Migrating from Small Business Server 2000 or Windows 2000 Server to Windows Small Business Server 2003

To upgrade to the Microsoft® Windows® Small Business Server 2003 (Windows SBS 2003) server software from Small Business Server 2000 or the Windows® 2000 Server operating system, you can either upgrade the existing server or perform a server migration. A server migration involves installing Windows Small Business Server 2003 on a new computer and then migrating data and settings. You can complete a server migration either to a computer on which you are installing a retail version of Windows SBS 2003 or to a computer that has Windows SBS 2003 preinstalled by an original equipment manufacturer (OEM).

Note

If you are migrating from the Small Business Server 4.5 or Windows NT® Server 4.0 operating systems, see the paper describing this process at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20170).

Warning

The migration process discussed in this document does not support migration of e-mail enabled contacts. An e-mailed enabled contact is an e-mail address that has no internal mailbox on the server running Small Business Server 2000. Do not use this document for migration if your business depends on having the e-mail contacts migrated to the new server running Windows SBS 2003.

Before You Begin

To get ready to migrate your server to Windows Small Business Server 2003, familiarize yourself with new terms and definitions and the process for completing a migration.

Terms and Definitions

The following key terms are associated with migrating to Windows SBS 2003:

  • Active Directory Migration Tool (ADMT) A tool used to simplify the process of moving users, groups, and computers from one Active Directory® directory service domain to another, or of migrating from Windows 2000 Server domains to Active Directory domains.
  • Exchange Migration Wizard A tool that simplifies the process of moving mailboxes from one Exchange server to another when the mailboxes are not in the same domain.
  • migration The process of either (1) upgrading to a new version of a product by installing the product on a new computer and then transferring data and settings from the computer running the previous version of the product; or, (2) migrating an existing installation of Windows SBS 2003 to a new computer.
  • source server The server from which you are migrating. References to the source server in this document refer to your existing server running either Small Business Server 2000 or Windows 2000 Server.
  • destination server The server to which you are migrating. References to the destination server in this document refer to the server running Windows SBS 2003.

Process for Completing a Migration

Migrating from Small Business Server 2000 or Windows 2000 Server includes the following steps:

  1. Prepare for the Migration. In this step, you ensure a successful migration by completing the following tasks: collect necessary information, export public folders to a .pst file, export the Administrator account mailbox and rules, request that users delete unnecessary e-mail and files, verify that hardware drivers and existing software are supported, ensure the source server is running the latest service packs, and back up the source server. Additionally, at the end of this step, if users are still connected to the network, you notify users that they must log off of the domain.
  2. Required Steps to Install Windows SBS 2003 on the Destination Server. In this step, you install Windows SBS 2003 by completing the following tasks: disable the DHCP Server service if it is running on the source server, connect the source and destination servers for the migration, install Windows SBS 2003 by using the specified requirements, and complete the Network Tasks on the To Do List (which appears at the end of Setup). After completing the Network Tasks, you must disconnect the Internet connection device from the Internet and then disable real-time antivirus software on both servers so that it does not interfere with the transfer of data during the migration.
  3. Prepare Client Computers for the Account Migration. In this step, you prepare client computers that are running the Windows NT Workstation 4.0, Windows 2000 Professional, Windows XP Professional, Windows 2000 Server, or Windows Server™ 2003 operating systems, or a member server running Windows NT Server 4.0 or later. Computer accounts for client computers running these operating systems are migrated by using the Active Directory Migration Tool (ADMT) in “Step 4. Begin the Migration.” ADMT does not support migrating computer accounts for client computers running Windows 95, Windows 98, or Windows Millennium Edition. You manually configure these client computers for the destination server in “Step 6. Configure Client Computers.”
  4. Begin the Migration. In this step you install and configure ADMT on the destination server and then migrate user, group, and computer accounts. You also configure DNS forwarders on the source and destination servers so that ADMT works with both servers. If Exchange 2000 Server is running on the source server, you determine if the Exchange server mail quota for the destination server needs to be updated, and then you migrate Exchange mailboxes. Additionally, you must move shared folders and any application data to the destination server and migrate any SQL Server™ databases to the destination server.
  5. Configure the Destination Server. In this step, you assign user accounts to a Windows SBS 2003 template and deploy applications to the client computers so that users can properly access the Windows SBS 2003 network. You must also complete additional configuration settings on the destination server, including completing the Management Tasks on the To Do List, configuring custom settings from the source server, configuring distribution lists and custom recipient policies, and configuring the Microsoft Connector for POP3 Mailboxes.
  6. Configure Client Computers. In this step, you configure e-mail and proxy settings for client computers running Windows 2000 Professional or Windows XP Professional. If you have client computers running operating systems earlier than Windows 2000 Professional, you must manually configure them for the destination server, install applications, and configure e-mail and proxy settings. It is also recommended that you verify that client computers can connect to all necessary resources and files. You can also import Exchange Server public folders now that a client computer is configured to connect to Exchange Server on the destination server.
  7. Complete the Migration. In this step, you remove permissions that were necessary for the migration, and you uninstall ADMT from the destination server. You also configure password policies so that the users are prompted for a new password the first time they log on to the destination server. After verifying that all necessary data and settings were migrated, you retire the source server.

Sample Timeline

If you plan to complete the entire migration while users are not connected to the network, follow the steps in this document in the order presented.

However, if you prefer to minimize the time that users are disconnected from the network during the work week, you can use the following sample timeline. For more information about each task in the timeline, see the instructions for that task later in this document.

Day Tasks Important Information

Day 1

  • Collect information.
  • Verify that hardware drivers and existing software are supported.
  • Request that users delete old files and old mail.
  • Install Windows SBS 2003 using specified requirements.
  • If you have the DHCP Server service running on the source server, ensure that you have the destination server connected to a switch or hub that is not connected to the network so that the DHCP Server service is installed on the destination server during Windows SBS 2003 Setup.
  • If you are using a router device that also provides a DHCP service, ensure that it is connected to the destination server during Windows SBS 2003 Setup so that DHCP is properly configured on the destination server. Because it is recommended that your servers not be connected to the Internet during the migration, you should complete this task after business hours. For more information, see Appendix C of "Getting Started" at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20122).
  • You can install Windows SBS 2003 at any time before beginning the migration. However, ensure that you follow the instructions in the section “Requirements for Installing the Destination Server.”

Day 2

  • Ensure that the source server is running specified service packs.
  • Export public folders, the Administrator mailbox, and Administrator rules.
  • Back up the source server.

It is recommended that the backup be completed after business hours so that the latest data is backed up.

Day 3 and 4 (while users are not in the office)

  • Disable DHCP on the source server.
  • Connect servers for the migration.
  • Prepare client computers.
  • On the destination server, complete the Network Tasks on the To Do List.
  • Complete the remaining migration steps (4 through 7) in order.

