settings to New Hardware. This update extends the time limit for finishing the migration. Normally, only one server running Windows SBS 2011 Essentials or Windows SBS 2003 is allowed to be a domain controller on your network, but there is a limited exception for a migration. The update extends the time limit for the exception to 21 days.

5. Restart the Source Server.

Create a plan to migrate line-of-business applicationsA line-of-business (LOB) application is a critical computer application that is vital to running a

business. LOB applications include accounting, supply-chain management, and resource-

planning applications.

When you plan to migrate your LOB applications, consult with the LOB application providers to

determine the appropriate method for migrating each application. You also must locate the media

that is used to install the LOB applications on the Destination Server.

You can fill in the following table as you collect LOB application information. A good place to start

collecting information is to run Windows Control Panel, click Programs and look in the Program

Files (x86) and the Program Files folders.

Application or general data folder

name

Path to data Notes

Create a plan to migrate email that is hosted on Windows Small Business Server 2003

In Windows SBS 2003, email is provided through Exchange Server 2003. However, Windows

Small Business Server 2011 Essentials does not provide an inbox email service. If you are

1

To prepare Active



currently using Windows SBS 2003 to host your company’s email, you will need to migrate to an

alternate on-premise or hosted solution.

After you update and prepare your Source Server for migration, we recommend that you

create a backup of the updated server before you continue the migration process.

Next topic: Create a migration answer file for Windows SBS 2011 Essentials migration

Create a migration answer file for Windows SBS 2011 Essentials migration

Use Notepad to create the migration answer file. Save the answer file in the root directory of a

USB flash drive or other removable media. Values in the answer file pertain to the Destination

Server.

The answer file contains logon and password information that can be used to log on to

your server. To help protect your server, delete the answer file when you finish migrating

to Windows SBS 2011 Essentials.

1. Click Start, click All Programs, click Accessories, and then click Notepad.

2. Copy the following content and paste it into the file. Do not put any other content in the file.

Note

The following values are for the Destination Server.

[WinPE]

[InitialConfiguration]

AcceptEula=true

CompanyName=<CompanyName>

ServerName=<ServerName>

PlainTextPassword=<Password>

Settings=All

Migration=true

where

1

Note

Important

To create a migration answer

<CompanyName> is the friendly name of the company, for example Contoso Ltd.

<ServerName> is the name of the server, for example Contoso-srv

<Password> is the password for the local administrator, for example Pass@word1

Note

Do not change the other fields.

3. Click File, click Save, and browse to the root directory of the removable media.

4. In the File name text box, type cfg.ini; in Save as type, select All Files; and then click Save.

Important

When saving the file, you must choose All Files for the Save as type to ensure

that Notepad does not append the file name with a .txt extension.

Copy the migration answer file to removable media

You must complete this step before you start the migration.

Copy the migration answer file to the root partition of a USB flash drive or other removable media

(for example, G:\cfg.ini). Then, insert the media into the Destination Server before you start

migrating to Windows SBS 2011 Essentials. If the Windows SBS 2011 Essentials installation

wizard detects a migration answer file, the migration starts automatically.

When you finish migrating to Windows SBS 2011 Essentials, delete the answer file.

Next topic: Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011

Essentials migration

Previous topic: Prepare your Source Server for Windows SBS 2011 Essentials migration

Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011 Essentials migration

Windows SBS 2011 Essentials requires a 64-bit environment. Windows SBS 2011

Essentials does not support a 32-bit environment.

1

Important

Important

Important

A Windows SBS 2011 Essentials server will be ready for migrating data and settings after you

install and configure Windows SBS 2011 Essentials in migration mode, as follows:

1. Install Windows SBS 2011 Essentials on the Destination Server

2. Configure the DNS of the local network adapter

3. Join the Destination Server to the domain of the Source Server

4. Install and restore the Certification Authority

Install Windows SBS 2011 Essentials on the Destination Server

To install and configure Windows SBS 2011 Essentials on the Destination Server in migration

mode, perform the following procedure.

1. Turn on the Destination Server and insert Windows SBS 2011 Essentials DVD1 into the DVD drive. If you see a message that asks if you want to boot from a CD or DVD, press any key to do so.

Note

If the Destination Server does not boot from the DVD, restart the computer and

check the BIOS Setup to ensure that DVD-ROM is listed first in the boot

sequence. For more information about how to change the BIOS Setup boot

sequence, see your hardware manufacturer's documentation.

Note

If the removable media that contains the answer file is a USB device, you must

change the boot order in the BIOS Setup to assure that the server does not

attempt to boot to the USB device.

2. Insert the USB device or other removable media that contains the migration answer file in the Destination Server.

Note

The migration answer file is automatically detected on the root of any drive. If the

migration answer file is configured to run the installation in unattended mode,

values from the file are used during migration. You will not be prompted for

values unless they are invalid or missing from the answer file.

3. If you are installing the multilanguage version of Windows SBS 2011 Essentials, double-click one of the listed languages. If you are installing a single-language version, you will not be asked to choose a language.

4. Click New Installation.

5. If you have an internal hard drive that is not displayed in the list, click Load Drivers and install the necessary driver before continuing.

1

To install Windows SBS 2011 Essentials on the Destination

6. Select the check box that verifies all files and folders on your primary hard drive will be deleted, and then click Install.

7. When you receive the message "Your server is partially set up and is ready for you to start migration," click Close.

After the installation finishes, you are automatically logged on with the administrator user account

and password that you provided in the migration answer file.

To unlock the desktop while Windows SBS 2011 Essentials is installing, use the built-in

administrator account and leave the password blank.

