Part 10 - Swing migrations

The next version of Microsoft Small Business Server (due for release in the second half of 2008) will be a 64-bit architecture release only, while SBS 2003 is only available on 32-bit platforms. As a result, it will not be possible to simply 'upgrade' to the newer release.

In order to perform this upgrade, you'll need to perform a Swing Migration, which involves setting up the new server alongside your existing infrastructure and gracefully 'swinging' resources from one server to another.

Even if you're not planning on upgrading to the latest release of SBS when it is released, the same process can essentially be used to migrate to a Windows Essential Business Server (codenamed Centro) or native Windows Server 2003/2008 infrastructures. Swing migration techniques can also be used in disaster-recovery scenarios. This guide assumes you are planning on installing SBS 2008 on fresh hardware. It's also possible to have SBS 2008 running on the same server in place of SBS 2003, but in order to accomplish this goal, you'll require a 'migration server' and you'll have to perform two 'swings' — one which replicates your existing SBS on the migration server and the second that cuts you over to SBS 2008 on the original server.

One final note: the steps in this article have been written using a beta release of SBS 2008. Some migration tools are supposed to be provided with the RTM version of the product, which may make the process of migration simpler. This article describes how to perform the process manually, though some minor adjustment to these instructions may be required come release date.
Migration Overview

The swing migration can be performed in the following phases:

Phase 1: Preparation — this involves performing thorough backups of your data and making hand-written notes about various elements of your existing infrastructure.

Phase 2: Swing Out — this involves migrating your AD resources to an incomplete installation of SBS 2008 and transferring master roles to the new server.

Phase 3: Complete Setup — this involves completing the installation of SBS 2008 components and migrating Exchange mailboxes to your new server along with other shared network resources.

Phase 4: Decommission — this phase goes through the steps to gracefully decommission your old server back to a member server.

These instructions allow you to swing out to a new server. If you wanted SBS 2008 running on the original server, you'll need to jump back up to Phase 2 to swing back.
Be prepared

Before you get started, you should ensure that your SBS2003 server is completely up-to-date with all of the latest security patches and service packs installed. Once you've done this, perform a full backup of all data including an online backup of all Exchange databases — just in case disaster strikes while you're performing the migration.

In addition to a regular backup, also perform an offline backup of Exchange databases as an extra precaution. In general, this can be done by simply stopping all Exchange services on your server and making a copy of the MDBDATA directory (typically located under the Exchange directory in Program Files).

After your backups have been run you need to extend your AD schema to allow for the installation of a Windows Server 2008 domain controller. Insert the SBS 2008 media and bring up a command prompt. Change your working directory to sources\adprep on your CD/DVD drive and execute the following two commands:

adprep /forestprep

adprep /domainprep

The swing migration process should seamlessly bring across all user accounts, groups, computer memberships, group policies, SAM and SID references, profiles and login scripts, among other things. However, the process doesn't migrate absolutely everything and, as a result, you should make a note of the following items from your existing server before going further:

Server Settings — including FQDN name, NetBIOS name, and Administrator account name and password.

Network Settings — including IP addresses, subnet masks, default gateway, DHCP configuration (scopes, exclusions, reservations and option preferences), DNS and WINS server resources and configuration.

File System Settings — including drive letters assigned per volume, root folder permissions and disk usage statistics.

Exchange Settings — including organisation name, site details, storage group names, information store names, email domains hosted by Exchange, POP3 connector mailbox details, alternate email proxy addresses per mailbox and the server's public host name (and any masqueraded aliases).

Shared Folder & Printer Settings — including share names, share descriptions, share permissions and the linked folder/printer location.

After collating all of these details, you're ready to start your swing migration. Throughout the migration, you must remember two things:

• Always ensure that the DNS settings for ALL servers are valid and correct at every step.
• DNS settings will need to change at various times throughout the migration. If they are not changed at the correct time, the migration will fail.