The amount of time that the migration takes depends on the number of user accounts, group accounts, and client computers, and on the size of each user’s mailbox.

Note

It is highly recommended that you be on-site the first day after a migration to assist users with questions.

Crucial Information About the Migration

You must follow the steps as outlined in this document or the migration will fail. Some key issues that can cause the migration to fail are as follows:

  • Internal domain information for the source and destination servers must be different. The source server and the destination server must have different full DNS names for the internal domains, as well as different NetBIOS domain names. This does not affect your Internet domain name. For example, if the full DNS name for the internal domain of your source server is contoso.local and your Internet domain name is contoso.com, you could use contoso2.local for your destination server full DNS name for internal domain and continue to use the Internet domain name of contoso.com.
  • The source computer name and destination computer name must be different. After the migration, it is not possible to change the computer name of the destination server. The computer name is used to configure Windows SBS tools and applications. Because the destination computer name must be different from the source computer name, if a client computer refers to the source computer name (for example, with UNC paths, mapped drives, shortcuts, or printers that were moved from the source server to the destination server), the references will become invalid during the migration. To prevent this, you must update or delete the references on the client computer.
  • The DHCP Server service on the source server must be disabled. At the end of the migration, because the source server is retired, the DHCP Server service must be running on the destination server, unless you have a router device that provides the service. In order for the DHCP Server service to be installed on the destination server, you must disable the DHCP Server service on the source server before connecting the destination server to the network. If you are using a router device that also provides a DHCP service, ensure that it is connected to the destination server during Windows SBS 2003 Setup so that DHCP is properly configured on the destination server. Because it is recommended that your servers not be connected to the Internet during the migration, you should complete this task after business hours. For more information, see Appendix C of "Getting Started" at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20122).
  • Use ADMT to migrate user, group, and computer accounts, and use the Exchange Migration Wizard to migrate user mailboxes. Using ADMT to migrate user, group, and computer accounts preserves the security identifiers (SIDs). For more information about ADMT, after installing the tool in “Step 4. Begin the Migration,” on the destination server, browse to \Program Files\Active Directory Migration Tool, and then double-click DomainMig.chm. Using the Exchange Migration Wizard provides a simplified and more reliable method for moving user mailboxes than previous Exchange migration methods. The Exchange Migration Wizard migrates all user mailboxes. However, you must manually export mailbox rules because they are not preserved. Additionally, the wizard does not migrate the Administrator account mailbox and rules or the public folders. You must export them from the source server and then import them to the destination server. For more information about the Exchange Migration Wizard, search for article 328871, “How to: Use the Exchange Migration Wizard to Migrate Mailboxes From an Exchange Organization” at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20167).
  • Custom settings on the source server must be configured manually on the destination server at the end of the migration. If you have custom settings for your Exchange Server SMTP connector, DHCP scope options, DNS records, Routing and Remote Access service, Group Policy, or Internet Security and Acceleration (ISA) Server 2000 settings, you need to record the settings and then manually configure them on the destination server at the end of the migration. Additionally, if you have custom Web sites configured with Internet Information Services (IIS), you must either copy the files to the destination server and then recreate the Web sites or use the IIS 6.0 Migration Tool available at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20161).
  • Desktop profiles for computers running Windows 2000 Professional or Windows XP Professional are preserved during the migration. However, any references to the computer name of the source server (for example, UNC paths, shortcuts, and mapped drives) are no longer valid at the end of the migration.
  • Once you have connected the source and destination servers for the migration, do not add new user accounts, group accounts, or computer accounts to either server until “Step 5. Configure the Destination Server.” If you attempt to create a user, group, or computer account before Step 5, the account creation will fail. You can add new user, group, or computer accounts to the destination server when you complete Management Tasks on the To Do List in Step 5.
  • You must create DNS forwarders on the source and destination servers. DNS forwarders are required in order for ADMT to work with both the source and destination servers. The process of creating DNS forwarders is described in “Step 4. Begin the Migration.”

Note

If My Documents are configured to redirect to the source server, see the Windows SBS 2003 Troubleshooting document at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20282).

Note

Modem Sharing Client will not be available after you migrate to Windows SBS 2003 because Shared Modem Service is not supported.

Step 1. Prepare for the Migration

In this step, you ensure a successful migration by completing the following tasks: collect necessary information, export public folders to a .pst file, export the Administrator account mailbox and rules, request that users delete unnecessary e-mail and files, verify that hardware drivers and existing software are supported, ensure the source server is running the latest service packs, and back up the source server. Additionally, at the end of this step, if users are still connected to the network, notify users that they must log off of the domain.

To collect information

Migrating to Windows SBS 2003 requires that you collect information about the source server and make decisions about information needed for the destination server.

  1. Complete the Migration Worksheets at the end of this document. The worksheets request the following information:
    • Worksheet 1: Source and Destination Computer Information. Record information about the source server and then determine what information about the destination server you will need in order to install Windows SBS 2003.
    • Worksheet 2: Shared Folder Information. Record the location of any shared folders that need to be migrated from the source server to the destination server.
    • Worksheet 3: Location of Data for Line-of-Business Applications and of General User Data. Record the location of any data for line-of-business applications or of any general user data that is not located in a shared folder and that needs to be migrated from the source server to the destination server.
    • Worksheet 4: Microsoft Connector for POP3 Mailboxes Information. If you are using the Microsoft Connector for POP3 Mailboxes on your computer running Small Business Server 2000, record the information for each account that is configured. Later in the migration, you will reconfigure the accounts on the destination server.
    • Worksheet 5: Custom Settings. If you have configured custom settings for your Exchange server SMTP connector, DHCP scope options, DNS records, Routing and Remote Access service settings, Group Policy settings, Internet Security and Acceleration (ISA) Server 2000 settings, or any custom IIS Web sites, record the information. Later in the migration, you will reconfigure the settings on the destination server.
    • Worksheet 6: Exchange 2000 Server Information. If you are running Exchange 2000 Server and have created distribution lists, created custom recipients, or set custom permissions for your public folders, record the permissions. Later in the migration, you will reconfigure them on the destination server.

Note

You will complete “Worksheet 7: DNS Forwarders on Destination Server” as part of “Step 7. Complete the Migration.”

  1. Complete the form titled “Required Information for Connecting to the Internet.” The form is available in Appendix A of "Getting Started" (if you are using the retail product) or in "Completing Setup" (if you purchased your server from an OEM). To download a copy of the appendix, see the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20122).

To export public folders and the Administrator account mailbox and rules

If you are running Exchange 2000 Server and want to migrate public folders or the Administrator account mailbox, you must export them to .pst files because migrating them with the Exchange Migration Wizard is not supported. If the Administrator account mailbox has any mailbox rules, you must export them as well. For more information about exporting to a .pst file or exporting mailbox rules, see the Help for the Outlook® messaging and collaboration client.