Configure the DNS of the local network adapterTo resolve the existing domain name, perform the following steps to set the Domain Name

System (DNS) address of the Destination Server to the IP address of the Source Server.

You can also resolve the existing domain name by configuring the router to provide the IP

address of the Source Server as the DNS address. However, you will need to perform

this task again after the Destination Server becomes the primary server on the network.

1. Open a Command Prompt window on the Source Server.

2. At the command prompt, type ipconfig and press ENTER.

3. Record the IP address that is displayed.

1. Click the network icon in the notification area, click Network and Sharing Center, and then click the link that is displayed.

2. Click Change adapter settings.

3. Right-click the network adapter, and then click Properties.

4. Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

5. Select Use the following DNS server addresses, and in the Preferred DNS server text box, type the IP address of the Source Server that you previously recorded.

Join the Destination Server to the domain of the Source Server

Joining the Destination Server to the domain of the Source Server requires backing up and

removing the Certification Authority from the Destination Server, then promoting the Destination

Server to be a domain controller.

2

Note

Note

To obtain the IP address of the Source

To set the IP address of the Destination

Back up and remove the Certification Authority from the Destination Server

The Certification Authority must be removed from the Destination Server before it can join the

domain. Perform the following steps to back up and remove the Certification Authority.

1. In the Destination Server, open Windows Explorer and create an empty folder called C:\CA_Backup.

2. Click Start, point to Administrative Tools, and click Certification Authority.

3. Right-click <ServerName>-CA, point to All Tasks, and select Backup the CA…

4. Click Next on the welcome page.

5. Ensure that Private Key and CA certificate and Certificate database and certificate database log are selected, choose a location such as C:\CA_Backup, and then click Next.

6. Type and confirm a password for restoring the database, click Next, then click Finish to finish the wizard.

1. Click Start, click Administrative Tools, and then click Server Manager.

2. Under Roles Summary, click Remove Roles.

3. On the Before You Begin page, click Next.

4. Clear the Active Directory Certificate Services check box, and then click Next.

5. Confirm that only the Certification Authority is selected for removal, and click Remove.

6. After the Certification Authority is removed, click Close.

Promote the Destination Server to a domain controller You must promote the Destination Server to a domain controller in the existing Windows

SBS 2011 Essentials forest within six days of installing Windows SBS 2011 Essentials.

Use the DCPromo tool to promote the Destination Server as described in this section.

1. Perform the following steps to create an answer file on the administrator’s desktop.

Important

The answer file contains logon and password information that can be used to log

on to your server. To help protect your server, delete the answer file after

promoting the Destination Server to a domain controller.

a. Click Start, click All Programs, click Accessories, and then click Notepad.

b. Copy the following content and paste it into the file. Do not put any other content into

2

To back up the Certification

To remove the Certification

To promote the Destination Server to a domain

the file.

[DCINSTALL]

UserName=<domain-admin-user-name>

Password=<domain-admin-password>

UserDomain=<domain>.local

DatabasePath=%systemroot%\ntds

LogPath=%systemroot%\ntds

SYSVOLPath=%systemroot%\sysvol

SafeModeAdminPassword=<domain-admin-password>

ConfirmGc=Yes

InstallDNS=yes

CreateDNSDelegation=No

CriticalReplicationOnly=no

ReplicaOrNewDomain=Replica

ReplicaDomainDNSName=<domain>.local

ReplicationSourceDC=<Source-Server-Name>.<domain>.local

RebootOnCompletion=No

ApplicationPartitionsToReplicate=""*"";

Leave the rest of the file blank.

Important

The <domain>, <domain-admin-user-name>, and <domain-admin-

password> must reference the Source Server domain.

c. Click File, click Save, and then in the left pane, click Desktop.

d. In the File name text box, type dc-cfg.ini; for Save as type, choose All Files; and then click Save.

2. Open a Command Prompt window as an administrator. For more information, see To open a Command Prompt window as an Administrator.

3. Type the following command, and then press ENTER.

DCPROMO /unattend:”C:\Users\Administrator\Desktop\dc-cfg.ini”

After the DCPromo tool runs, the process status appears.

Note

If DCPromo does not succeed because of an incorrect entry in the answer file,

the tool may erase the passwords from the dc-cfg.ini file. If this occurs, add the

passwords back into the file before you run the tool again.

4. Restart the Destination Server to complete the operation.

5. Log on to the Destination Server as the domain administrator by using the same

2

username and password that you use on the Source Server.

6. To verify that the server is a domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.

7. Expand the node <domain>.local, where <domain> is the Source Server domain, and then click the Domain Controllers node. The Source Server and the Destination Server should appear in this node with GC in the DC Type column.

Important

Delete the answer file after you promote the Destination Server to a domain

controller.

Install and restore the Certification Authority

1. On the Destination Server, click Start, point to Administrative Tools, and then click Server Manager.

2. In the Roles Summary section, click Add Roles.

3. On the Before You Begin page, click Next.

4. On the Server Roles page, select Active Directory Certificate Services, and then click Next.

5. On the Introduction to Active Directory Certificate Services page, click Next.

6. On the Select Role Services page, select Certification Authority and Certification Authority Web Enrollment, and then click Next.

7. On the Specify Setup Type page, select Standalone, and then click Next.

8. On the Specify CA Type page, select Root CA, and then click Next.

9. On the Set Up Private Key page, select Use existing private key, choose the Select a certificate and use its associated private key option, and then click Next.

10. On the Select Existing Certificate page, choose the <ServerName>-CA certificate (where <ServerName> is the name of your Destination Server), and then click Next.

11. On the Configure Certificate Database page, accept the default locations, or click Browse if you want to save the database or log file to a different location. Then click Next.

