SBS 2008 Domain rebuild. Any HELP is appreciated 3

[Theo2k]

Greetings,

I would like to ask anyone if you can help me to succesfully backup my AD accounts and exchange before rebuilding my server. Here is the story - The IT admin of our small business company decided to cause problems before his departure from our company. So what he did was to unistall IIS completely from SBS 2008 bringing the all web, rww, and sharepoing down. I talked with Microsoft for 4 hours and they recommended to rebuild. They cannot guaranty will be fixed otherwise. So here is my questions:

1. How can backup all my AD user accounts
2. How can I backup my exchange store?
3. What happens with all my existing win7 workstations after i rebuild the server? I would have to rejoin?

By the way no backup software is installed on the server.

Any help would be appreciated.

Thanks

Theo

 

[PaulGillespie]

Is the built in backup not configured?

To be honest, you're probably better just starting from scratch, I don't know of a way to easily backup your AD information and then restore it. Take your time and docujment your user accounts and folder permissions, copy all data to at least 2 usb drives, export mailboxes and public folders to pst files and then format the server and start again. Your machines will need to be removed form the dmain and rejoined.

sorry - no easy way round this.

 

[ShackDaddy]

It's easy to back up your AD accounts: merely build a Windows 2008 Server virtual machine on one of your office workstations and make it a DC in the existing domain. Then seize all the FSMO roles after taking your SBS box offline. When you rebuild the server, do a "migration" install, which will join the existing domain preserved by the DC, and all your AD accounts and objects will still be there, intact.

In addition, if you do an Exchange backup, it should be restorable after the rebuild whether or not you use the same servername, since you've preserved your Exchange environment in AD! (and because Exchange 2007 databases can be restored to servers with different names, as long as they are in the same Exchange org)

What you are basically doing is a "swing" migration to the same hardware. I've done it many times, and it's exactly what you need in this situation. There's a bit more complexity than I've described here, but those are the basics.

Dave Shackelford MVP
ThirdTier.net
TrainSignal.com

 

[markdmac]

Great advice Dave. A star from me. Not mentioned in your post is that this method will also prevent the poster from having to join the PCs back to the domain too.

I might however add the advice to install a trial version of Exchange on that VM and move mailboxes to it. Then you don't need to worry about a restore of Exchange at all, just move the mailboxes back again after the swing migration sets up Exchange again. You can also move public folders that way.

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Zpunky]

That is a very helpful reply, Dave. I was wondering if you could clarify something for me?

I recently had a job interview where I was asked how I would move the AD Services, DNS and DHCP from an SBS 2008 server to a Standard 2008 R2 Server. I was surprised since the interviewer said that he already had a number of 2008 R2 servers active in the SBS’ Domain; I thought SBS didn’t play well with Standard/Enterprise/Storage Server servers for various reasons, like licensing, etc.

I told him that without knowing the exact setup, this is how I would proceed:

I would Promote two other controllers to DCs, setting up DHCP and DNS on one so those services are ready to go, and then gracefully move the FSMO roles onto the two DC’s, moving Schema and Domain Naming Master onto one and PDC, RID and Infrastructure onto the other; I like to separate the roles in case one role holder goes down. Then quickly get the SBS server offline because allowing it to remain for even a short period of time could cause problems.

Thinking about it later, I wondered if it would be possible to start DNS and DHCP services on the non-SBS servers while they were in the same Domain with an SBS server.

Can you give me any feedback on this scenario?

Thanks,
Chris

 

[PaulGillespie]

I don't think you can transfer the roles from a SBS to another DC. Basically, install a DC, turn off the SBS and sieze the FSMO roles onto the DC. very roughly you understand.

 

[markdmac]

Paul is correct, SBS has to be the FSMO role holder. It will play well with having other DCs and GCs but the FSMO roles must exist on SBS if it is to remain in the mix. It is however not necessary to seize the roles. You can transfer them gracefully and then DCPromo the SBS after removing Exchange from it, then remove it from the domain.

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[PaulGillespie]

Thanks for the correction Mark. I've not had the need to do it in SBS 2008 but the way I describe was the preffereed way to do it for SBS2003. The MS sbs 2003 migration pack caused us many problems and much lost sleep! it was a few years ago but the painful memories still exist.

 

[ShackDaddy]

BTW, it would be fine running the DNS and DHCP services on the other DC's before removing the SBS server. You'd want to deactivate the scope on the SBS box, not shut off the DHCP service or delete the scope. That way as clients request DHCP renewals from the SBS box, it will issue NACK packets which cause the clients to immediately release their addresses and start fresh in their IP acquisition process. If you just delete the scope or disable the DHCP service, the clients will hold their old leases for the full lease period unless you manually force them to release and renew.

DNS runs on every DC typically, so it's a no-brainer to run it on any added DCs, and you could immediately configure DHCP to send the clients to the new DCs for DNS and stop pointing at the SBS box.

Dave Shackelford MVP
ThirdTier.net
TrainSignal.com

 

[Zpunky]

Thanks to everyone (Mark, Pal and Dave) for their input. I'm going in for an in-person interview Friday. I'm going to dig a little and find out what their exact SBS-to-Standard server setup actually is. All of my experience has been with Standard or Enterprise versions of the OS.

 

[markdmac]

I always prefer to export the DHCP scope and then import it into the new server. it is easy to do:

http://www.google.com/url?sa=t&sour...yI_lF0LRw&sig2=TIDIEHHZrR1kPW6Qcx230Q&cad=rja

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Zpunky]

Thanks Mark.
Do yo find that also applies to W2K8 DHCP servers? The article, dated 7/2010, only references NT though 2003; my experience with 2008 is OK, but not deep enough to know the differences in the various service implementations.
Chris

 

[Zpunky]

Mark, scratch that last request, I missed the link to the 2003-2008 migration at the top of the article in your link.
Chris