  1. On a client computer running Outlook, export public folders to a .pst file.
    1. Log in as Administrator to a client computer.
    2. Open Outlook.
    3. In Folder List, select All Public Folders.
    4. Follow Outlook Help instructions for exporting all public folders to a .pst file. Ensure that you select the Include subfolders check box on the page where you select the folder to export from.

Note

The user account that you are logged in to for exporting the public folders must have permissions to each public folder. Otherwise, you cannot view or access all public folders.

  1. Export the Administrator account mailbox to a .pst file.
  2. Export the Administrator account mailbox rules.

To request that users delete unnecessary e-mail and files

To reduce the time it takes to migrate files and mailboxes, it is recommended that you request users on your network to delete unnecessary e-mail and files by doing the following:

  1. If you are running Exchange 2000 Server on your source server, have users delete any unneeded mail from mailboxes, including mail in the Deleted Items and Sent Items folders.

Important

The destination server mail quotas are set to send a warning at 175,000 kilobytes (KB) and limit sending and receiving e-mail at 200,000 KB. If users have mailboxes larger than these settings after deleting unneeded mail, you must update the Exchange mail quota settings for the destination server later in the migration, as described later in this document.

  1. Archive older mail to a .pst file, if appropriate. For more information about creating a .pst file, see Outlook Help on the client computer. If you want to determine the size of each user mailbox, complete the following:
    1. Click Start, and then click Small Business Server Administrator Console.
    2. Double click YourExchangeOrganization, double-click Servers, double-click YourServerName, double-click First storage group, double-click Mailbox Store, and then click Mailboxes. The Size (KB) column in the details pane lists the size of each user mailbox.
  2. Review and delete unneeded personal documents from the user folder, the Company Shared folder, and any other shared folders on the server.

Important

Ensure that each user folder is no larger than 1 gigabyte (GB). Disk quotas are enabled on the destination server for the partition where the Users shared folder is located, and it allocates 1 GB of space per user folder. For more information about modifying the default quotas for all users, on the destination server, click Start, click Help and Support, and then search for “Set disk space quotas for all users.”

  1. If Outlook rules are used, users must export the rules to a file. Outlook rules are not preserved when mailboxes migrate to the destination server.

To verify that hardware drivers and existing software are supported

If you plan to move hardware or to install existing software from your source server to the destination server, you must ensure that the hardware and existing applications are compatible. To do so, check the hardware and software compatibility information in the Windows Server Catalog at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20157).

To ensure that your server is running the latest service packs

It is highly recommended that the source server run the latest service packs, because they were used for the baseline testing of this document. Before installing a service pack, back up your source server.

  1. If you are running Small Business Server 2000, ensure you have installed Small Business Server 2000 Service Pack 1. To verify that the source server is running the service pack, click Start, and then click Small Business Server Administrator Console. In the console pane, click Server Status (BackOffice Home). In the details pane, click About. The Version should read 2000 with Service Pack 1. If you are not running Service Pack 1 or later, you can install it by downloading it from the Web. For more information about downloading the service pack, search for article 326924 at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20167).
  2. If you are running Windows 2000 Server, ensure that you are running Windows 2000 Service Pack 4 or later. To verify that the service pack is running on the source server, click Start, click Run, and then type Winver. Ensure that Service Pack 4 is listed. If you are not running the service pack, back up the source server, and then insert Windows SBS 2003 Disc 3 or the DVD (if available) into the drive of the source server.
    1. Click Start, and then click Run.
    2. In Open, type the path to W2ksp4.exe. If you are using a CD, type D**:\SBS\Clientapps\Win2k_SP4\i386\Update.exe**, where D is the letter of your drive. If you are using a DVD, type D**:\CD3\SBS\Clientapps\Win2k_SP4\i386\Update.exe**, where D is the letter of your drive.
    3. Follow the instructions to complete Windows 2000 Service Pack 4 Setup.
  3. If you have Exchange 2000 Server, ensure that you are running Exchange 2000 Server Service Pack 3. To verify that you are running the service pack, do the following:
    1. On the source server, click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
    2. Double-click Servers, and then click YourExchangeServer.
    3. On the Action menu, click Properties.
    4. Ensure that Service Pack 3 is listed as the version. If you are not running Service Pack 3, download it from the Exchange Server Web site at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=16550). You should back up your server before installing the service pack.
  4. If you are running SQL Server 2000, you should install SQL Server 2000 Service Pack 3 or later. To verify that your server is running the service pack, do the following:
    1. On the source server, click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
    2. Double-click SQL Server Group, right-click YourServerName, and then click Properties.
    3. Ensure that the version number is 8.00.760(SP3). If you are not running Service Pack 3 or later, download and then install Service Pack 3a from the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=93013).

To stop Folder Redirection on the source server

If you have deployed a Folder Redirection Group Policy object in your domain, you need to stop Folder Redirection for all users. For detailed instructions about how to stop Folder Redirection, see the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=52306).

To back up the source server

The evening prior to migrating data and settings, back up your source server to protect your data from accidental loss in the unlikely event of an error occurring during the migration.

  1. Complete a virus scan of all drives and files on the source server.

Warning

Do not scan the Exchange M: drive because this can lead to corruption of the Exchange database. For more information, see the white paper mentioned in the following step.

  1. After completing the virus scan, complete and verify a full backup of the source server. Perform a full system backup including the System State data and Exchange. For more information about backing up Small Business Server 2000, see the white paper entitled “Backup and Recovery for Small Business Server 2000” at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=12282).

Warning

Do not back up the Exchange M: drive as part of the Exchange backup because this can lead to corruption of the Exchange database.

  1. Verify that the backup ran successfully. To test the integrity of the backup, select random files from your backup, restore them to an alternative location, and then confirm that the backed up files are the same as the original ones.

To notify users of the migration

  • At this point, if users are still connected to the source server, they must log off the domain.
  • You can quickly notify all users by using Instant Messenger or by using the net send command if Messenger Service is running on both the source server and client computers. For example, to use Messenger Service from the command prompt, type: Net send * You must log off from the domain in approximately 5 minutes. At that point, the Internet will also be unavailable. Wait the specified amount of time, and then continue.

Step 2. Required Steps to Install Windows SBS 2003 on the Destination Server

In this step, you install Windows SBS 2003 by completing the following tasks: disable the DHCP Server service on the source server, connect the source and destination servers for the migration, install Windows SBS 2003 by using the specified requirements, and complete the Network Tasks on the To Do List (which appears at the end of Setup). After completing the Network Tasks, you must disconnect the Internet connection device from the Internet and then disable real-time antivirus software on both servers so that it does not interfere with the transfer of data during the migration.

