Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011 Essentials migration
Published: March 10, 2011
Updated: August 30, 2012
Applies To: Windows Small Business Server 2011 Essentials
Important
Windows SBS 2011 Essentials requires a 64-bit server. Windows SBS 2011 Essentials does not support a 32-bit processor architecture.
A Windows SBS 2011 Essentials server will be ready for migrating data and settings after you have installed and configured Windows SBS 2011 Essentials in migration mode, as follows:
Install Windows SBS 2011 Essentials on the Destination Server.
Configure the DNS of the local network adapter.
Join the Destination Server to the domain of the Source Server.
Install and restore the Certification Authority.
Install Windows SBS 2011 Essentials on the Destination Server
To install Windows SBS 2011 Essentials in migration mode, perform the following procedure:
To install Windows SBS 2011 Essentials on the Destination Server
- Turn on the Destination Server and insert Windows SBS 2011 Essentials DVD1 into the DVD drive. If you see a message that asks if you want to boot from a CD or DVD, press any key to do so.
Note
If the Destination Server does not boot from the DVD, restart the computer and check the BIOS Setup to ensure that DVD-ROM is listed first in the boot sequence. For more information about how to change the BIOS Setup boot sequence, see your hardware manufacturer's documentation.
Note
If the removable media that contains the answer file is a USB device, you must change the boot order in the BIOS Setup to assure that the server does not attempt to boot to the USB device.
- Insert the USB device or other removable media that contains the migration answer file in the Destination Server.
Note
The migration answer file is automatically detected on the root of any drive. If the migration answer file is configured to run the installation in unattended mode, values from the file are used during migration. You will not be prompted for values unless they are invalid or missing from the answer file.
If you are installing the multilanguage version of Windows SBS 2011 Essentials, double-click one of the listed languages. If you are installing a single-language version, you will not be asked to choose a language.
Click New Installation.
If you have an internal hard drive that is not displayed in the list, click Load Drivers and install the necessary driver before continuing.
Select the check box that verifies all files and folders on your primary hard drive will be deleted, and then click Install.
When you receive the message "Your server is partially set up and is ready for you to start migration," click Close.
After the installation finishes, you are automatically logged on with the administrator user account and password that you provided in the migration answer file.
Note
To unlock the desktop while Windows SBS 2011 Essentials is installing, use the built-in administrator account and leave the password blank.
Configure the DNS of the local network adapter
To resolve the existing domain name, perform the following steps to set the DNS address of the Destination Server to the IP address of the Source Server.
Note
You can also resolve the existing domain name by configuring the router to provide the IP address of the Source Server as the DNS address. However, you will need to perform this task again after the Destination Server becomes the primary server on the network.
To obtain the IP address of the Source Server
Open a Command Prompt window on the Source Server.
At the command prompt, type ipconfig and press ENTER.
Record the IP address displayed.
To set the IP address of the Destination Server
Click the network icon in the notification area, click Network and Sharing Center, and then click the link that is displayed.
Click Change adapter settings.
Right-click the network adapter, and then click Properties.
Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
Select Use the following DNS server addresses, and in Preferred DNS server, enter the IP address of the Source Server that you previously recorded.
Join the Destination Server to the domain of the Source Server
Joining the Destination Server to the domain of the Source Server requires backing up and removing the Certification Authority from the Destination Server, then promoting the Destination Server to be a domain controller.
Back up and remove the Certification Authority from the Destination Server
The Certification Authority must be removed from the Destination Server before the server can join the domain. Perform the following steps to back up and remove the Certification Authority.
To back up the Certification Authority
Open Windows Explorer and create an empty folder called C:\CA_Backup.
Click Start, point to Administrative Tools, and click Certification Authority.
Right-click <ServerName>-CA, point to All Tasks, and select Backup the CA…
Click Next on the welcome page.
Ensure that Private Key and CA certificate and Certificate database and certificate database log are selected, choose a location such as C:\CA_Backup, and then click Next.
Type and confirm a password for restoring the database, click Next, and then click Finish to finish the wizard.
To remove the Certification Authority
Click Start, click Administrative Tools, and then click Server Manager.
Under the Roles Summary, click Remove Roles.
On the Before You Begin page, click Next.
Clear the Active Directory Certificate Services check box, and then click Next.
Confirm that only the Certification Authority is selected for removal, and then click Remove.
After the role is removed, click Close.
Promote the Destination Server to a domain controller in the existing Windows SBS 2011 Essentials forest
You must promote the Destination Server to a domain controller within six days of installing Windows SBS 2011 Essentials.
Use the DCPromo tool to promote the Destination Server as described in this section.
To promote the Destination Server to a domain controller
- Perform the following steps to create an answer file on the administrator’s desktop.
