[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] Dear Active Directory Migration people of Microsoft - THE OFFICIAL BLOG OF THE SBS "DIVA"
Sat, Nov 26 2005 12:26 bradley

Dear Active Directory Migration people of Microsoft

So I just went through part of Jeff Middleton's process designed to move the domain roles from one server to another...something that big server land does a lot of but we don't down here.

I'm just putting you guys in AD on notice .... in a very public way....via this blog..... you gotta blonde this down before we're forced to upgrade to 64 bit.

I understand the process going on with the transfering of the FSMO roles and the process of moving the server to where the desktops don't even sense that a change has been made, but let's get real.  Not all of us SBS 2003 owners are going to want to migrate...what they have will be 'just fine'.  I'm sure it's like the consultant crowds are seeing a bit now.... those networks/owners where things are “just fine” are still on SBS 2000.  But for those of us that do... and for even folks that use a consultant..... many of the IT Pros out there have never done this before.  Heck even Brian Desmond ensures that people go through apprenticeship before letting folks loose. 

Let's review our current options for migration

  • Inplace - oooh yuck - leftover permissions and junk and running on possibly underpowered hardware  [and remember this one we can't do in 64 bit era]
  • ADMT - Microsoft mothership approved...but you rename the domain and rip everything out and your Exchange mailboxes size may grow [not quite the issue these days...but still]
  • Clean install - another rip out the domain glue
  • FSMO transfer role with drop in of Exchange store- [aka Swing] Joe may like command line ...but if this is going to go from only being done by IT Pros to being done by reasonably intelligent DIYers....sorry Joe but I think this could be made a lot easier with a good gloss of GUI on top.  And I'm not sure at all we'll be able to do that 'trick' of 'drop in the Exchange store' reconnect and we're done.

Get the idea that migration sucks in general?

I like nice pretty gui screens that ...yeah...while I might not read them .... are designed to keep me from being stupid [or hopefully try to be].  Server "kikibitzfinal" knows about 5 roles

Schema - CN=NTDS Settings,CN=KIKIBITZFINAL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Kikibitzrtm,DC=local

Domain - CN=NTDS Settings,CN=KIKIBITZFINAL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Kikibitzrtm,DC=local

PDC - CN=NTDS Settings,CN=KIKIBITZFINAL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Kikibitzrtm,DC=local

RID - CN=NTDS Settings,CN=KIKIBITZFINAL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Kikibitzrtm,DC=local

Infrastructure - CN=NTDS Settings,CN=KIKIBITZFINAL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Kikibitzrtm,DC=local

 

And yeah I can drill into the Active Directory Users and Computers and check the status of the FSMO roles, and I can use ntdsutil to view them... but Mr. AD people?  Gotta get it easier than this....that's for sure.

Filed under:

# re: Dear Active Directory Migration people of Microsoft

Saturday, November 26, 2005 4:24 PM by bradley

You can use a GUI to move each and every role?

There comes a breaking point (if you will) where you have to devote the time and energy to knowing what you are doing. If a person does not know how to transfer the roles, then the probobly don't know why they are doing it, and therefore shouldnt be touching it, blonde or not.

# re: Dear Active Directory Migration people of Microsoft

Saturday, November 26, 2005 4:33 PM by bradley

Yeah well tell that to the marketing guys.

The problem that I'm seeing is that marketing is 'spinning' these platforms into being so easy to handle and yet they are not building in paths for upgrade.

Actually to transfer or move, yes, but to seize, which is what the last part of the process needs, you need the command line.

# re: Dear Active Directory Migration people of Microsoft

Monday, November 28, 2005 5:10 AM by bradley

I have done about 5 or 6 migrations, and none of them are ever 'cookie-cutter' easy. There is always a problem, like FRS not working or something. Also, concerning moving Exchange, I have found the easiest and most trouble free method is to use NTBackup to backup the whole exchange store to a removable hard drive, run through the entire Swing-thing and then do a restore on the new equipment according to Hoyle.

I have taken Jeff's procedure, printed it out, annotated it with my own notes, color coded the commands, etc. and it works pretty well now for me and my techs. Never easy, but less troublesome.

Oh, and by the way, a HECK of a lot easier than reloading a new server and re-doing 60 desktop profiles before the beginning of the next business day!!!!!