You can install Windows SBS 2003 after you have collected information in “Step 1. Prepare for the Migration” if the new computer is connected to a hub or switch that is not connected to the existing network. You can then stop the DHCP Server service on the existing network and connect the computer running Windows SBS 2003 (destination server) to the existing network.

To disable DHCP on the source server

Important

Before you disable the DHCP service on the source server, ensure that the Domain Admins group is a member of the built-in Administrators group on all the client computers. If you removed the Domain Admins group for the source server from the built-in Administrators group on any client computer, you must add this group back. By default, the Domain Admins group is added to the built-in Administrators group of the client computer when the client computer is joined to the domain.

At the end of the migration, because the source server is retired, the DHCP Server service must be running on the destination server, unless you have a router device that provides the service. In order for the DHCP Server service to be installed on the destination server, you must disable the DHCP Server service on the source server before connecting the destination server to the network.

Note

Skip this procedure if you have a router device that provides the DHCP Server service to the local network and you plan to continue using this device as your DHCP server.

  1. On the source server, click Start, click Run, and then type Services.msc.
  2. Double-click DHCP Server to open Properties, and then click Stop. After the service stops, change Startup Type to Disabled.

To connect servers for the migration

Before beginning the migration, it is recommended that you disconnect your Internet connection device from the Internet. Additionally, you must connect the local network adapter for the destination server to the local network used by the source server.

  1. Before connecting the computers, do the following:
    1. Disconnect the Internet connection device from the Internet for both the source server and the destination server. Neither server should be connected to the Internet during the migration. For broadband connections, it is recommended that you disconnect the connection between the broadband device and your Internet service provider.
    2. On the destination server, disable the network adapter that is connected to the Internet connection device.
    3. On the destination server, click Start, click Run and type cmd. In the Command prompt window, type ipconfig /flushdns. For details, see Figure 1.1. Figure 1.1
  2. Connect the network adapter that will connect the destination server with the local network to the same hub or switch on which the local network adapter on the source server is connected. See Figure 1.1.

Important

If you are using a router device that also provides a DHCP service, ensure that it is connected to the destination server during Windows SBS 2003 Setup so that DHCP is properly configured on the destination server. For more information, see Appendix C of "Getting Started" at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20122).

To prevent any confusion about which network cable connects to the local network and which connects to the Internet, it is recommended that you label your cables and networking devices.

Requirements for Installing the Destination Server

If you are installing a retail version of Windows SBS 2003, see Chapter 3A of "Getting Started" for step-by-step instructions.

If you purchased your server from an original equipment manufacturer (OEM) and Windows SBS 2003 was already installed, see Chapter 3A of "Completing Setup."

Complete a new installation on the destination server by using the information specified in the following list. When entering the computer name, full DNS name for internal domain, NetBIOS domain name, IP address of local network adapter, and built-in Administrator account name and password, refer to information you collected in “Worksheet 1: Source and Destination Computer Information.”

Important

If you do not follow these requirements when installing the destination server, the migration will fail.

Important

Ensure that you have disabled the DHCP Server service on the source server so that DHCP is properly installed on the destination server. For more information, see “To disable DHCP on the source server” in Step 2.

  1. If you are moving a fax device from the source server, you should do so before beginning the installation. Ensure that you have first checked the hardware compatibility information in the Windows Server Catalog at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20157).
  2. With the retail product, when you are prompted to select a file system for the operating system partition, you must select NTFS.
  3. When prompted for the Administrator password, you must use the same Administrator password as the password used on the source server.
  4. When prompted for the computer name, you must use a standard computer name that is not used by another computer on the network. A standard computer name is a unique name of up to 15 standard characters: A–Z, 0–9, and the hyphen (-).
  5. On the Internal Domain Information page of Windows SBS 2003 Setup, ensure that the full DNS name for the internal domain and the NetBIOS domain name are different from the full DNS name for the internal domain and the NetBIOS domain name used by the source server. If the full DNS name or the NetBIOS domain name for the source and destination servers are the same, the migration will fail.
  6. During Windows SBS 2003 Setup, if Setup detects DHCP running on the router device, you must choose whether to run DHCP on the router device or on the destination server. It is recommended that you run DHCP on the destination server. If you choose to continue running DHCP on the router device and later decide to use DHCP on the destination server, see the instructions in Appendix C of "Getting Started" at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20122).
  7. When prompted for an IP address, enter an IP address that is not being used by another computer in the network and that is within the same range used by the source server.

Important

If you enter an incorrect IP address for the destination server during Setup, you must use the Change Server IP Address tool to change it. This ensures that all services on the destination server are properly configured with the destination server’s IP address. To change the IP address, click Start, click Server Management, click Internet and E-mail, click Change Server IP Address, and then follow the instructions for the Change IP Address Tool.

  1. When the To Do List appears, if you have Windows SBS 2003, Premium Edition, you can install SQL Server 2000 and ISA Server 2000. For step-by-step instructions, insert the Premium Technologies disc into the CD or DVD drive, and then click How to Install when the Autorun page appears.

Important

Do not deploy Firewall Client to the client computers at this time. You should deploy it after you migrate the client computers to the destination server.

  1. If you have antivirus software for your destination server, it is recommended that you install it before connecting to the Internet.

To complete Network Tasks

Temporarily connect the destination server to the Internet connection device and complete the Network Tasks on the To Do List. You will complete the Management Tasks later in the migration.

  • View Security Best Practices. It is recommended that you read through and complete security best practices to help you secure your network. Clicking this task displays a list of security best practices.
  • Connect to the Internet. You must complete this task to ensure that your Internet connection is properly configured for your small-business network. Clicking this task starts the Configure E-mail and Internet Connection Wizard. Follow the instructions to configure your server’s network, firewall, secure Web site, and e-mail settings.

Important

Reconnect your Internet connection device to the Internet and ensure that the destination server is connected to the device.

Important

Do not enable password policies at the end of the wizard when you are prompted. You will do so in “Step 7. Complete the Migration.”

  • Configure Remote Access. Complete this task if you want to allow remote client computers to connect to your local network through virtual private network (VPN) connections, dial-in connections, or both. Clicking this task starts the Remote Access Wizard. If users have external client computers, they should delete the existing VPN connection and then configure a connection to the destination server by using the Remote Web Workplace after the migration is complete. For more information about using the Remote Web Workplace, click Start, click Help and Support, and then search for “Remote Web Workplace.”
  • Activate Your Server. You must activate your server. Clicking this task starts the Windows Product Activation Wizard. Follow the instructions to activate your server.
  • Add Client Licenses. If you have more than five client computers, you must complete this To Do List task to add any additional client licenses that you purchased. This task requires that you first activate your server. Clicking this task starts the Add License Wizard.

