SBS 2003 to SBS 2008 Migration to a Different Domain Name

[Today's post comes to us courtesy of Wayne McIntyre and Justin Crosby ]

There are many reasons why a company may need or want to change their domain name, there could have been a company merger/split, the current domain name is too long or not to their liking, or simply the company’s name has changed.

This post will describe the migration process from SBS 2003 to SBS 2008 when you need to change your domain name. If you do not need to change your domain name please follow the SBS 2003 to SBS 2008 Migration white paper found here https://technet.microsoft.com/en-us/library/cc546034.aspx as this is the recommended method.

Limitations

  1. The Active Directory Migration Tool agent will not successfully deploy to your client computers due to authentication issues. The computers in your domain will have to be disjoined from the old domain and rejoined to the new domain manually. An additional step is required to recover the profile which is covered in the Active Directory Section of this article.
  2. Exmerge has a 2gb PST file size limitation, Mailboxes larger than 2gb’s will have to be exported using Outlook.
  3. Since you are migrating to a new domain using exmerge, an additional step is required to add an X500 Proxy address to restore calendar and reply to functionality of old messages and calendar items.

This blog will demonstrate moving from Tailspintoys.local to Contoso.local.

SBS 2008 Installation

Install SBS 2008 using the clean/new install method which will create a new domain name that you select during setup. If you want to use a TLD other than .Local you will need to create an answer file using the answer file generator to enter advanced mode setup. For more info see https://blogs.technet.com/sbs/archive/2009/01/02/introducing-the-windows-sbs-2008-answer-file.aspx

DNS

You should now have 2 separate domains and servers configured on your network working autonomously. The next step is to make sure each server can perform DNS resolution of the other domain. I personally like to configure conditional forwarders for this purpose, which is described below.

SBS 2003

  1. Open the DNS console from Administrative Tools.
  2. Right-click the server name and select properties.
  3. From the forwarders tab click new and specify the SBS 2008 domain name.
  4. Specify the selected domain’s forwarder IP address, which will be the IP of the SBS 2008 server itself and then click OK or Apply.
    clip_image001[1]

SBS 2008

  1. Open DNS management from Administrative Tools.

  2. Right-Click on the Conditional Forwarders folder and select New Conditional Forwarder

  3. Enter the DNS domain of the SBS 2003 server and the IP address of the SBS 2003 server since it is the DNS server for that domain then click OK.
    clip_image002[1]

    Note: Ignore the error, if you check the properties of the conditional forwarder afterwards it shows up as valid.

You should now be able to resolve both domains from both servers.

clip_image004

clip_image006

Active Directory

We now need to install the Active Directory Migration Tool v3.0. The reason why we are using v3.0 and not 3.1 is because we are going to run ADMT from the 2003 server. There are a number of reasons for this, one being that ADMT v3.1 does not install on SBS 2008 without modifying a registry key first, and secondly ADMT v3.1 does not seem to accept the work around to bypass the trust requirement of ADMT. You can download ADMT 3.0 from https://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6f86937b-533a-466d-a8e8-aff85ad3d212.

Since ADMT normally requires a trust we cannot simply launch the GUI and begin our migration we need to use the below command line to launch ADMT on the SBS 2003 server and enter the password for the SBS 2008 domain names administrator account when prompted. This will allow us to bypass the trust requirement by using pass thru authentication.

Runas /NetOnly /user:2008domainname\AdministratorAccount "MMC \"%windir%\ADMT\Migrator.msc\""

clip_image008[1]

We can now begin the process of migrating users, groups and computer accounts. The below steps will demonstrate the migration of user accounts.

  1. From the Action menu select User Account Migration Wizard and select Next

  2. In the Source Section enter the SBS 2003 Domain and Domain controller; in the Target Domain enter the SBS 2008 Domain and Domain controller then click Next.
    clip_image009[1]

  3. Choose Select users from domain then click Next

  4. Click Add to select all the users you wish to migrate at this point.
    clip_image010[1]

  5. Choose the target OU for these users and then click Next
    clip_image011[1]

  6. Select the option of “Generate complex passwords” (the reason we are not migrating passwords as it adds complexity or setting up a password export server)
    clip_image012[1]

  7. In the Account Transition Options check the box for “Migrate user SIDs to target domain”. If you get prompted to enable auditing on source/target server and to create a group just select yes to all three prompts as they are required to migrate SIDs*.
    clip_image013[1]

  8. Enter the User name and Password for the SBS 2003 domain and then click Next
    clip_image014[1]

    You should then see the screen with your accounts migrating without error.

    clip_image015[1]

    You can also verify that the user accounts you chose to migrate now show up in the target Domain.

    clip_image017[1]

  9. You can now run the group account migration wizard which will go thru similar steps to migrate any groups you have.

  10. As noted in the limitations you will have to disjoin your client computers from the old domain and rejoin them to the new domain manually (* you should do this as the very last step after the mail has been moved over as well). If you wish to recover the users profile you can follow the below KB article, it will work with XP and Vista clients as well: 324734 How To Restore a User Profile in Windows Server 2003

Exchange

Once we have the users on both domains, the next step will be to get the user mail over to the new server. First we will need to create a mailbox for the users in Exchange 2007.

