Monthly Archives: January 2011

You are browsing the site archives by month.

Running the BPA

When you finish migrating your settings and data to Windows SBS 2011 Standard, you should run Microsoft® Windows® Small Business Server 2011 Best Practices Analyzer.


 Windows SBS 2011 BPA examines a server that is running Windows SBS 2011 Standard, and then it presents a list of issues, errors, and other information, which are sorted by severity, that you should review. The list describes each issue, and it provides a recommendation about what you should do to resolve the issue. The recommendations are developed by the product support organization for Windows SBS 2011 Standard.


For more information about Windows SBS 2011 BPA, see Using the Microsoft Windows Small Business Server 2011 Standard Best Practices Analyzer (http://go.microsoft.com/fwlink/?LinkID=207300 ).
To download Windows SBS 2011 BPA, go to the Microsoft Download Center (
http://go.microsoft.com/fwlink/?LinkID=206767 ).


So if you are wondering why the BPA is a little… well … it makes you think it didn’t run at all… hang loose as there’s an all encompassing BPA being built that will BPA Aurora, SBS v7 (aka SBS 2011 standard) and Breckinridge (Storage Server).



So if you think the BPA didn’t run… it did… stay tuned as there will be updates in this area.

Step 35 – deleting the DNS entries in the source server



Delete DNS entries of the Source Server for Windows SBS 2011 Standard migration

After you decommission the Source Server, the DNS server still contains entries that point to the Source Server. Delete these DNS entries.
 To delete DNS entries that point to the Source Server
1.    On the Destination Server, click Start, click Administrative Tools, and then click DNS.
2.    In the User Account Control dialog box, click Continue.
3.    In the DNS Manager console, expand the server name, and then expand Forward Lookup Zones.
4.    Right-click the first zone, click Properties, and then click the Name Servers tab.
5.    Click an entry in the Name servers text box that points to the Source Server, click Remove, and then click OK.
6.    Repeat step 5 until all pointers to the Source Server are removed.
7.    Click OK to close the Properties window.
8.    In the DNS Manager console, expand Reverse Lookup Zones.
9.    Repeat steps 4 through 7 to remove all Reverse Lookup Zones that point to the Source Server.


Moving the PCs to the My business OU

The Windows SBS Console displays Active Directory Domain Service (AD DS) computer objects that are in or nested in the Windows SBS 2008 default Organizational Unit (OU), OU=<DomainName>\MyBusiness\Computers\SBSComputers. If you want to manage computer objects that were natively joined to the domain, you must move the computer objects into the default OU.
 To move computer objects to the default OU for Windows Small Business Server 2008
1.    On the Destination Server, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2.    In the Users Account Control dialog box, click Continue.
3.    In the navigation pane, expand <DomainName>, and then expand the Computers container or the container where the computer objects are located.
4.    Expand the MyBusiness container, expand the Computers container, and then expand the SBSComputers container.
5.    Drag and drop the computer objects from their current location to the SBSComputers container, and then click Yes in the warning dialog box.
6.    When you finish moving the computer objects, close Active Directory Users and Computer.
7.    Open the Windows SBS Console.
8.    In the navigation bar, click the Network tab, and then click Computers.
9.    Verify that all of the computers on your network are displayed.


What does all that mean?  If you manually join a PC to the domain, you’ll need to move them to the My Business OU if you want them in the SBS console. 


Let’s try this again… as that was from the old SBS 2008 migration docs that I somehow copied accidentally.  Manually joined PCs will automagically be placed the the SBScoumputers organizational unit. The only reason they wouldn’t be is if they were created in another OU prior to officially joining the PC to the domain.


The Windows SBS 2011 Standard Console displays AD DS computer objects that are in or nested in the Windows SBS 2011 Standard default organizational unit (OU), OU=<YourNetworkDomainName>\MyBusiness\Computers\SBSComputers. If you want to manage computer objects that were natively joined to the domain, you must move the computer objects into the default OU.
 To move computer objects to the default OU
1.    On the Destination Server, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2.    In the Users Account Control dialog box, click Continue.
3.    In the navigation pane, expand <YourNetworkDomainName>, and then expand the Computers container or the container where the computer objects are located.
4.    Expand the MyBusiness container, expand the Computers container, and then expand the SBSComputers container.
5.    Drag-and-drop the computer objects from their current location to the SBSComputers container, and then click Yes in the warning dialog box.
6.    When you finish moving the computer objects, close Active Directory Users and Computers.
7.    Open the Windows SBS 2011 Standard Console.
8.    In the navigation bar, click the Network tab, and then click Computers.
9.    Verify that all of the computers on your network are displayed.