To disconnect from the Internet and then disable antivirus software on both servers

  • Before migrating data and settings, you must disconnect your Internet connection device from the Internet. You must then disable any disk utilities that may be running on either the source or destination server, such as real-time antivirus monitoring software. Disk utilities can cause problems during the migration.

Important

If you are using a router device that also provides a DHCP Server service, ensure that the device is still connected to the local network, as shown in Figure 1.1, when you disconnect from the Internet.

Step 3. Prepare Client Computers for the Account Migration

In this step, you prepare client computers that are running Windows NT Workstation 4.0, Windows 2000 Professional, Windows XP Professional, Windows 2000 Server, or Windows Server 2003, or a member server running Windows NT Server 4.0 or later. Computer accounts for client computers running these operating systems are migrated by using the Active Directory Migration Tool (ADMT) in “Step 4. Begin the Migration.” ADMT does not support migrating computer accounts for client computers running Windows 95, Windows 98, or Windows Millennium Edition. You manually configure these client computers for the destination server in “Step 6. Configure Client Computers.”

If you have a second server that is also a domain controller (this is called an additional domain controller), you must first remove Active Directory before migrating the second server. On the second server (additional domain controller), click Start, click Run, type Dcpromo, and then follow the instructions to complete the wizard. You can then migrate the computer account to the destination domain and use the server as a second server for the domain. For more information about second servers for Windows SBS 2003, on the destination server, click Start, click Server Management, click Server Computers, click More Information, and then click Configure additional servers.

Note

Each member server requires a Windows SBS 2003 client access license (CAL). For more information about licensing, after Setup is complete, click Start, click Help and Support, and then search for “licensing.”

To prepare client computers for the account migration

  1. If users have not exported mailbox rules, you should do so now.
  2. If you removed the Domain Admins group for the source server from the built-in Administrators group on any client computer, you must add this group back. By default, the Domain Admins group is added to the built-in Administrators group of the client computer when it is joined to the domain.
  3. Disable any personal firewalls running on the client computers. For example, disable Internet Connection Firewall on Windows XP Professional. If you are running ISA Server 2000 as your firewall, do not disable Microsoft Firewall Client on the client computers. For more information about how to disable Internet Connection Firewall, click Start, and then click Help on the client computer. For more information about disabling any other personal firewall, see the firewall manufacturer documentation.

Important

If the options are grayed out on the General tab of the Windows Firewall dialog box, then Windows Firewall must have been set using a Group Policy setting. You need to first disable the Group Policy setting on the server and then turn off Windows Firewall on the client computer.

  1. If you are migrating from Small Business Server 2000, remove Microsoft Shared Modem Service Client. Additionally, if you do not plan to continue to use ISA Server 2000 on the destination server, you must remove Firewall Client.
  2. Release and then renew the IP address for each client computer to ensure that each computer is obtaining an IP address from the destination server’s DHCP Server service.
  3. If you are running Windows NT Workstation 4.0 or have a member server running Windows NT Server 4.0, you must install Windows NT 4.0 Service Pack 6a. To verify that Windows NT 4.0 Service Pack 6a is installed, click Start, click Run, and then type Winver. The About Windows NT dialog box appears. Ensure that Service Pack 6a is listed. If you are not running Service Pack 6a, download the service pack from the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=19598). Back up the client computer and then install the service pack. After installing the service pack, it is recommended that you complete another backup.
  4. Delete the desktop shortcuts for the user’s shared folder and Company shared folder. Also, delete or update any UNC paths, mapped drives, or shortcuts that point to the source server. Additionally, delete any Internet Explorer favorites that point to the source server, including Microsoft Small Business Internet Services, Microsoft Small Business Server Website, My E-mail, SBS User Guide, and Small Business Server Administration, because they are no longer valid.
  5. If the client computers have printers or fax printers that point to the source server, delete them. You will configure the destination server for printers in “Step 5. Configure the Destination Server,” and the printers will then be available for the client computers to use.
  6. Complete a virus scan of each client computer.
  7. Disable any real-time antivirus program on each client computer.
  8. Verify that all the client computers are turned on and connected to the network and that all users of each client computer are logged off.

Step 4. Begin the Migration

Important

If you removed the Domain Admins group for the source server from the built-in Administrators group on any client computer, you must add this group back. By default, the Domain Admins group is added to the built-in Administrators group of the client computer when the client computer is joined to the domain.

Important

Verify that all the client computers are turned on and connected to the network and that all users of each client computer are logged off before beginning the migration process.

In this step you install and configure ADMT on the destination server and then migrate user, group, and computer accounts. You also configure DNS forwarders on the source and destination servers so that ADMT works with both servers. If Exchange 2000 Server is running on the source server, you determine if the Exchange Server mail quota for the destination server needs to be updated, and then you migrate Exchange mailboxes. Additionally, you must move shared folders and any application data to the destination server and migrate any SQL Server databases to the destination server.

After the migration is complete, users are prompted to create a new password the first time they log on. If you want to migrate user passwords without requiring users to recreate new passwords, follow the instructions in article 326480 “How to Use Active Directory Migration Tool Version 2 to Migrate from Windows 2000 to Windows Server 2003” in the Knowledge Base at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20167). In the article, disregard any references to establishing a trust relationship because this is not used for migrating to Windows SBS.

Important

If you have not done so already, it is highly recommended that you back up the source server before beginning the migration.

To install ADMT on the destination server

  1. Insert Windows SBS 2003 Disc 1 or the DVD (if available) into the CD or DVD drive of the destination server.
  2. If you are using the CD, browse to and then double-click D**:\I386\Admt\Admigration.msi**, where D is the letter of your CD drive. If you are using the DVD, type D**:\CD1\I386\Admt\Admigration.msi**, where D is the letter of your DVD drive. The Active Directory Migration Tool Setup Wizard appears.
  3. Follow the instructions to complete the Active Directory Migration Tool Setup Wizard.

To create DNS forwarders for the source and destination servers

You must create DNS forwarders for both the source and destination servers in order for ADMT to work. If you have existing DNS forwarders on the source or destination server, you must delete them or they may interfere with communication between the source server and the destination server. Ensure that you record the source server DNS forwarders on “Worksheet 5: Custom Settings” and the destination server DNS forwarders on “Worksheet 7: DNS Forwarders on Destination Server.”