12. Confirm your selections, and then click Install.

13. When the wizard is finished, click Close, and then restart the server.

1. Click Start, point to Administrative Tools, and then click Certification Authority.

2. In the Certification Authority console tree, right-click <ServerName>-CA (where <ServerName> is the name of your Destination Server), click All Tasks, and then click Restore CA.

2

To install the Certification

To restore the Certification

3. If you are asked to stop Active Directory Certificate Services, click OK.

4. The Certification Authority Restore Wizard appears. Click Next on the Welcome page of the wizard.

5. On the Items to Restore page, select Private key and CA certificate and Certificate database and certificate database log, type or browse to C:\CA_Backup, and then click Next.

Note

For an incremental restore, select the full backup file and complete the wizard.

Then re-run the wizard and select subsequent incremental backup files.

6. On the Provide Password page, type a password for gaining access to the private key and the CA certificate file, and then click Next.

7. When the wizard completes, click Finish.

8. You are asked if you want to start Active Directory Certificate Services. If you have additional incremental backups to restore, click No to re-run the wizard and continue restoring. If restoration is complete, click Yes to start Active Directory Certificate Services.

1. Click Start, point to Administrative Tools, and then click Certification Authority.

2. Right-click the server name, and then click Properties.

3. Click the Extensions tab.

4. In the list that is displayed, click http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELATACRLALLOWED>.crl, and ensure that the following options are selected:

Include in CRLs. Clients use this to find the Delta CRL location.

Include in the CDP extension of issued certificates.

5. Click Add, and in the location field, type http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELATACRLALLOWED>.crl

6. Click OK.

7. Click the Extensions tab, click http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELATACRLALLOWED>.crl, and ensure that the following options are selected:

Include in CRLs. Clients use this to find the Delta CRL location.

Include in the CDP extension of issued certificates.

8. Click OK to save your changes.

9. When you are asked to restart Active Directory Certificate Services, click Yes.

Next topic: Transfer the operations master roles for Windows SBS 2011 Essentials migration

Previous topic: Create a migration answer file for Windows SBS 2011 Essentials migration

2

Configure the CRL distribution

Transfer the operations master roles for Windows SBS 2011 Essentials migration

The operations master (also called flexible single master operations or FSMO) roles must be

transferred from the Source Server to the Destination Server within 21 days of installing Windows

SBS 2011 Essentials on the Destination Server.

1. On the Destination Server, open a Command Prompt window as an administrator. See To open a Command Prompt window as an Administrator.

2. At the command prompt, type NETDOM QUERY FSMO, and then press ENTER.

3. At the command prompt, type ntdsutil, and then press ENTER.

4. At the ntdsutil command prompt, enter the following commands:

a. Type activate instance NTDS, and then press ENTER.

b. Type roles, and then press ENTER.

c. Type connections, and then press ENTER.

d. Type connect to server <ServerName> (where <ServerName> is the name of the Destination Server), and then press ENTER.

e. At the command prompt, type q, and then press ENTER.

Type transfer PDC, press ENTER, and then click Yes in the Role Transfer Confirmation dialog box.

Type transfer infrastructure master, press ENTER, and then click Yes in the Role Transfer Confirmation dialog box.

Type transfer naming master, press ENTER, and then click Yes on the Role Transfer Confirmation dialog box.

Type transfer RID master, press ENTER, and then click Yes on the Role Transfer Confirmation dialog box.

Type transfer schema master, press ENTER, and then click Yes on the Role Transfer Confirmation dialog box.

f. Type q, and then press ENTER until you return to the command prompt.

From any server on the network, you can verify that the operations master roles have

been transferred to the Destination Server. Open a Command Prompt window as an

administrator (for more information, see To open a Command Prompt window as an

Administrator). Then, type netdom query fsmo and press ENTER.

Next topic: Transfer the global catalog to the Destination Server for Windows SBS 2011

migration

2

To transfer the operations master

Note

Previous topic: Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011


Transfer the global catalog to the Destination Server for Windows SBS 2011 migration

To ensure that the Destination Server is the global catalog for the network, transfer the global

catalog from the Source Server and configure services and domain settings, as follows:

1. Transfer the global catalog to the Destination Server

2. Enable the UPnP beacon for the Destination Server

3. Verify the health of the domain controller

4. Reconfigure DNS for the local network adapter

Transfer the global catalog to the Destination Server

To transfer the global catalog, create a new global catalog on the Destination Server, and then

remove the existing global catalog on the Source Server.

1. On the Destination Server, click Start, point to Administrative Tools, and then click Active Directory Sites and Services.

2. In the Active Directory Sites and Services console tree, double-click Sites, and then double-click Default-First-Site-Name.

3. Expand the Servers folder, click the name of the Destination Server, right-click NTDS Settings, and then click Properties.

4. On the General tab, select the Global catalog option if it is not already selected, and then click OK.

5. Restart the Destination Server.

Allow sufficient time for the account and the schema information to replicate to the

Destination Server before you remove the global catalog from the Source Server.

Before you continue, verify that the replication completed successfully, as follows:

1. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.

2. Expand the node <domain>.local, where <domain> is the Source Server domain, and then select the Domain Controllers node. The Destination Server should appear in this node with GC in the DC Type column.

2

To create a global catalog on the Destination

Note

You can perform additional verification by using the tools that are listed in the section

Verify the health of the domain controller.

Event 1119 might be logged in the Directory Services log in Event Viewer stating that the

Destination Server is now advertising itself as a global catalog server.

1. On the Source Server, click Start, click All Programs, click Administrative Tools, and then click Active Directory Sites and Services.

