Demote and Remove the Server Running Windows SBS 2003 from the Network

Applies To: Windows Essential Business Server

After you finish installing Windows EBS (Destination Servers) and you completed the migration tasks, you must perform the following tasks on the server running Windows SBS 2003 (Source Server):

1. Uninstall Exchange Server 2007

2. Remove Active Directory Certificate Services

3. Physically disconnect printers that are directly connected to the server

4. Demote the server

5. Remove the server from the network

6. Edit the Software Updates Group Policy Object

7. Repurpose the server

Uninstall Exchange Server 2007

You must uninstall Exchange Server 2007 from the Source Server before you demote it. For information about uninstalling Exchange Server 2007, see “How to Completely Remove Exchange 2007 from a Server” (https://go.microsoft.com/fwlink/?LinkId=120071).

Remove Active Directory Certificate Services

You can use the following procedure to uninstall an AD CS role service. To complete this procedure, you must log on with the same permissions as the user who installed the CA. If you are uninstalling an enterprise CA, membership in Enterprise Admins or its equivalent is the minimum required to complete this procedure.

To remove AD CS

1. Log on to the Source Server as a domain administrator.

2. Click Start, click Administrative Tools, and then click Server Manager.

3. Click Continue on the User Account Control dialog box.

4. In the Roles Summary section, click Remove Roles.

5. In the Remove Roles Wizard, click Next.

6. Clear the Active Directory Certificate Services check box, and then click Next.

7. On the Confirm Removal Options page, review the information, and then click Remove.

   Note

   If Internet Information Services (IIS) is running, you are prompted to stop the service before proceeding. Click OK.

8. When the Remove Roles Wizard finishes, restart the server to complete the uninstallation process.

   Important

   Restart the server even if you are not prompted to do so.

For more information about removing a Certification Authority role service, see “Uninstall a Certification Authority” (https://go.microsoft.com/fwlink/?LinkId=158111).

Physically disconnect printers that are directly connected to the server

Before you demote the Source Server, you must physically disconnect any printers that are directly connected to the server and shared through it. Ensure that no Active Directory objects remain for the printers that were directly connected to the server. The printers can then be directly connected to the server and shared from Windows EBS.

Demote the server

You must demote the Source Server from the role of an AD DS domain controller to the role of a domain member server.

To force a Group Policy update on a client computer

1. Log on the client computer as an administrator.

2. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

3. At the command prompt, type gpupdate /force, and then press ENTER.

4. The process may require you to log off and log on again to finish. Click Yes to confirm.

To demote the Source Server

1. On the Source Server, click Start, click Run, type dcpromo, and then click OK.

2. Click Next twice.

   Important

   Do not select This server is the last domain controller in the domain.

3. In the Summary dialog box, you are told that AD DS will be removed from the computer and that the server will become a member of the domain. Click Next.

4. Click Finish. The Source Server restarts.

5. After the Source Server restarts, make it a member of a workgroup, and then disconnect it from the network.

Finally, you must remove the Source Server from AD DS on the Management Server.

To remove the Source Server from AD DS

1. On the Management Server, click Start, click Administrative Tools, and then click Active Directory Users and Computers.

2. In the User Account Control window, click Continue.

3. In the Active Directory Users and Computers navigation pane, expand the domain name, expand MyBusiness, expand Computers, and then expand SBSComputers.

4. Right-click the Source Server name if it still exists in the list of servers, click Delete, and then click Yes.

5. Verify that the Source Server is not listed, and then close Active Directory Users and Computers.

Remove the Source Server from the network

Remove the Source Server from the network and keep it available for at least one week in case some necessary data was not migrated.

Edit the Software Updates Group Policy object on the Destination Server

After demoting and removing the Source Server, it is still included in the scope for the Update Services Group Policy object (GPO) on the Management Server. This is now an unresolvable security identifier (SID), and you should remove it in the Group Policy Management Console on the Management Server.

To update the Software Updates GPO

1. On the Management Server, click Start, click Administrative Tools, and then click Group Policy Management.

2. On the User Account Control dialog box, click Continue.

3. In the Group Policy Management console, in the navigation pane, expand **Forest:**DomainName, expand Domains, expand DomainName, and then expand Group Policy Objects.

4. Click Update Services Server Computers Policy.

5. In the results pane, click the Scope tab.

6. In the Security Filtering section, click the object that begins with S-1-5. This is the Source Server SID.

7. Click Remove, and then click OK.

Repurpose the Source Server

After you uninstall Exchange Server and demote the Source Server, it is not in a healthy state. If you want to repurpose the Source Server, the simplest way is to reformat it, install a server operating system, and then set it up for use as an additional server.