  1. On the source server, click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. Right-click YourSourceServer, and then click Properties.
  3. Click the Forwarders tab.
  4. If there are already IP addresses listed as forwarders, remove them.
  5. Ensure Enable forwarders is selected, enter the IP address of the destination server, and then click Add.
  6. On the destination server, click Start, point to All Programs, point to Administrative Tools, and then click DNS.
  7. Right-click YourDestinationServer, and then click Properties.
  8. Click the Forwarders tab.
  9. Record the DNS forwarders that are listed on “Worksheet 7: DNS Forwarders on Destination Server.” You will recreate these forwarders by running the Configure E-mail and Internet Connection Wizard in “Step 2. Required Steps to Install Windows Small Business Server 2003 on the Destination Server.”
  10. Remove the forwarders on the destination server.
  11. Click New. The New Forwarder dialog box appears.
  12. Enter the fully qualified domain name of the source domain (for example, smallbusiness.local) recorded in “Worksheet 1: Source and Destination Computer Information.”
  13. With your domain name still selected, in the Selected domain’s forwarder IP address list field, type the IP address of the source server recorded in “Worksheet 1: Source and Destination Computer Information,” and then click Add.

To configure ADMT on the destination server

If you have any member servers running Windows NT Server 4.0 or client computers running Windows NT Workstation 4.0, you must complete this procedure.

  1. On the destination server, click Start, click Run, and then type Cmd.

  2. At the command prompt, type each of the following commands:

    Net Localgroup "Pre-Windows 2000 Compatible Access" Everyone /Add
    
    Net Localgroup "Pre-Windows 2000 Compatible Access" "Anonymous Logon" /Add
    

Important

You must include the quotation marks for the commands to run successfully.

  1. Restart the destination server.

To migrate user accounts

Important

Verify that all the client computers are turned on and connected to the network and that all users of each client computer are logged off before beginning this step.

  1. On the destination server, click Start, click Run, and then type Cmd.

  2. Type the following command, replacing SourceDomainName with the NetBIOS domain name (for example, SmallBusiness) of the source server:

    Runas /Netonly /user:SourceDomainName\Administrator "Mmc \"%ProgramFiles%\Active Directory Migration Tool\Migrator.msc\""
    

    For this command, there is one space after each of the following parameters: Runas, Netonly, Administrator, and Mmc. Otherwise, there are no spaces. If you prefer, copy the text from this document and then paste it in the command line. Be sure to update the SourceDomainName before running the command.

Important

If you close the Active Directory Migration Tool, you must open the tool again by using this command and not by using the Start menu. You must run the tool from the command line because it is not possible to establish a trust between two Windows Small Business Server domains.

Important

You must type the command exactly as it appears, including quotation marks and backslashes; otherwise, the command will fail.

  1. When prompted, enter the password for the built-in Administrator account. The Active Directory Migration Tool appears.

  2. On the Action menu, click User Account Migration Wizard.

  3. In the User Account Migration Wizard, configure your server by using the information provided in Table 1.1. Table 1.1   User Account Migration Wizard

Wizard page Action

Test or Make Changes

It is recommended that you first click Test the migration settings and migrate later? If any errors result in the test, check the log files indicated on the status page. After resolving any issues, run the User Account Migration Wizard a second time, this time clicking Migrate now?

Important
During the ADMT test run if you see an RPC 1722 error, from the client computer, click Start, click Run, and then type eventvwr. Verify whether netlogon events 5805 or 5723 have been logged. If yes, unjoin and rejoin the client computer, and then re-run the ADMT test.

Domain Selection

  1. Set the Source domain to the source internal domain name (for example, SmallBusiness.local) and set the Target domain to the destination internal domain name.
  2. When you click Next, if you receive a message that Access is denied (error = 5), cancel the wizard, and then close ADMT. Verify that the source server and destination server Administrator passwords match. From the command prompt, restart ADMT, ensuring that you enter the password correctly. Entering the password incorrectly will cause access to be denied when you run the wizard.

User Selection

  1. Click Add, and then click Advanced. Select this object type is automatically set to search for user accounts.
    Do not migrate the following accounts because the User Account Migration Wizard does not support this:
    <ul>
    <li>For all migrations, do not migrate the built-in Administrator, Guest, IUSR_<em>ServerName</em>, IWAM_<em>ServerName</em>, Krbtgt, or TsInternetUser accounts.<br />
    </li>
    <li>If you are migrating from Small Business Server 2000, do not migrate the Small Business Administrator, Small Business Power User, or Small Business User accounts.<br />
    </li>
    <li>If you are running Exchange 2000 Server, do not migrate the SystemMailbox account.<br />
    </li>
    <li>If you are running SQL Server, do not migrate the SQLDebugger or SQLAgentCmdExec accounts.<br />
    </li>
    <li>If you have a line-of-business application that uses its own user account, check the manufacturer’s documentation to determine if the account should be migrated.<br />
    </li>
    </ul></li>
    <li>Click <strong>Find Now</strong> to view the list of user accounts.<br />
    </li>
    <li>Select the user accounts for each user that you want to migrate to the destination server, and then click <strong>OK</strong>.<br />
    </li>
    </ol></td>
    </tr>
    <tr class="even">
    <td><p><strong>Organizational Unit Selection</strong></p></td>
    <td><p>Browse to <strong>MyBusiness\Users\SBSUsers</strong> for the <strong>Target OU</strong>.</p></td>
    </tr>
    <tr class="odd">
    <td><p><strong>Password Options</strong></p></td>
    <td><p>Click <strong>Same as user name</strong>. The user password is set to the first 14 characters of the user account name and saved to the location specified for the password file (the default location is \Program files\Active Directory Migration Tool\Logs\Passwords.txt).</p>
    <p>Consider the following for password options:</p>
    <ul>
    <li>Using the same password as the user name will make it easier to configure client computers. The password is temporary and is reset at the end of the migration.<br />
    </li>
    <li>If you followed the instructions in Knowledge Base article  326480 for migrating user passwords, click <strong>Migrate passwords</strong>.<br />
    </li>
    </ul></td>
    </tr>
    <tr class="even">
    <td><p><strong>Account Transition Options</strong></p></td>
    <td><ol>
    <li>Click the <strong>Target same as source</strong> option.<br />
    </li>
    <li>Select the <strong>Migrate user SIDs to target domain</strong> check box.<br />
    
    <div class="alert">
    

    Warning

    The next step causes the source server to shut down and restart from a remote location. The server shutdown is irreversible. Make sure that you save and close all open applications, otherwise all open data will be lost.