2. In the console tree, double-click Sites, and then double-click Default-First-Site-Name.

3. Double-click Servers, click the name of the Source Server, right-click NTDS Settings, and then click Properties.

4. On the General tab, clear the Global catalog option, and then click OK.

5. Restart the Source Server.

Enable the UPnP beacon for the Destination Server

The UPnP™ beacon is used to advertise the location of the Destination Server to the client

computers. To enable Launchpad to find the Destination Server, perform the following steps to

enable and start the necessary services.

1. On the Destination Server, click Start, click Administrative Tools, and then click Services.

2. On the Services console, find the following services:

SSDP Discovery

UPNP Device Host

Windows Server UPNP Device Service

3. If any of the previously listed services are disabled, enable each disabled service as follows:

a. Right-click the service name, click Properties, change the Startup type to Automatic, and then click OK.

b. Right-click the service name, and then click Start.

If a service already has an Automatic startup type, but it is not running, right-click the

service name, and click Start.

Verify the health of the domain controllerBefore proceeding with the migration, you should ensure that the domain controller and Windows

SBS 2011 Essentials network are healthy.

2

Note

Note

To remove the global catalog from the Source

Note

The following table lists the tools that you can use to diagnose issues on your Destination Server

and network, and in the domain:

Tool Description

Netdiag Helps isolate networking and connectivity

issues. For more information and to download,

see Netdiag.

Dcdiag.exe Analyzes the state of domain controllers in a

forest or enterprise, and reports issues to assist

you in troubleshooting. For more information

and to download, see Dcdiag.

Repadmin.exe Assists you in diagnosing replication issues

between domain controllers. This tool requires

command-line parameters to run. For more

information and to download, see Repadmin.

You should correct all the issues that these tools report before you proceed with the migration.

Reconfigure DNS for the local network adapterOn the Destination Server, change the Domain Name System (DNS) settings so that the

Destination Server uses itself as the DNS server.

1. In the notification area, click the network icon, and then click Network and Sharing Center.

2. Click Change adapter settings.

3. Right-click the name of the network card, and then click Properties.

4. Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

5. Click Use the following DNS server addresses. For Preferred DNS server, type 127.0.0.1.

6. Click OK to save your settings.

1. On the Source Server, click Start, click All Programs, click Administrative Tools, and then click DNS.

2. In the DNS management console, right-click the Source Server, click All tasks, and then click Stop.

Next topic: Import users and the Destination Server into the Dashboard for Windows SBS 2011


2

To reconfigure DNS for the local network

To turn off DNS on the Source




Previous topic: Transfer the operations master roles for Windows SBS 2011 Essentials

migration

Import users and the Destination Server into the Dashboard for Windows SBS 2011 Essentials migration

After the replication has taken place, user names will appear in Active Directory Users and

Computers, but they will not appear in the Windows SBS 2011 Essentials Dashboard. You can

use Windows PowerShell commands to import user names and the Destination Server into the

Dashboard, or you can use a script to automate the import process.

Windows SBS 2003 supports up to 75 users, while Windows SBS 2011 Essentials only

supports up to 25 users. Ensure that you move no more than 25 users to the Windows

SBS 2011 Essentials server.

1. On the Destination Server, click Start, click Administrative Tools, and then click Active Directory Users and Computers.

2. In the navigation pane, expand <DomainName>, expand My Business, expand Users, and then expand SBSUsers.

3. Right-click the right-hand panel, and click Create New Group. Type one of the following group names, click Security Group, and then click Create. Repeat this step to create the remainder of the following security groups. Set the scope for each group to Global.

RA_AllowAddInAccess

RA_AllowComputerAccess

RA_AllowDashboardAccess

RA_AllowHomePageLinks

RA_AllowNetworkAlertAccess

RA_AllowRemoteAccess

RA_AllowShareAccess

WSSUsers

Because the administrator account was migrated from the Source Server, by default it does not

have memberships to the Windows SBS 2011 Essentials security groups. To add group

memberships to the administrator account that you are using for migration, perform the following

procedure.

2

Important

To re-create security


2. In the navigation pane, expand <DomainName>, expand My Business, expand Users, and then expand SBSUsers.

3. Open the administrator account or accounts to which you want to assign membership.

4. Click the tab Member of and add the following groups to the account:

a. RA_AllowAddInAccess

b. RA_AllowComputerAccess

c. RA_AllowDashboardAccess

d. RA_AllowHomePageLinks

e. RA_AllowNetworkAlertAccess

f. RA_AllowRemoteAccess

g. RA_AllowShareAccess

1. On the Destination Server, open a Command Prompt window as an administrator. For more information, see To open a Command Prompt window as an Administrator.

2. Type cd “\Program Files\Windows Server\Bin”, and press ENTER.

3. Type WssPowerShell.exe, and then press ENTER.

4. Type Import-WssUser –Name <username>, and then press ENTER.

5. Repeat the previous step for each user name that you want to import into the Dashboard.

1. On the Destination Server, open Notepad and copy the following script into it:

"Script to Import Active Directory Users to the Windows SBS

2011 Essentials Dashboard"

import-module -name activedirectory

$users = get-aduser -filter *

foreach ($user in $users)

{

If ($user.enabled -eq $True)

{

$pat = ">"+$user.samaccountname+"<"

write-host {Pattern::} $pat

3

To make the administrator a member of the security

To manually import user names into the

To use a script to import user names into the

$imported = Select-String -path "C:\ProgramData\

Microsoft\Windows Server\Data\settingsproviderdata\IDENTITY\

USERS\index.xml" -pattern $pat

If ([boolean]$imported -eq $False)

{

$import = read-host "Do you want to import"

$user.name "to the Dashboard [y]/[n]"

If ($import -eq "y")

{

write-host {Importing User} $user.name

import-wssuser -name $user.samaccountname | out-

null

If( (get-wssuser -name

$user.samaccountname).UserStatus -eq "Enabled")

{

write-host User Successfully Imported

}

}

}

}

}

2. Click File, and then click Save.

3. Browse to any folder on your Destination Server, and type a file name with a .ps1 extension (for example, C:\importusers.ps1).

