Questions

adding 2003 server to existing 2003 sbs

Tags:
+
0 Votes
Locked

adding 2003 server to existing 2003 sbs

atomicride
I have an existing 2003SBS ad domain.
My first question is, what is the best way to add an additional server 2003 that would also act as a domain controller.
If that could be accomplished, I would like to then get rid of the sbs all together and just work with the 2003 standard as my only dc.
I tried searching microsoft site but was unable to find anything specific.
Any help is appreciated.
  • +
    0 Votes
    taboga

    I would think that running the setup on the Server, joining it to an "existing" domain as a domain controller -- should do it, right? Then running dcpromo on the SBS machine to demote it. Unless there is something peculiar about the SBS that I am missing...

    +
    0 Votes
    rkuhn

    I'm about 99.9% sure that with SBS 2003 that you can only have one domain controller.

    That was one of it's limits just like the limit of 75 user licenses (of which the server itself counted as 1).

    +
    0 Votes
    regman7

    I wanted to the exact same thing. All I wanted my users to move.

    Seems most of the instructions for adding an additional domain to SBS 2003 does not apply or exist. Such as when I try I get this error and my account has all the rights possible.

    When you run Dcpromo.exe to create a replica domain controller, you receive the "Failed to modify the necessary properties for the machine account. Access is denied.

    So technet says:

    To resolve this problem, use an account in the Administrators group, or add the appropriate account to the Administrators group. To grant this right to another user or group, set the delegation privilege on the Group Policy object:

    1. In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.
    2. Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
    3. Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
    4. Apply the policy using one of the following methods:
    * At a command prompt, type secedit /refreshpolicy machine_policy /enforce.
    * In the Sites and Services snap-in (Dssite.msc), use the Replicate Now feature to force replication from the domain controller on which the policy was changed to the other domain controllers in the domain.

    Step 2 you will not find it there. You must go to Local security policy and do the the delegation from there. What a PITA MS IS.

    +
    0 Votes
    jredmon

    I have SBS2003 and a windows 2003 ad controller and it is working fine. The sbs must be the master domain controller according to microsoft. However , you can have other domain controllers as long as the sbs is the master.

    +
    0 Votes
    CG IT

    but I don't think that what your trying to do will work. That is, put another domain controller in the domain, then seize all FMSO roles fro the SBS machine and there ya go a Standard Edition domain and not a SBS domain.

    here's the MS Technet KB

    http://support.microsoft.com/kb/555073

  • +
    0 Votes
    taboga

    I would think that running the setup on the Server, joining it to an "existing" domain as a domain controller -- should do it, right? Then running dcpromo on the SBS machine to demote it. Unless there is something peculiar about the SBS that I am missing...

    +
    0 Votes
    rkuhn

    I'm about 99.9% sure that with SBS 2003 that you can only have one domain controller.

    That was one of it's limits just like the limit of 75 user licenses (of which the server itself counted as 1).

    +
    0 Votes
    regman7

    I wanted to the exact same thing. All I wanted my users to move.

    Seems most of the instructions for adding an additional domain to SBS 2003 does not apply or exist. Such as when I try I get this error and my account has all the rights possible.

    When you run Dcpromo.exe to create a replica domain controller, you receive the "Failed to modify the necessary properties for the machine account. Access is denied.

    So technet says:

    To resolve this problem, use an account in the Administrators group, or add the appropriate account to the Administrators group. To grant this right to another user or group, set the delegation privilege on the Group Policy object:

    1. In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.
    2. Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
    3. Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
    4. Apply the policy using one of the following methods:
    * At a command prompt, type secedit /refreshpolicy machine_policy /enforce.
    * In the Sites and Services snap-in (Dssite.msc), use the Replicate Now feature to force replication from the domain controller on which the policy was changed to the other domain controllers in the domain.

    Step 2 you will not find it there. You must go to Local security policy and do the the delegation from there. What a PITA MS IS.

    +
    0 Votes
    jredmon

    I have SBS2003 and a windows 2003 ad controller and it is working fine. The sbs must be the master domain controller according to microsoft. However , you can have other domain controllers as long as the sbs is the master.

    +
    0 Votes
    CG IT

    but I don't think that what your trying to do will work. That is, put another domain controller in the domain, then seize all FMSO roles fro the SBS machine and there ya go a Standard Edition domain and not a SBS domain.

    here's the MS Technet KB

    http://support.microsoft.com/kb/555073