    </div></li>
    <li>Click <strong>Next</strong>, and then click <strong>Yes</strong> on the next five message boxes that appear.<br />
    </li>
    <li>Wait for the source server to restart, and then log on to the source server using the built-in Administrator account.<br />
    </li>
    <li>After logging on to the source server, click <strong>OK</strong> on the destination server to continue.<br />
    </li>
    </ol></td>
    </tr>
    <tr class="odd">
    <td><p><strong>User Account</strong></p></td>
    <td><p>For <strong>User Name</strong>, use the built-in Administrator account, and then type the <strong>Password</strong>. Ensure that <strong>Domain</strong> is set to the source domain name.</p></td>
    </tr>
    <tr class="even">
    <td><p><strong>User Options</strong></p></td>
    <td><ol>
    <li>Select the <strong>Translate roaming profiles</strong> check box.<br />
    </li>
    <li>Select the <strong>Update user rights</strong> check box.<br />
    </li>
    <li>Ensure that the <strong>Fix users’ group memberships</strong> check box is selected.<br />
    </li>
    <li>Ensure that the <strong>Do not rename accounts</strong> option is selected.<br />
    </li>
    </ol></td>
    </tr>
    <tr class="odd">
    <td><p><strong>Object Property Exclusion</strong></p></td>
    <td><p>Click <strong>Next</strong>, accepting the default to not exclude specific object properties from the migration.</p></td>
    </tr>
    <tr class="even">
    <td><p><strong>Naming conflicts</strong></p></td>
    <td><p>Ensure that the <strong>Ignore conflictingaccounts and don’t migrate</strong> option is selected.</p></td>
    </tr>
    <tr class="odd">
    <td><p><strong>Completing the User Account Migration Wizard</strong></p></td>
    <td><ol>
    <li>Click <strong>Finish</strong>, and the Migration Progress dialog box appears. When <strong>Status</strong> indicates <strong>Completed</strong>, the migration of the user accounts is complete.<br />
    </li>
    <li>Click <strong>View Log</strong> if any errors occur.<br />
    </li>
    </ol></td>
    </tr>
    </tbody>
    

Important

If an account name is longer than 20 characters, it is automatically truncated to 20 characters when the account is migrated to the destination server.

Important

If you encounter errors while migrating user or computer accounts, see the instructions in the section of this document titled “ADMT Troubleshooting.”

To migrate group accounts

  1. On the destination server, in the Active Directory Migration Tool, on the Action menu, click Group Account Migration Wizard.

  2. In the Group Account Migration Wizard, configure your server by using the information provided in Table 1.2. You will need to run the Group Account Migration Wizard two times—once to migrate security groups and once to migrate distribution groups. For the list of distribution groups, see “Worksheet 6: Exchange 2000 Server Information.” Table 1.2   Group Account Migration Wizard

Wizard Page Action

Test or Make Changes

It is recommended that you first click Test the migration settings and migrate later? If any errors result in the test, check the log files indicated in the status page. After resolving any issues, run the Group Account Migration Wizard again, this time clicking Migrate now?

Domain Selection

Ensure that the Source domain is set to the source internal domain name (for example, SmallBusiness.local) and that the Target domain is set to the destination internal domain name.

Group Selection

  1. If you have the DHCP Server service running on the source server, ensure that you have the destination server connected to a switch or hub that is not connected to the network so that the DHCP Server service is installed on the destination server during Windows SBS 2003 Setup.
  2. If you are using a router device that also provides a DHCP service, ensure that it is connected to the destination server during Windows SBS 2003 Setup so that DHCP is properly configured on the destination server. Because it is recommended that your servers not be connected to the Internet during the migration, you should complete this task after business hours. For more information, see Appendix C of "Getting Started" at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20122).
  3. Set the Source domain to the source internal domain name (for example, SmallBusiness.local) and set the Target domain to the destination internal domain name.Collect information.
  4. Click Add, and then click Advanced. The Select this object type is automatically set to search for group accounts.
    <ul>
    <li>Do not migrate the following accounts because the Group Account Migration Wizard does not support this:<br />
    For all migrations, do not migrate the built-in security groups or any of the following groups: Cert Publishers, DHCP Administrators, DHCP Users, DnsAdmins, DnsUpdateProxy, Domain Admins, Domain Computers, Domain Controllers, Domain Guests, Domain Users, Enterprise Admins, Group Policy Creator Owners, RAS and IAS Servers, Schema Admins, or WINS Users.<br />
    If you are migrating from Small Business Server 2000, do not migrate BackOffice Fax Operators, BackOffice Folder Operators, BackOffice Internet Users, BackOffice Mail Operators, BackOffice Remote Operators, or BackOffice Template Users.<br />
    If you are migrating Exchange 2000 Server, do not migrate Exchange Domain Servers or Exchange Enterprise Servers.<br />
    If you are migrating from SQL Server 2000, do not migrate the OLAP Administrators group.<br />
    Do not migrate the DomainName$$$ group.<br />
    </li>
    </ul></li>
    <li>Click <strong>Object Types</strong>, and then clear the <strong>Built-in security principals</strong> check box.<br />
    </li>
    <li>Click <strong>Find Now</strong> to view the list of group accounts.<br />
    </li>
    <li>Select the user accounts for each group that you want to migrate to the destination server, and then click <strong>OK</strong>.<br />
    </li>
    </ol></td>
    </tr>
    <tr class="even">
    <td><p><strong>Organizational Unit Selection</strong></p></td>
    <td><p>For security groups, browse to <strong>MyBusiness\SecurityGroups</strong> for the <strong>Target OU</strong>.</p>
    <p>For distribution groups, browse to <strong>MyBusiness\DistributionGroups</strong> for the <strong>Target OU</strong>.</p></td>
    </tr>
    <tr class="odd">
    <td><p><strong>Group Options</strong></p></td>
    <td><p>Ensure that <strong>Update user rights, Fix membership of groups, Migrate group SIDs to target domain</strong>, and <strong>Do not rename accounts</strong> are selected.</p></td>
    </tr>
    <tr class="even">
    <td><p><strong>Object Property Exclusion</strong></p></td>
    <td><p>Click <strong>Next</strong>, accepting the default to not exclude specific object properties from the migration.</p></td>
    </tr>
    <tr class="odd">
    <td><p><strong>User Account</strong></p></td>
    <td><p>For <strong>User Name</strong>, use the built-in Administrator account, and then type the <strong>Password</strong>. Ensure that the <strong>Domain</strong> name for the source server is set to the source domain.</p></td>
    </tr>
    <tr class="even">
    <td><p><strong>Naming conflicts</strong></p></td>
    <td><p>Ensure that the <strong>Ignore conflictingaccounts and don’t migrate</strong> option is selected.</p></td>
    </tr>
    <tr class="odd">
    <td><p><strong>Completing the Group Account Migration Wizard</strong></p></td>
    <td><ol>
    <li>If you have the DHCP Server service running on the source server, ensure that you have the destination server connected to a switch or hub that is not connected to the network so that the DHCP Server service is installed on the destination server during Windows SBS 2003 Setup.<br />
    </li>
    <li>If you are using a router device that also provides a DHCP service, ensure that it is connected to the destination server during Windows SBS 2003 Setup so that DHCP is properly configured on the destination server.<br />
    </li>
    <li>Click <strong>Finish</strong>, and the <strong>Migration Progress</strong> dialog box appears. When Status indicates Completed, the migration of the group accounts is complete<br />
    </li>
    <li>Click <strong>Finish</strong>, and the <strong>Migration Progress</strong> dialog box appears. When <strong>Status</strong> indicates <strong>Completed</strong>, the migration of the group accounts is complete.<br />
    </li>
    <li>Click <strong>View Log</strong> if any errors occur.<br />
    </li>
    </ol></td>
    </tr>
    </tbody>
    

To migrate computer accounts

Complete this procedure to migrate computer accounts for client computers running Windows NT Workstation 4.0, Windows 2000 Professional, Windows XP Professional, or a member server running Windows NT Server 4.0 or later.