4. For Save as type, choose All Files, and then click Save.


6. Type cd “C:\Program Files\Windows Server\Bin” and press ENTER.


8. Type Set-ExecutionPolicy RemoteSigned, and then press ENTER.

9. Type <path><filename> for the script file that you created (for example, C:\importusers.ps1), and then press ENTER.

10. Type Set-ExecutionPolicy Restricted, and then press ENTER.

3


2. Type cd “\Program Files\Windows Server\Bin” and press ENTER.


4. Type Add-WssLocalMachineCert, and then press ENTER.

5. Reboot the Destination Server.

Next topic: Join computers to the new Windows SBS 2011 Essentials network

Previous topic: Transfer the global catalog to the Destination Server for Windows SBS 2011

migration

Join computers to the new Windows SBS 2011 Essentials network

The next step in the migration process is to join client computers to the new Windows SBS 2011

Essentials network and update Group Policy settings.

Domain-joined client computersBrowse to http://destination-server/connect and install the Windows Server Connector

software as if this was a new computer. The installation process is the same for domain-joined or

non-domain-joined clients.

Non-domain-joined client computersBrowse to http://destination-server/connect and install the Windows Server Connector

software as if this was a new computer. The installation process is the same for domain joined or

non-domain joined client computers.

Ensure that Group Policy has updated

This is an optional step, and it is only required if the Source Server was configured with

custom Group Policy settings such as Folder Redirection.

While the Source Server and the Destination Server are still online, you should ensure that the

Group Policy settings have replicated from the Destination Server to the client computers.

Perform the following steps on each client computer:

3

To import the Destination Server into the

Note

1. Open a Command Prompt window.

2. At the command prompt, type GPRESULT /R, and then press ENTER.

3. Review the resulting output for the section “Group Policy was applied from:” and ensure it lists the Destination Server, such as DestinationSrv.Domain.local. For example:

USER SETTINGS

--------------

CN=User,OU=Users,DC=DOMAIN,DC=Local

Last time Group Policy was applied: 1/24/2011 at 1:26:27 PM

Group Policy was applied from:

DestinationSrv.Domain.local

Group Policy slow link threshold: 500 kbps

Domain Name: Domain

Domain Type: Windows 2003

4. If the Destination Server is not listed, at a command prompt, type gpupdate /force, and then press ENTER to refresh the Group Policy settings. Then perform the previous procedure again.

5. If the Destination Server still does not appear, there may be an error in the Group Policy settings or an error in applying them to this specific client computer. If the Destination Server does not appear, perform the following steps:

a. Click Start, click Run, type rsop.msc (Resultant Set of Policy), and then press ENTER.

b. Expand the tree with the “X” on it until you get to a node.

c. Right-click the node, and click View Error for information about why the Group Policy settings are failing on the computer listed.

Next topic: Move settings and data to the Destination Server for Windows SBS 2011 Essentials

migration

Previous topic: Import users and the Destination Server into the Dashboard for Windows SBS

2011 Essentials migration

Move settings and data to the Destination Server for Windows SBS 2011 Essentials migration

Move settings and data to the Destination Server as follows:

1. Copy data to the Destination Server.

2. Configure the network.

3. Verify Terminal Services Gateway has configured the correct certificates.

3

4. Remove legacy logon settings and Active Directory Group Policy objects.

5. Remove legacy Active Directory Group Policy objects.

6. Map permitted computers to user accounts.

Copy data to the Destination ServerBefore you copy data from the Source Server to the Destination Server, perform the following

tasks:

Review the list of shared folders on the Source Server, including permissions for each folder. Create or customize the folders on the Destination Server to match the folder structure that you are migrating from the Source Server.

Review the size of each folder and ensure that the Destination Server has enough storage space.

Make the shared folders on the Source Server Read-only for all users so no writing can take place on the drive while you are copying files to the Destination Server.

1. Log on to the Destination Server as a domain administrator.

2. Click Start, type cmd in the search box, and then press ENTER.

3. At the command prompt, type the following command, and then press ENTER:

robocopy \\<SourceServerName> \<SharedSourceFolderName> \\

<DestinationServerName> \<SharedDestinationFolderName> /E /B

/COPY:DATSOU /LOG:C:\Copyresults.txt

where <SourceServerName> is the name of the Source Server,

<SharedSourceFolderName> is the name of the shared folder on the Source Server,

<DestinationServerName> is the name of the Destination Server, and

<SharedDestinationFolderName> is the shared folder on the Destination Server to which

the data will be copied.

4. Repeat the previous step for each shared folder that you are migrating from the Source Server.

Configure the network

This is a required task.

1. On the Destination Server, open the Dashboard.

2. Click Server Settings.

3. Click Turn on Remote Web Access.

3

To copy data from the Source Server to the Destination

Note

To configure the

4. Complete the wizard to configure the router and domain names.

If your router does not support the UPnP framework, or if the UPnP framework is disabled, there

may be a yellow warning icon next to the router name. Ensure that the following ports are open

and that they are directed to the IP address of the Destination Server:

Port 80: HTTP Web traffic

Port 443: HTTPS Web traffic

Verify that Terminal Services Gateway has configured the correct certificates

You need to ensure that Terminal Services Gateway has configured the correct certificates after

the back up and restore of the Certification Authority.