Come out swinging

As mentioned in Part 3 of this series, an installation of SBS has two phases — the installation of the underlying OS (which in this case will be Windows Server 2008) followed by the SBS components. The first part of the swing migration involves installing the OS component but cancelling the remainder of the installation before the SBS components are installed. This will allow you to migrate your existing AD to the new server instead of creating a new AD forest. Once the AD migration steps have been completed, we will then resume installing the SBS components.

Once you have your base OS installation on your server, do not activate it at this time — it's a good idea to delay activation until after you have completely finished the migration in case something does go wrong and you need to re-install the OS again.

Before commencing your AD migration, open up the Computer Management applet. Check the Event Log to ensure that there are no urgent items that require attention and check Device Management to ensure that all relevant drivers have been installed on your server.

Next, manually configure your primary network adapter with a static IP address that is on the same subnet as your existing SBS 2003 server and DNS server settings pointing to the IP address of your existing SBS 2003 server. Verify that you can ping your existing SBS server by its FQDN (ie. server.internal.lan) and that you can also ping the domain name itself (ie. internal.lan). Both pings should resolve to the same IP address — that which belongs to your existing server.

Next, join your server to the domain from within the System applet in Control Panel. Once you have successfully joined the domain, reboot your system and log in this time as the domain administrator. Synchronise your new server's clock with the existing server by running:

net time /domain:<internal.lan> /set

It's now time to promote your new server to act as a domain controller. To do this, add the Active Directory Domain Services role from within Server Manager (doing so should also install the DNS Server role). You'll need to add this server as an additional domain controller of an existing domain. Once this role has been added, restart your server again.

After you've logged back on to the server, set the new server to be a designated Global Catalog Server by loading up the Active Directory Sites & Services applet from with Administrative Tools and navigating to Sites > <site_name> > Servers > <server>. From there right-click on NTDS Settings and select Properties. Next, tick the Global Catalog checkbox and click OK and restart the server once again.

After the server has rebooted, log back on again and load up the DNS applet from within Administrative Tools. Verify that all DNS zones and records have been propagated from the existing SBS Server (use the DNS applet on the existing SBS server as a basis for comparison). Once all records have been copied across, adjust the DNS server settings on the primary NIC of the new server to point to 127.0.0.1 instead of the existing server.

Your next task is to transfer all Operation Master Roles to your new server. To do this, open up the Active Directory Users and Computers applet from under Administrative Tools on the new server, right-click on your domain name and select Connect to Domain Controller. In the ensuing window, select your new server and hit OK. Right-click on your domain name again and select Operations Masters this time. Under each of the three tabs, click on the Change button in order to assign your new server as the master for the RID Master, PDC Emulator and Infrastructure Master roles. When transferring the Infrastructure Master role, you'll receive an additional warning stating that Global Catalog servers should not have this role. While this is the case with larger, native Windows domains, it is acceptable (and required) in single-server domains such as those frequently used with SBS Server.

The Domain Naming Master role is changed from within that Active Directory Domains and Trusts applet and the process is almost identical to the previous three roles — instead of clicking on your domain though, you'll need to right-click on Active Directory Domains and Trusts in order to manually select the Connect to Domain Controller and Operations Masters options.

Finding the option to transfer the Schema Master role is tricky — you need to execute the following command to register the Schema Master Tool as an MMC snap-in:

regsvr32 schmmgmt.dll

Next, click Start > Run > mmc. Once the Microsoft Management Console has loaded, click File > Add/Remove Snap-In and add the Active Directory Schema snap-in to the console. When the snap-in has been added, you can Connect to (your new) Domain Controller and change the Operations Masters as you did above.

Once these roles have been transferred, you are technically in violation of the EULA for SBS 2003 (which states that all master roles should be assigned to the SBS 2003 server). It's worthwhile keeping in mind that you have a grace period of seven days to run two SBS servers side-by-side in the same AD domain. If you run SBS Server 2003 R2 or SBS Server 2003 Premium, this can be extended to 21 days by following the instructions is Microsoft Knowledge Base article 943494.
Nomadic Data

It is at this point that you can resume the installation of the SBS components and then commence migrating other data to the new server. Re-initiate the installation of the SBS components by inserting the SBS 2008 installation media on the new server and letting autorun do its thing, or by running SBSSetup.exe.

