THE OFFICIAL BLOG OF THE SBS DIVA

So Rob sent me a comment via the blog........and since he didn't give me an email address.. I have to address him via this way.  But before you click to download the updated 06-015 patch, or reboot your box for the iTunes/Delta hotfix for ISA 2004 sp2, keep reading and don't make the same misinterpretation that Rob did in his reading about what SBS "can" and "cannot" do....

Rob has made a new post: SBS and the domain controller issue.
 

Can you send me a link to the podcast that confirms the fact that SBS 2003 (standard or enterprise) will happily coexist with other domain controllers on the same network\tree\forest etc please bearing in mind the following from microsoft.
 

"Q. What is Windows Server 2003 for Small Business Server? 
 

A. Windows Server 2003 for Small Business Server is designed for partners who want to deliver a server solution based on Windows Server 2003 as part of their product offering. It provides the same version of Windows Server 2003 that is used by Windows Small Business Server 2003, but it has none of the added features included in the standard edition or premium edition of Windows Small Business Server 2003.
 

Windows Server 2003 for Small Business Server has the following restrictions:
 

. Only one computer in a domain can be running Windows Server 2003 for Small Business Server.

. Windows Server 2003 for Small Business Server must be the root of the Active Directory forest.

. Windows Server 2003 for Small Business Server cannot trust any other domains.

. A Windows Server 2003 for Small Business Server domain cannot have any child domains.

. Each additional server must have a Windows Server 2003 for Small Business Server client access license (CAL). You can use CALs for each user or for each device."

( excerpt from http://www.microsoft.com/windowsserver2003/sbs/evaluation/faq/prodinfo.mspx - note that the products this refers to is the sbs 2003 family which is 'windows small business server 2003 standard edition' or 'windows small business server 2003 enterprise edition')
 

if what you say is correct (i.e. more that one domain controller allowed in a sbs 2003 standard or enterprise network) then why are microsoft misinforming us?
 

member servers i know are ok.
 

secondary dc's ? (what as in pdc/bdc pre NT5 compat), do you mean mixed or native mode.
 

having a server that will not relinquish fsmo roles is a pain in the *** for diaster recovery as I hope you well know.
 

I found that SBS 2003 CAL's way too expensive it was cheaper to buy server 2003 standard ed and exchange 2003 standard - with much more flexibilty with regard to recovery.
 

On a sillier note wouldn't placing more than one DC in a sbs 2003 (std ot ent) network be in violation of the microsoft eula.
 

I eagerly await your reponse.

Rob

…. Rob…couple of things wrong here.. first off that quote is about the ‘base’ operating system software of SBS.. not exactly SBS per se but the same rules apply…but I’m still not reading that that says you cannot have additional domain controllers.  SBS from day one has to be the primary domain controller, (note the emphasis on primary) but it does not have to be the only one.  It can’t do trusts..but you don’t need trusts to do additional domain controllers… so I’m not sure what you are reading in that that says you cannot add additional domain controllers.
 

You can’t add another SBS box…that’s what you can’t do and is what they are referring to here.
 

But which part of those phrases you quoted above in any way restrict us from having an “additional” “normal” Windows server acting as a domain controller.  All it says is that only one box can run the Windows  Server 2003 for Small Business software in a domain… it doesn’t say a thing about blocking another Windows server.
 

Microsoft is not misinforming us, you are just reading it wrong.  As far as the lack of movement of FSMO roles… sieze the suckers in a disaster.   If you have that additional DC.. all you have to do if you want it to have the FSMO roles is type in the commands and seize the suckers.  If “I”, blonde that I am… can do a swing migration… walk through the steps and see how having the FSMO roles on one box can be moved to another…. Everyone who works with servers should be able to see that under the hood, SBS is active directory.  Sure a few speed bumps here and there…but it’s AD.  And if you can’t handle disaster recovery of a SBS box… man… you probably can’t handle a normal server recovery either.
 

As I’ve said before, Jeff Middleton talks a lot about the myths of disaster recovery and it’s amazing all the misconceptions about SBS.
 

…Now....as a beancounter.. I’m having a hard time doing your math where you are saying that it’s cheaper for Windows Server/Exchange Server and cals.  Remember all the other stuff we get on a SBS box that is unique and worth it's weight in gold.  Remote Web Workplace, Rob is WHY you want SBS.  The daily email is WHY you want SBS.  And on the premium, show me how you pencil out that it's cheaper?  As far as flexibility for recovery… have you tried recovering a SBS box?  Truly.. all of you folks who complain about the DR-ability of a SBS box as compared to “normal” server.  Folks.. I got news for ya.  Restoring any server is no walk in the park.  Active Directory is the same whether you are running SBS or Windows Server. 
 

You cannot have another “SBS” in a SBS network.. but the Eula does not prohibit us in any way shape or form of having an additional domain controller.  BDC (backup domain controller) is a NT4 term and is no longer used.
 

READ THIS SBS MULTI-SERVER WHITEPAPER… and can everyone out here understand once and for all, that you can have 74 additional domain controllers if you really wanted to and SBS wouldn’t care?  Hey you wouldn't have any workstations...but if you really and truly wanted 74 additional domain controllers to provide redundancy to that SBS box.. you could.  SBS just has to hold the FSMO roles. 

"Windows Server 2003. One of the most common misconceptions is that customers cannot run another member server or domain controller in a Windows SBS domain. This is not true! You can add additional member servers that are running Windows Server 2003 or Windows 2000 Server to a Windows SBS domain. You can even promote a member server that is running Windows Server 2003 to be a domain controller, in order to improve authentication services at remote offices."

But as far as disaster recovery goes.. I personally think that everyone from SBS boxes to big server land needs to do a SBS migration method once.. why?  Because it showcases exactly how “normal” of active directory we really have.
 

In chatting with Jeff Middleton…. Who will be speaking on the myths of disaster recovery of Small Business Server at TechEd 2006 in Boston…"I'm saying that what is not understood is what it really takes to replace a single server...any single server...if a restore from backup is one way, and rebuild is another way...but transparency is what you are looking for regardless. The problem is that not enough people even understand the issues. Swing Migration demonstrates the issues by proving that it can work, it does work...they just don't attempt to understand the issues, we format and reload instead of repairing, or preparing to repair."
 

Sometimes the best thing in disasters is to save what you can and start over….but use the power of active directory to do just that... and stop thinking that SBS in any way gives you any less tools to do what you can in a disaster in a cost effective manner.