2. Type the following, and then press ENTER:

cd \Program Files\Windows Server\Bin

3. Type the following, and then press ENTER:

ConfigureRDP.exe

After ConfigureRDP.exe runs, the correct certificates will be configured.

Remove legacy logon settings and Active Directory Group Policy objects

Remove old logon scripts (optional)Windows SBS 2003 uses logon scripts for tasks such as installing software and customizing

desktops. In Windows SBS 2011 Essentials, the Windows SBS 2003 logon scripts are replaced

with a combination of logon scripts and Group Policy objects.

If you modified the Windows SBS 2003 logon scripts, you should rename the scripts to

preserve your customizations.

Windows SBS 2003 logon scripts apply only to user accounts that were added by using

the Add New Users Wizard.

3

To verify the certificates in Terminal Services

Note

Note

1. Click Start, click Administrative Tools, click Active Directory Users and Computers, and then click Users.

2. Right-click a user name, then click Profile.

3. Delete the contents of the Logon script text box, then click OK.

4. Repeat the previous two steps for each user.

Remove legacy Active Directory Group Policy objects (optional)

The Group Policy objects (GPOs) are updated for Windows SBS 2011 Essentials. They are a

superset of the Windows SBS 2003 GPOs. For Windows SBS 2011 Essentials, a number of the

Windows SBS 2003 GPOs and Windows Management Instrumentation (WMI) filters have to be

manually deleted to prevent conflicts with the Windows SBS 2011 Essentials GPOs and WMI

filters.

If you modified the original Windows SBS 2003 Group Policy objects, you should save

copies of them in a different location, and then delete them from Windows SBS 2003.

1. Log on to the Source Server with an administrator account.

2. Click Start, and then click Server Management.

3. In the navigation pane, click Advanced Management, click Group Policy Management, and then click Forest: <YourDomainName>.

4. Click Domains, click <YourDomainName>, and then click Group Policy Objects.

5. Right-click Small Business Server Auditing Policy, click Delete, and then click OK.

6. Repeat step 5 to delete the following GPOs that apply to your network:

Small Business Server Client Computer

Small Business Server Domain Password Policy

We recommend you configure the password policy in Windows SBS 2011 Essentials

to enforce strong passwords. To configure the password policy, use the Dashboard,

which writes the configuration to the default domain policy. The password policy

configuration is not written to the Small Business Server Domain Password Policy

object, like it was in Windows SBS 2003.

Small Business Server Internet Connection Firewall

Small Business Server Lockout Policy

Small Business Server Remote Assistance Policy

Small Business Server Windows Firewall

3

To remove the Windows SBS 2003 logon

Note

To remove old Group Policy objects from Windows

Small Business Server Windows Vista® Policy

Small Business Server Update Services Client Computer Policy

This GPO will be present if you are migrating from Windows SBS 2003 R2.

Small Business Server Update Services Common Settings Policy


Small Business Server Update Services Server Computer Policy


7. Confirm that all of the GPOs are deleted.

1. Log on to the Source Server with an administrator account.

2. Click Start, and then click Server Management.

3. In the navigation pane, click Advanced Management, click Group Policy Management, and then click Forest: <YourNetworkDomainName>

4. Click Domains, click <YourNetworkDomainName>, and then click WMI Filters.

5. Right-click PostSP2, click Delete, and then click Yes.

6. Right-click PreSP2, click Delete, and then click Yes.

7. Right-click Vista, click Delete, and then click Yes.

8. Confirm that these three WMI filters are deleted.

Map permitted computers to user accountsIn Windows SBS 2003, if a user connects to Remote Web Access, all the computers in the

network are displayed. This may include computers that the user does not have access rights to.

In Windows SBS 2011 Essentials, a user must be explicitly assigned to a computer for it to be

displayed in Remote Web Access. Each user account that is migrated from Windows SBS 2003

must be mapped to one or more computers.

1. Open the Windows SBS 2011 Essentials Dashboard.

2. In the navigation bar, click Users.

3. In the list of user accounts, right-click a user account, and then click View the Account Properties.

4. Click the Remote Web Access tab, click Allow Remote Web Access, and show selected links in Remote Web Access.

5. Click Shared Folders, click Computers, click Home page, and then click Apply.

6. Click the Computer Access tab, and click the name of the computer to which you want to allow access.

7. Repeat steps 3, 4, 5, and 6 for each user account.

3

To remove WMI filters from Windows

To map user accounts to

After you have mapped user accounts to client computers, you can set a default computer to be

used for remote access. In the Dashboard, click the Remote Access tab. In User Account

Properties, set a default client computer for each user who needs to access the network remotely.

You do not need to change the configuration of the client computer. It is configured

automatically.

After you complete the migration, if you encounter an issue when you create the first new

user account on the Destination Server, remove the user account that you added, and

then create it again.

Next topic: Demote and remove the Source Server from the new Windows SBS 2011 Essentials

network

Previous topic: Join computers to the new Windows SBS 2011 Essentials network

Demote and remove the Source Server from the new Windows SBS 2011 Essentials network

After you finish installing Windows SBS 2011 Essentials and you complete the tasks in the

Migration Wizard, you must perform the following tasks:

1. Prepare your organization for the removal of the last server running Exchange Server 2003 .

2. Uninstall Exchange Server 2003 .

3. Disconnect printers that are directly connected to the Source Server.

4. Demote the Source Server.

5. Move the DHCP role from the Source Server to the router.

6. Remove and repurpose the Source Server.

Prepare your organization for the removal of the last server running Exchange Server 2003

Complete the following tasks prior to uninstalling Exchange Server 2003. For detailed

instructions about how to complete these steps, see How to Remove the Last Legacy

Exchange Server from an Organization.