Important
The answer file contains logon and password information that can be used to log on to your server. To help protect your server, delete the answer file after promoting the Destination Server to a Domain Controller.
1. Click **Start**, click **All Programs**, click **Accessories**, and then click **Notepad**.
2. Copy the following content and paste it into the file. Do not put any other content into the file.
[DCINSTALL]
UserName=<domain-admin-user-name>
Password=<domain-admin-password>
UserDomain=<domain>.local
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
SYSVOLPath=%systemroot%\sysvol
SafeModeAdminPassword=<domain-admin-password>
ConfirmGc=Yes
InstallDNS=yes
CreateDNSDelegation=No
CriticalReplicationOnly=no
ReplicaOrNewDomain=Replica
ReplicaDomainDNSName=<domain>.local
ReplicationSourceDC=<Source-Server-Name>.<domain>.local
RebootOnCompletion=No
ApplicationPartitionsToReplicate=""*"";
Leave the rest of the file blank.
Important
The <domain>, <domain-admin-user-name>, and <domain-admin-password> must reference the Source Server domain.
3. Click **File**, click **Save**, and then in the left pane click **Desktop**.
4. In the **File name** text box, type **dc-cfg.ini**, for **Save as type** choose **All Files**, and then click **Save**.
Open a Command Prompt window as an administrator. For more information, see To open a Command Prompt window as an Administrator.
Type the following command, and then press ENTER.
DCPROMO /unattend:”C:\Users\Administrator\Desktop\dc-cfg.ini”
After the DCPromo tool runs, the process status appears.
Note
If DCPromo does not succeed because of an incorrect entry in the answer file, the tool may erase the passwords from the dc-cfg.ini file. If this occurs, add the passwords back into the file before running the tool again.
Restart the Destination Server to complete the operation.
Log on to the Destination Server as the domain administrator, using the same username and password that you use on the Source Server.
To verify that the server is a domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
Expand the node <domain>.local, where <domain> is the Source Server domain, and then click the Domain Controllers node. The Source Server and the Destination Server should appear in this node with GC in the DC Type column.
Important
Delete the answer file after you promote the Destination Server to a domain controller.
Install and restore the Certification Authority
To install the Certification Authority
On the Destination Server, click Start, point to Administrative Tools, and then click Server Manager.
In the Roles Summary section, click Add Roles.
On the Before You Begin page, click Next.
On the Server Roles page, select Active Directory Certificate Services, and then click Next.
On the Introduction to Active Directory Certificate Services page, click Next.
On the Select Role Services page, select Certification Authority and Certification Authority Web Enrollment, and then click Next.
On the Specify Setup Type page, select Standalone, and then click Next.
On the Specify CA Type page, select Root CA, and then click Next.
On the Set Up Private Key page, select Use existing private key, choose the Select a certificate and use its associated private key option, and then click Next.
On the Select Existing Certificate page, select the <ServerName>-CA certificate (where <ServerName> is the name of your Destination Server), and then click Next.
On the Configure Certificate Database page, select the default locations, or click Browse if you want to save the database or log file to a different location. Then click Next.
Confirm your selections, and then click Install.
When the wizard is finished, click Close, and then restart the server.
To restore the Certification Authority
Click Start, point to Administrative Tools, and then click Certification Authority.
In the Certification Authority console tree, right-click <ServerName>-CA (where <ServerName> is the name of your Destination Server), click All Tasks, and then click Restore CA.
If you are asked to stop Active Directory® Certificate Services, click OK.
The Certification Authority Restore Wizard appears. Click Next on the Welcome page of the wizard.
On the Items to Restore page, select Private key and CA certificate and Certificate database and certificate database log, type or browse to C:\CA_Backup, and then click Next.
Note
For an incremental restore, first select the full backup file and complete the wizard. Then re-run the wizard, selecting subsequent incremental backup files.
On the Provide Password page, type a password for gaining access to the private key and the CA certificate file, and then click Next.
When the wizard completes, click Finish.
You are asked if you want to start Active Directory Certificate Services. If you have additional incremental backups to restore, click No to re-run the wizard and continue restoring. If restoration is complete, click Yes to start Active Directory Certificate Services.
Configure CRL distribution list
Click Start, click Administrative Tools, then click Certification Authority.
Right-click the server name, and then click Properties.
Click the Extensions tab.
In the list that is displayed, click https://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELTACRLALLOWED>.crl, and ensure that the following options are selected:
Include in CRLs. Clients use this to find the Delta CRL location.
Include in the CDP extension of issued certificates.
Click OK to save your changes.
When you are asked to restart Active Directory Certificate Services, click Yes.
Next topic: Transfer the operations master roles for Windows SBS 2011 Essentials migration
Previous topic: Create a migration answer file for Windows SBS 2011 Essentials migration