The only thing you need to move is Servers out of the SBSComputers OU into the server bucket.  You’ll notice this mostly wtih Terminal Server/Remote Desktop Servers.  (more on this in an upcoming blog post)

Step 34 – giving the Adminstrators group the rights they need

Next up is clean up time… first up we need to give the built in admin the right to log on as a batch job.


Give the built-in Administrator group the right to log on as a batch job for migration
 Note
After you migrate, you should give the Administrator group the right to log on as a batch job.
After you migrate an existing Windows SBS 2003 domain to Windows SBS 2011, verify that the built-in Administrator group still has the right to log on as a batch job to the Destination Server. Administrators need this right in order to run an alert on the Destination Server without logging on.
 To give the built-in Administrator group the right to log on as a batch job
1.    On the Destination Server, click Start, click All Programs, and then click Administrative Tools.
2.    In the Administrative Tools menu, select Group Policy Management.
3.    In the Group Policy Management console tree, click Forest: <ServerName>, and then click Domains.
4.    Click the name of your server, expand Domain Controllers, right-click Default Domain Controllers Policy, and then click Edit.



5.    In the Group Policy Management Editor, click Default Domain Controllers Policy <ServerName> Policy, expand Computer Configuration, and then click Policies.
6.    In the Policies tree, expand Windows Setting, and then click Security Settings.
7.    In the Security Settings tree, expand Local Policies, and then click User Rights Assignment.



8.    In the results pane, scroll to and then click Log on as a batch job.
9.    In the Log on as a batch job Properties dialog box, click Add User or Group.




10.    In the Add User or Group dialog box, click Browse.
11.    In the Select Users, Computers, or Groups dialog box, type Administrators.
12.    Click Check Names to verify that the Administrators group appears, and then click OK three times.


Watch the "server build day" of the Cinn Ohio Load fest of SBS 2011.

CiNPA SBS 2011 LoadFest, Server build of SBS 2011 in Cincinnati Ohio w/ Kevin Royalty, Matt Hester & Tim Barrett timbarrett on USTREAM. Technology:
http://www.ustream.tv/recorded/12326012


http://www.ustream.tv/recorded/12323588



Watch the “server build day” of the Cinn Ohio Load fest of SBS 2011.


What’s that log file location he’s talking about?  Same as it was in SBS 2008:


http://blogs.technet.com/b/sbs/archive/2008/10/01/key-small-business-server-2008-log-files.aspx

So how many SBSers will fit, I wonder?

[YouTube:qHS3lTrvypo]


http://www.youtube.com/watch?v=qHS3lTrvypo&feature=player_embedded#


http://www.youtube.com/watch?v=YlgiOz4ujTs&feature=related


Hang on, I’d have to donate my Mini Cooper to find out…. hmmm maybe not a good idea then. 

So when do you do updates?

So now that the data is over on the new server, the Exchange is migrated, we have a GOOD backup.. now and ONLY now do I start the patching process.


You can pick another time in the process that you feel comfy but please always do it AFTER a backup.



But my rule is to NEVER EVER do updates during the intial install of the server.  Ever.

More migration docs posted online tonight:

More migration docs posted online tonight:


Step 33 – dcpromo-ing down the SBS 2003

In my real migration at the office, at this point in the migration I turned off the SBS 2003 rather than immediately dcpromo-ing it to ensure that I hadn’t forgotten anything still hooked to the SBS 2003.  Remember you will be removing this server and having to reinstall it.  You cannot dcpromo down the SBS 2003 and leave it as a member server. 


To demote the Source Server


1.   On the Source Server, click Start, click Run, type dcpromo, and then click OK.

2.   Click Next twice.

Note

Do not select This server is the last domain controller in the domain.

3.   In the Summary dialog box, you are informed that AD DS will be removed from the computer and that the server will become a member of the domain. Click Next.

You’ll be prompted to put in a password..

4.   Click Finish. The Source Server restarts.

5.   After the Source Server restarts, add the Source Server as a member of a workgroup before you disconnect it from the network.

Step 32 start thinking about printers

Physically disconnect printers that are directly connected to the Source Server
Before you demote the Source Server, physically disconnect any printers that are directly connected to the Source Server and are shared through the Source Server. Ensure that no Active Directory objects remain for the printers that were directly connected to the Source Server. The printers can then be directly connected to the Destination Server and shared from Windows SBS 2011 Standard.


Moving from a 32bit printer world to a 64 bit printer world is a bit painful… I’ll do a series of blog posts on how to do this exactly… stay tuned for more.


For now just move the printers around and plan ahead for 64bit drivers and possibly 32bit workarounds.