Once all SBS components have been installed you'll need to add a new routing group to get mail flowing between your two Exchange Servers while you are migrating mailboxes from the old to the new server. On your new server, load up Exchange Management Shell and execute the following command:

New-RoutingGroupConnector –Name "Interop RGC" –SourceTransportServers "new_server.internal.lan" –TargetTransportServers "old_server.internal.lan" –Cost 100 –Bidirectional $true –PublicFolderReferralsEnabled $true

To test that the routing connector has been configured correctly, create a new mailbox on the new server and attempt to send an email from an Exchange 2003 mailbox to the new mailbox and vice versa.

Once you've verified that mail is flowing between both servers, you can start migrating mailboxes across. There is a wizard within the Exchange Management Console that will allow you to do this. Once the console is loaded, the wizard is accessible under Recipient Configuration > Mailbox. Because each mailbox is taken offline while it is being migrated, it's a good idea to schedule the Move Mailbox task to occur outside of business hours using the wizard.

In addition to moving mailboxes, you'll also need to move the Public Folder content from the old server to the new, configure Exchange 2007 to generate all Offline Address Books, remove the Mailbox and Public Folder stores from the old server, and verify that your new SBS server is transporting email successfully in and out of the organisation before you can decommission your old Exchange Server. Detailed instructions on how to perform these tasks can be found at

http://technet.microsoft.com/en-us/bb288905(EXCHG.80).aspx.

On the network services side of things, you can commence moving the DHCP database from the old server to the new by running the following command on the old server:

netsh dhcp server export c:\dhcp.txt all

Then, stop and disable the DHCP service on the old server and copy the C:\dhcp.txt file to the root directory on the C drive of your new server and then run:

netsh dhcp server import c:\dhcp.txt all

Copying the data from your old server to the new can be achieved in one of two ways — you can either restore the data from backup or you can use a tool such as robocopy (the Robust Copy Utility) to synchronise the data between your servers. If you choose to take the latter option, download the robocopy GUI from
http://technet.microsoft.com/en-us/magazine/cc160891.aspx to your new server (the robocopy utility should be installed by default on any Vista or Server 2008 installation). The GUI makes it simpler to copy data and associated metadata and permissions in a simple operation. Once the data has been copied across, be sure to set up the required file and printer shares on the new server.
Decommissioning

The first step in decommissioning your old server is to remove Exchange. As mentioned above, you'll want to ensure that your new server is looking after all mail transfers and that you have no Mailbox or Public Folder stores on the old server before uninstalling Exchange. Once you are certain that this instance of Exchange is bare, load up the Add/Remove Programs applet in Control Panel, select the Windows Small Business Server 2003 option and click on Change/Remove. In the Action column of the Component Selection screen, select Remove for the Exchange Server option. You'll need to supply your SBS 2003 media to complete the uninstallation.

Next, create an alias that maps the old server name and points it to the new server — just in case you have any applications that are running on your infrastructure that statically refer to the old server. You can do this by running the following on the new server:

netdom computername <new_server_name> /add:<old_server_name>.<internal.lan>

Then navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters key in regedit and create a new DWORD value named DisableStrictNameChecking with a value of 1. Restart the server and the alias will be created.

The final step of the migration is to demote the old server so that your new SBS server is the sole domain controller for your infrastructure. To do this, run dcpromo on the old server. Ensure that you do not select the option titled 'This server is the last domain controller in the domain'. After demotion, the server will revert to being a member server of the domain. You can then switch off the server and retire it in a couple of weeks once you're certain that you won't require additional data from the server.
Final Words

An extremely detailed swing migration toolkit is available from Jeff Middleton, an SBS MVP, at www.sbsmigration.com. At US$200, the technician's kit contains everything that you could want to know (including how to recover from scenarios where things go wrong), covers significantly more scenarios than this article could and is great value for money.