THE OFFICIAL BLOG OF THE SBS "DIVA"

http://blogs.technet.com/sbs/archive/2009/02/19/sbs-2008-migrations-from-sbs-2003-keys-to-success.aspx

So while I'm in the process of still getting the workstations ready to go for the change out of ISA (removing ISA client on the workstations, ensure that the proxy settings are removed, etc. etc. so let's recap where we are at in our planning stage of the pre-steps of migration.

A. Read through the migration guide before starting.

We've read.  Killed a few trees in the process too.

B. Watch the migration video demos and online training.

We've killed a few electrons in the process. 

C.  Join a SBS 2008 Newsgroup.

Okay I personally kinda have that one covered, but the best 2008 one for migration issues can be signed up to via this link.

D.  Practice a migration in a test environment. 

Right now I'm testing the plain running of a server on the new HyperV environment.  While I have done dry runs/practice runs of clean SBS 2003 boxes, I'm still shooting to use SCVMM to pull a PtoV version of my actual SBS 2003 so that I know EXACTLY what I'm facing. 

E.  On the source server run the SBSBPA.

We already covered how to install www.sbsbpa.com on the server and to ensure all was clean

F.  On the Source Server make sure the Active Directory is healthy.

While we've done dcdiag and what not, we have not showcased how the IT Health Scanner helps in this process.

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=dd7a00df-1a5b-4fb6-a8a6-657a7968bd11

So we install it and run it on our SBS 2003 boxes

First you enter the internal IP address of the firewall (on a SBS 2003 box that's most likely to be the IP address of the server if you have a traditional two nic setup and haven't yet removed ISA fully)

Click scan to start scanning the network.

Let's see what it came up with....

The upper AD section looks clean ...that's good...

It's saying that the domain controller is listening on multiple addresses (well right now it still has two nics so that's kinda to be expected)

It also says I have an orphaned network interface mainly because I'm doing this remotely and it's reacting to that remote session.

One of the unusual errors is pointing to KB 884776 http://support.microsoft.com/default.aspx?scid=kb;en-us;884776 and saying that I have the domain controller configured to allow time connections greater than 172800 seconds.  I honestly haven't seen issues leaving that one as is for purposes of migration.

Now we're up to item G:

G. On the Source server, check the Primary group of the account you will use to install the SBS 2008 server into the domain.

Make sure the Primary group is set to something besides Domain Admins, Enterprise Admins, or Schema Admins. Otherwise, you may receive the following pop-up error during the migration:

The user account does not have the permission that it needs to join the domain. The user account must be a member of the Domain Admins, Enterprise Admins and Schema Admins groups.

1. In the properties of the user account, click the Member Of tab, and at the bottom look for the Primary group.
2. Make sure the Primary group IS NOT : Domain Admins or Enterprise Admins or Schema Admins.
3. To change it, select Domain Users and click the Set Primary Group button.

What some folks do is set up a special migration administrator account for purposes of the migration.

On the member of tab, make sure that the primary membership is domain users.

H.  On the Source Server run the SBS 2008 Migration Preparation tool.This tool performs the following actions:

1. Installs update 943494 on the SBS 2003 server to extend the migration grace period from 7 to 21 days.
2. Runs ADPREP to update the forest, domain, and group policy object access control entries.
3. Changes Exchange 2003 from Mixed mode to Native mode.
4. Adds the Authenticated Users group to the Pre-Windows 2000 security group.

If Exchange 2003 is not running in Native mode, Exchange Server 2007 will not be installed and you will have to start all over. The error message is Exchange Server 2007 cannot be installed. For more information, see this.

If the Authenticated Users group is not a member of the Pre-Windows 2000 security group, then standard users will not be able to access the Remote Web Workplace. The error message they will see is: Cannot connect to the Remote Web Workplace site. To continue, contact your network administrator.

Since I don't have a functioning DVD on my source server, we can move it over to that box via usb or other means.  Just zip up the contents of the tools folder and move it over to your source server box.

So I moved it over to the old server, start the running of the tool and what should smack me upside the head?

The RUN A BACKUP GIRLFRIEND screen.

The system state run a backup screen.

The run an extra backup just because you feel like it screen.

The run an extra backup so you don't hate yourself screen.

The no, really you really want a couple of backups to give you options screen.

Our lesson is over tonight because I'm going to make sure I have SEVERAL means of backup right at this point.  The more ways we have backups, the more options we have should something arise.

Class dismissed for the evening, see you next session.  Don't forget your homework assignment to ensure you are signed up for that SBS 2008 newsgroup.