Demote and remove the Source Server from the network

Published: January 28, 2011

Updated: February 10, 2011

Applies To: Windows Small Business Server 2011 Standard

After you finish installing Windows SBS 2011 Standard and complete the tasks in the Migration Wizard, you must perform the following tasks:

  • Uninstall Exchange Server 2010

  • Remove Active Directory Certificate Services

  • Physically disconnect printers that are directly connected to the Source Server

  • Demote the Source Server

  • Remove the Source Server from the network

  • Edit the Software Updates Group Policy object on the Destination Server

  • Repurpose the Source Server

Uninstall Exchange Server 2010

You must uninstall Exchange Server 2010 from the Source Server before you demote it. For information about uninstalling Exchange Server 2010, see How to Completely Remove Exchange 2010 from a Server.

Before you uninstall Exchange on the Source Server, you must move arbitrary mailboxes by performing the following steps.

To move arbitrary mailboxes

  1. On the destination server, click Start > All Programs, and then Microsoft Exchange Server 2010.

  2. Click Exchange Management Shell.

  3. Run "get-mailboxdatabase" to find the database name on the destination server

  4. Run "get-mailbox -database <database on source server> -Arbitration | New-MoveRequest -TargetDatabase <database on destination server>

Note

Before you uninstall Exchange Server 2010, close the Exchange Management Console, the SBS console, the Windows service named “Windows SBS Manager”, and all open Exchange PowerShell windows.

Remove Active Directory Certificate Services

The procedure is slightly different if you have multiple Active Directory Certificate Services (AD CS) role services installed on a single server. You can use the following procedure to uninstall an AD CS role service and to retain other AD CS role services.

To complete this procedure, you must log on with the same permissions as the user who installed the certification authority (CA). If you are uninstalling an enterprise CA, membership in Enterprise Admins or its equivalent is the minimum required to complete this procedure.

To remove AD CS

  1. Log on to the Source Server as a domain administrator.

  2. Click Start, click Administrative Tools, and then click Server Manager.

  3. Click Continue in the User Account Control dialog box.

  4. In the Roles Summary section, click Remove Roles.

  5. In the Remove Roles Wizard, click Next.

  6. Clear the Active Directory Certificate Services check box, and then click Next.

  7. On the Confirm Removal Options page, review the information, and then click Remove.

Note

If Internet Information Services (IIS) is running, you are prompted to stop the service before proceeding. Click OK.

  1. When the Remove Roles Wizard finishes, restart the server to complete the uninstallation process.

Important

Restart the server even if you are not prompted to do so.

Physically disconnect printers that are directly connected to the Source Server

Before demoting the Source Server, physically disconnect any printers that are directly connected to the Source Server and shared through it. Ensure that no Active Directory objects remain for the printers that were directly connected to the Source Server. The printers can then be directly connected to the Destination Server and shared from Windows SBS 2011 Standard.

Demote the Source Server

You must demote the Source Server from the role of the AD DS domain controller to the role of a domain member server.

Important

The Source Server and the Destination Server must be connected to the network while the Group Policy changes are updated on the client computers. If you are ready to demote and disconnect the Source Server from the network, ensure that Group Policy settings are applied to all client computers.

Note

We recommend that you run the Domain Controller Diagnostics Tool, dcdiag.exe, before demoting the Source Server. Correct all the reported issues before proceeding with the migration.

To force a Group Policy update on a client computer

  1. Log on to the client computer as an administrator.

  2. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  3. At the command prompt, type gpupdate /force, and then press ENTER.

  4. The process may require you to log off and log on again to finish. Click Yes to confirm.

To demote the Source Server

  1. On the Source Server, click Start, click Run, type dcpromo, and then click OK.

  2. Click Next twice.

Important

Do not select This server is the last domain controller in the domain.

Important

On the Remove DNS Delegation page, make sure that you do not select “Delete the DNS delegations pointing to this server. You may be prompted for additional credentials to delete the delegation.”

  1. In the Summary dialog box, you are informed that AD DS will be removed from the computer and that the server will become a member of the domain. Click Next.

  2. Click Finish. The Source Server restarts.

  3. After the Source Server restarts, add the Source Server as a member of a workgroup before you disconnect it from the network.

After you add the Source Server as a member of a workgroup and disconnect it from the network, you must remove it from AD DS on the Destination Server.

To remove the Source Server from AD DS

  1. On the Destination Server, click Start, click Administrative Tools, and then click Active Directory Users and Computers.

  2. In the User Account Control dialog box, click Continue.

  3. In the Active Directory Users and Computers navigation pane, expand the domain name, expand MyBusiness, expand Computers, and then expand SBSComputers.

  4. Right-click the Source Server name if it still exists in the list of servers, click Delete, and then click Yes.

  5. Verify that the Source Server is not listed, and then close Active Directory Users and Computers.

Remove the Source Server from the network

Remove the Source Server from the network and keep it available for at least one week in case some necessary data was not migrated.

Edit the Software Updates Group Policy object on the Destination Server

After demoting and removing the Source Server, it is still included in the scope for the Update Services Group Policy object on the Destination Server. This is now an unresolvable security identifier (SID), and it should be removed in the Group Policy Management Console on the Destination Server.

To update the Update Services GPO

  1. On the Destination Server, click Start, click Administrative Tools, and then click Group Policy Management.

  2. In the User Account Control dialog box, click Continue.

  3. In the Group Policy Management Console, in the navigation pane, expand Forest:<DomainName>, expand Domains, expand <DomainName>, and then expand Group Policy Objects.

  4. Click Update Services Server Computers Policy.

  5. In the results pane, click the Scope tab.

  6. In the Security Filtering section, click the object that begins with S-1-5. This is the Source Server SID.

  7. Click Remove, and then click OK.

Repurpose the Source Server

After you uninstall Exchange Server and demote the Source Server, it is not in a healthy state. If you want to repurpose the Source Server, the simplest way is to reformat it, install a server operating system, and then set it up for use as an additional server.

Reboot the Destination Server

After you demote the Source Server, reboot your Destination Server.