1. Move all mailboxes.

2. Move all contents from the public folders.

3. Move the Offline Address Book Generation Process.

3

Note

Note

Note



4. Remove the public folder mailbox and stores.

5. Verify that you can send and receive email to and from the Internet.

6. Delete the routing group connectors.

7. Delete or reconfigure the Mailbox Manager policies.

8. Move the public folder hierarchy.

9. Delete the domain Recipient Update Services.

10. Delete the Enterprise Recipient Update Service.

Uninstall Exchange Server 2003

If you add user accounts after you move mailboxes to the Destination Server and before

you uninstall Exchange Server 2003 from the Source Server, the mailboxes are added on

the Source Server. This is by design. You must move the mailboxes to the Destination

Server for all user accounts that are added during this time. Repeat the instructions in

Move Exchange Server mailboxes and settings for Windows SBS 2011 Essentials

migration before you uninstall Exchange Server 2003.

You must uninstall Exchange Server 2003 from the Source Server before you demote it. This

removes all references in AD DS to Exchange Server on the Source Server. You must have your

Exchange Server 2003 media to remove Exchange Server 2003.

To remove Exchange Server 2003 from the Source Server, follow the instructions in How

to remove Exchange Server 2003 from your computer.

Disconnect printers that are directly connected to the Source Server

Before you demote the Source Server, physically disconnect any printers that are directly

connected to the Source Server and are shared through the Source Server. Ensure that no Active

Directory objects remain for the printers that were directly connected to the Source Server. The

printers can then be directly connected to the Destination Server and shared from Windows SBS

2011 Essentials.

Demote the Source ServerBefore you demote the Source Server from the role of the AD DS domain controller to the role of

a domain member server, ensure that Group Policy settings are applied to all client computers, as

described in the following procedure.

The Source Server and the Destination Server must be connected to the network while

the Group Policy changes are updated on the client computers.

3

Important

Important

Important



1. Log on to the client computer as an administrator.


3. At the command prompt, type gpupdate /force, and then press ENTER.

4. The process may require you to log off and log on again to finish. Click Yes to confirm.

1. On the Source Server, click Start, click Run, type dcpromo, and then click OK.

2. Click Next twice.

Note

Do not select This server is the last domain controller in the domain.

3. Type a password for the new Administrator account on the server, and then click Next.

4. In the Summary dialog box, you are informed that AD DS will be removed from the computer and that the server will become a member of the domain. Click Next.

5. Click Finish. The Source Server restarts.

6. After the Source Server restarts, add the Source Server as a member of a workgroup before you disconnect it from the network.

After you add the Source Server as a member of a workgroup and disconnect it from the network,

you must remove it from AD DS on the Destination Server.


2. In the User Account Control window, click Continue if prompted.

3. In the Active Directory Users and Computers navigation pane, expand the domain name, and then expand Computers.

4. Right-click the Source Server name if it still exists in the list of servers, click Delete, and then click Yes.

5. Verify that the Source Server is not listed, and then close Active Directory Users and Computers.

Move the DHCP Server role from the Source Server to the router

If you already performed this task before you started the migration process, continue with

the section Remove and repurpose the Source Server.

4

To force a Group Policy update on a client

To demote the Source

To remove the Source Server from Active

Note

If your Source Server is running the DHCP role, perform the following steps to move the DHCP

role to the router.

1. Turn off the DHCP service on the Source Server, as follows:

a. On the Source Server, Click Start, click Administrative Tools, and then click Services.

b. In the list of currently running services, right-click the Windows Server, and then click Properties.

c. For Start type, select Disabled.

d. Stop the service.

2. Turn on the DHCP Role on your router

a. Follow the instructions in your router documentation to turn on the DHCP role on the router.

b. To ensure that IP addresses issued by the Source Server remain the same, follow the instructions in your router documentation to configure the DHCP range on the router to be the same as the DHCP range on the Source Server.

Important

If you have not set up a static IP or DHCP reservations on the router for the

Destination Server, and the DHCP range is not the same as the Source Server, it

is possible that the router will issue a new IP address for Destination Server. If

this happens, reset the port forwarding rules of the router to forward to the new IP

address of the Destination Server.

Remove and repurpose the Source ServerTurn off the Source Server and disconnect it from the network. We recommend that you do not

reformat the Source Server for at least one week to ensure that all the necessary data migrated

to the Destination Server. After you have verified that all the data has migrated, you can reinstall

this server on the network as a secondary server for other tasks, if required.

After you demote and remove the Source Server, restart the Destination Server.

After you demote the Source Server, it is not in a healthy state. If you want to repurpose the

Source Server, the simplest way is to reformat it, install a server operating system, and then set it

up for use as an additional server.

Next topic: Delete the old folder redirection Group Policy object for Windows SBS 2011


Previous topic: Move settings and data to the Destination Server for Windows SBS 2011


4

To move the DHCP role from the Source Server to the

Note

Delete the old folder redirection Group Policy object for Windows SBS 2011 Essentials migration

Perform this task only if folder redirection was enabled on the Source Server.

After you demote and disconnect the Source Server, you can delete the old Folder Redirection

Group Policy object from the Destination Server.

1. On the Destination Server, click Start, click Administrative Tools, and then click Group Policy Management.

2. In the User Account Control dialog box, click Continue

3. In the Group Policy Management navigation pane, expand Forest:<YourNetworkDomainName>, expand Domains, expand <YourNetworkDomainName>, and then expand Group Policy Objects.

