adding 2003 server to existing 2003 sbs

By atomicride ·
I have an existing 2003SBS ad domain.
My first question is, what is the best way to add an additional server 2003 that would also act as a domain controller.
If that could be accomplished, I would like to then get rid of the sbs all together and just work with the 2003 standard as my only dc.
I tried searching microsoft site but was unable to find anything specific.
Any help is appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Don't know why it would be different

by taboga In reply to adding 2003 server to exi ...

I would think that running the setup on the Server, joining it to an "existing" domain as a domain controller -- should do it, right? Then running dcpromo on the SBS machine to demote it. Unless there is something peculiar about the SBS that I am missing...

Collapse -

I Don't Remember But...

by rkuhn In reply to adding 2003 server to exi ...

I'm about 99.9% sure that with SBS 2003 that you can only have one domain controller.

That was one of it's limits just like the limit of 75 user licenses (of which the server itself counted as 1).

Collapse -

NOT an easy task, It has not worked for me yet

by regman7 In reply to I Don't Remember But...

I wanted to the exact same thing. All I wanted my users to move.

Seems most of the instructions for adding an additional domain to SBS 2003 does not apply or exist. Such as when I try I get this error and my account has all the rights possible.

When you run Dcpromo.exe to create a replica domain controller, you receive the "Failed to modify the necessary properties for the machine account. Access is denied.

So technet says:

To resolve this problem, use an account in the Administrators group, or add the appropriate account to the Administrators group. To grant this right to another user or group, set the delegation privilege on the Group Policy object:

1. In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.
2. Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
3. Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
4. Apply the policy using one of the following methods:
* At a command prompt, type secedit /refreshpolicy machine_policy /enforce.
* In the Sites and Services snap-in (Dssite.msc), use the Replicate Now feature to force replication from the domain controller on which the policy was changed to the other domain controllers in the domain.

Step 2 you will not find it there. You must go to Local security policy and do the the delegation from there. What a PITA MS IS.

Collapse -

must keep sbs as the master for ad

by jredmon In reply to NOT an easy task, It has ...

I have SBS2003 and a windows 2003 ad controller and it is working fine. The sbs must be the master domain controller according to microsoft. However , you can have other domain controllers as long as the sbs is the master.

Collapse -

you can upgrade from SBS to plain old Standard

by CG IT In reply to must keep sbs as the mast ...

but I don't think that what your trying to do will work. That is, put another domain controller in the domain, then seize all FMSO roles fro the SBS machine and there ya go a Standard Edition domain and not a SBS domain.

here's the MS Technet KB

Related Discussions

Related Forums