  1. Open Exchange Management Console
  2. Expand Recipient Configuration and select the Mailbox Node
  3. On the Actions Pane select New Mailbox
  4. Choose the option for User Mailbox and click Next
    clip_image018[1]
  5. Select Existing users and click the add button to add the users you had just migrated then click Next.
    clip_image019[1]
  6. Select your Mailbox database then click Next
    clip_image020[1]
  7. Click New on the next screen and it should complete without errors and the users should now have mailboxes on the new SBS 2008 domain.
    clip_image021[1]

Once the users have mailboxes, we need to run the change user role wizard from the SBS console.

  1. From the Users and Groups tab in the SBS console under the Tasks pane select Change user role for user accounts.
  2. Choose the Standard User and add user permissions or settings option then click Next.
    clip_image022[1]
  3. Select the box that says “Display all user accounts in the Active Directory”, select all the users you had just migrated click Add, then Change user role.
    clip_image023[1]
  4. The change user role should complete successfully and your users should now show up in the SBS console.
    clip_image024[1]

Now, we have user accounts, and they have mailboxes, however these mailboxes are empty other than the welcome message and any new mail that may be coming in. We now need to migrate the users mailbox from the old SBS 2003 Exchange Server to the new SBS 2008 server with Exchange 2007.

  1. From the SBS 2003 server we recommend you use exmerge to export the user’s mailboxes to PST files. Below are some links that will help you get started with exmerge if you have never used it before.

    Exmerge download: https://www.microsoft.com/downloads/details.aspx?FamilyID=429163ec-dcdf-47dc-96da-1c12d67327d5&displaylang=en
    Exmerge permissions: https://technet.microsoft.com/en-us/library/aa996410(EXCHG.65).aspx
    Exmerge KBs: https://support.microsoft.com/kb/174197 and https://support.microsoft.com/kb/265441

  2. Once we have all the users mail from 2003 to PST files, follow this blog post on how to import PST files into Exchange 2007: https://blogs.technet.com/sbs/archive/2009/01/13/sbs-2008-how-to-export-and-import-mailboxes-to-and-from-pst.aspx

  3. To correct the issue with replying to old mail and calendar items not being modifiable you will need to update the x500 address for the user accounts. Follow this blog post on how to do so: Cannot Reply To Old Emails Or Modify Old Calendar Items After PST Mail Migration.

Sharepoint

If you need to migrate Companyweb data follow the below steps.

Steps to perform on Source (SBS 2003) server:

  1. Install SharePoint 2.0 SP 3.
  2. Complete the “To run the Prescan tool on the Source Server” steps from https://technet.microsoft.com/en-us/library/cc527602(WS.10).aspx.
  3. Stop the MSSQL(SharePoint) service.
  4. Copy the STS_servername_1 database files (.mdf and .ldf) to destination server.

Steps to perform on Destination (SBS 2008) server:

  1. Complete all of the steps from https://technet.microsoft.com/en-us/library/cc527482(WS.10).aspx.
  2. Complete the “To configure the internal Web site (CompanyWeb) to allow access from Windows Small Business Server 2008” steps from https://technet.microsoft.com/en-us/library/cc527602(WS.10).aspx.
  3. Open the Internet Explorer® Internet browser and browse to https://companyweb.
  4. On the Home page, click Site Actions and choose Site Settings.
  5. On the Site Settings page, in the Users and Permissions section, click Advanced permissions.
  6. On the Permissions page, do the following:
    1. Click New, Add Users.
    2. In Add Users, type Windows SBS SharePoint_OwnersGroup.
    3. In Give Permissions, select the Full Control check box.
    4. Uncheck Send welcome e-mail to the new users and click OK.
  7. Repeat step 6 for Windows SBS SharePoint_MembersGroup and give Design permissions.
  8. Repeat step 6 for Windows SBS SharePoint_VisitorsGroup and give Read permissions.
  9. Verify any custom permissions on individual libraries.