4. Right-click Small Business Server Folder Redirection, and then click Delete.

5. Click Yes in the warning dialog box.

6. Close the Group Policy Management console.

Next topic: Perform optional post-migration tasks for Windows SBS 2011 Essentials migration

Previous topic: Demote and remove the Source Server from the new Windows SBS 2011

Essentials network

Perform optional post-migration tasks for Windows SBS 2011 Essentials migration

The following tasks help you finish setting up your Destination Server with some of the same

settings that were on the Source Server. You may have disabled some of these settings on your

Source Server during the migration process, so they were not migrated to the Destination Server.

Or they are optional configuration steps that you may want to perform.

1. Move natively joined Active Directory computer objects

2. Delete DNS entries of the Source Server

4

Note

To delete the Folder Redirection Group Policy

3. Share line-of-business and other application data folders

4. Fix client computer issues after migrating

Move natively joined Active Directory computer objects

This is an optional task.

The Windows SBS 2011 Essentials Dashboard displays AD DS computer objects that are in the

Windows SBS 2011 Essentials default organizational unit (OU),

OU=<YourNetworkDomainName>\MyBusiness\Computers\SBSComputers. If you want to

manage computer objects that were natively joined to the domain, you must move the computer

objects into the default OU.


2. In the Users Account Control dialog box, click Continue.

3. In the navigation pane, expand <YourNetworkDomainName>, and then expand the Computers container or the container where the computer objects are located.

4. Expand the MyBusiness container, expand the Computers container, and then expand the SBSComputers container.

5. Drag-and-drop the computer objects from their current location to the SBSComputers container, and then click Yes in the warning dialog box.

6. When you finish moving the computer objects, close Active Directory Users and Computers.

Delete DNS entries of the Source ServerAfter you decommission the Source Server, the Domain Name Service (DNS) server may still

contain entries that point to the Source Server. Delete these DNS entries.

1. On the Destination Server, click Start, click Administrative Tools, and then click DNS.

2. In the User Account Control dialog box, click Continue.

3. In the DNS Manager console, expand the server name, and then expand Forward Lookup Zones.

4. Right-click the first zone, click Properties, and then click the Name Servers tab.

5. Click an entry in the Name servers text box that points to the Source Server, click Remove, and then click OK.

6. Repeat the previous step until all pointers to the Source Server are removed.

7. Click OK to close the Properties window.

4

Note

To move computer objects to the default

To delete DNS entries that point to the Source

8. In the DNS Manager console, expand Reverse Lookup Zones.

9. Repeat steps 4 through 7 to remove all Reverse Lookup Zones that point to the Source Server.

Share line-of-business and other application data foldersYou must set the shared folder permissions and the NTFS permissions for the line-of-business

and other application data folders that you copied to the Destination Server. After you set the

permissions, the shared folders are displayed in the Windows SBS 2011 Essentials Dashboard

on the Shared Folders tab.

If you are using a logon script to map drives to the shared folders, you must update the script to

map to the drives on the Destination Server.

Fix client computer issues after migratingIf you migrate to Windows SBS 2011 Essentials from Windows Small Business Server 2003

Premium Edition with Microsoft Internet Security and Acceleration (ISA) Server installed, client

computers on the network still have the Microsoft Firewall Client and Internet Explorer®

configured to use a proxy server.

This causes connectivity issues on the client computers, because the proxy server no longer

exists. If there is a different proxy server configured, the client computers continue to use the

server running Windows SBS 2003 for the proxy server. To fix this issue, you must remove

Microsoft Firewall Client on the client computers, and then reconfigure Internet Explorer to not

use a proxy server or to use the new proxy server.

1. On the client computer, click Start, click Control Panel, and then click Add or Remove Programs.

2. Click Microsoft Firewall Client, click Remove, and then click Yes.

3. Close all windows.

1. On the client computer, click Start, click Control Panel, and then click Uninstall a program.

2. Click Microsoft Firewall Client, click Remove, and then click Yes.

3. Close all windows.

1. In Internet Explorer, click Tools, and then click Internet Options.

2. Click the Connections tab, click LAN Settings, and then do one of the following:

a. If you are not using a proxy server on your network, clear all check boxes in the

4

To remove Microsoft Firewall Client in Windows XP

To remove Microsoft Firewall Client in

To reconfigure

Local Area Network (LAN) Settings dialog box.

b. If you want to use a new proxy server on your network:

In the Local Area Network (LAN) Settings dialog box, clear the check boxes in the Automatic configuration section.

In the Proxy server section, verify that both check boxes are selected.

In the Address text box, type the fully qualified domain name (FQDN) of the proxy server.

In the Port text box, type 80.

3. Click OK twice.

4. Browse to a website to ensure that the connection settings are correct.

Next topic: Run the Windows Server Solutions Best Practices Analyzer

Previous topic: Delete the old folder redirection Group Policy object for Windows SBS 2011


Run the Windows Server Solutions Best Practices Analyzer

When you finish migrating your settings and data to Windows SBS 2011 Essentials, you should

run the Windows Server® Solutions BPA. The BPA examines a server that is running Windows

SBS 2011 Essentials and presents a report that describes issues and provides recommendations

for resolving them. The recommendations are developed by the product support organization for

Windows SBS 2011 Essentials.

For more information about Windows Server Solutions BPA, see the Windows Server Solutions

Best Practices Analyzer.

Previous topic: Perform optional post-migration tasks for Windows SBS 2011 Essentials

migration

4

http://go.microsoft.com/fwlink/?LinkID=206767

http://go.microsoft.com/fwlink/?LinkID=206767

Date post:	11-Mar-2015
Category:	Documents
Upload:	joserezlez
View:	125 times
Download:	2 times

A Migrate 2003

Documents