Important

  • Wait approximately 15 minutes from the last restart of the source server for DNS records to update on the source server. If you do not wait, the configuration of client computers for the destination domain will fail.
  • If you did not verify that the Domain Admins group is a member of the built-in Administrator group on the local computer, you must do so now.
  • If you did not disable real-time antivirus monitoring or personal firewalls on each client computer, you must do so before completing this procedure.
  1. On the destination server, in the Active Directory Migration Tool, on the Action menu, click Computer Migration Wizard.

  2. In the Computer Migration Wizard, configure your server using the information provided in Table 1.3. You need to run the Computer Migration Wizard two times—once to migrate client computers and once to migrate server computers other than the source server. Table 1.3   Computer Migration Wizard

Wizard Page Action

Test or Make Changes

It is recommended that you first click Test the migration settings and migrate later? If any errors result in the test, check the log files indicated in the status page. After resolving any issues, run the Computer Migration Wizard a second time, this time clicking Migrate now?

Domain Selection

Ensure that the Source domain is set to the source internal domain name (for example, SmallBusiness.local) and that the Target domain is set to the destination internal domain name.

Computer Selection

  1. Ensure that each client computer you are migrating is turned on and connected to the network. If you migrate a computer account for a client computer that is turned off or is not connected to the network, the configuration of the client computer will fail.
  2. Click Add, and then click Advanced. The Select this object type is automatically set to Computers. Click Find Now to view the list of computer accounts.
  3. Select the computer accounts for client computers that you want to migrate to the destination server, and then click OK.
    Do not migrate the computer account for the source server.
  4. For server computers other than the source server, run the Computer Migration Wizard again to place them in the SBSServers organizational unit.

Organizational Unit Selection

For Target OU of client computers, browse to and select MyBusiness\Computers\SBSComputers.

For Target OU of server computers, browse to and select MyBusiness\Computers\SBSServers.

Translate Objects

Click all check boxes on this page.

Security Translation Object

  1. Ensure that the Replace option is selected, and then click Next.
  2. Click OK when you view the following message: User rights translation will be performed in ‘Add’ mode only. Any other objects will be translated in adherence to your mode selection.

Computer Options

Set the number of minutes before computers restart after wizard completion to 1 minute and ensure that the Do not rename computers option is selected.

Object Property Exclusion

Click Next, accepting the default to not exclude specific object properties from the migration.

Naming conflicts

Ensure that the Ignore conflicting accounts and don’t migrate option is selected.

Completing the Computer Migration Wizard

  1. When you click Finish, the Migration Progress dialog box appears. When Status indicates Completed, the migration of the computer accounts is complete.
    If a computer account fails to migrate or if it migrates but the agent to configure the client computer fails, do the following:
    <ol>
    <li>Check the log files and resolve any issues.<br />
    </li>
    <li>Ensure that a computer account was not created in Active Directory (on the destination server, click <strong>Start</strong>, click <strong>Run</strong>, and then type <strong>Dsa.msc</strong> to open Active Directory Users and Computers).<br />
    </li>
    <li>Rerun the Computer Migration Wizard to migrate the computer account again.<br />
    When you test the computer account migration, you receive an event message indicating that the tool was unable to change domain affiliation (event message 37075). This is expected because the account migration was running only as a test.<br />
    </li>
    </ol></li>
    <li>Click <strong>View Log</strong> if any errors occur.<br />
    </li>
    <li>Click <strong>Close</strong>, and the Active Directory Migration Tool Agent Monitor dialog box appears indicating the status of the connection to the client computers that you are migrating.<br />
    </li>
    </ol></td>
    </tr>
    </tbody>
    

Important

Do not log on to a client computer until “Step 6. Configure Client Computers”; if you log on earlier, the Outlook profile will not migrate.

Important

If you encounter errors while migrating user or computer accounts, see the instructions in the section in this document titled “ADMT Troubleshooting.”

To determine whether the mail quota for Exchange needs updating

If you are running Exchange 2000 Server on your source server, and you have a mail quota set to a value other than 175,000 KB for the warning and 200,000 KB for the limit for sending and receiving e-mail, you must update the Exchange mail quota settings for the destination server.

  1. On the source server, click Start, and then click Small Business Server Administrator Console.
  2. Double-click YourExchangeOrganization, double-click Servers, double-click YourServer, double-click YourStorageGroup, right-click Mailbox Store, and then click Properties.
  3. Click the Limits tab.
  4. Review the settings for Issue warning at (KB) and Prohibit send and receive at (KB). If the quotas are set to something other than 175,000 KB for the warning and 200,000 KB for the limit for sending and receiving e-mail, continue to the next step and update the Exchange mail quota settings on the destination server.
  5. On the destination server, click Start, and then click Server Management.
  6. Double-click Advanced Management, double-click YourExchangeOrganization, double-click Servers, double-click YourServer, double-click YourStorageGroup, right-click Mailbox Store, and then click Properties.
  7. On theLimits tab, update the settings for Issue warning at (KB) and Prohibit send and receive at (KB).

To move Exchange mailboxes

If you are running Exchange 2000 Server, move user mailboxes by using the Exchange Migration Wizard.

Important

Do not open Outlook on a client computer until you have completed “Step 6. Configure Client Computers”; otherwise, the Outlook profile will not migrate.

Important

Ensure that you have turned off or disabled any disk utilities that may be running on the source or destination servers, such as real-time antivirus monitoring software. Disk utilities can cause problems during the migration.

  1. On the destination server, click Start, point to All programs, point to Microsoft Exchange, point to Deployment, and then click Migration Wizard.

  2. In the Exchange Migration Wizard, configure your server by using the information provided in Table 1.4. Table 1.4   Exchange Migration Wizard

Wizard page Action

Migration

Select Migrate from Microsoft Exchange.

Exchange Server Migration

Click Next to continue.

Migration Destination

You must accept the default of Migrate to a computer running Exchange Server.

Source Exchange Server

  1. Clear the Exchange 5.5 server check box.
  2. For Exchange server name, type the computer name of the source server (as recorded in “Worksheet 1: Source and Destination Computer Information”).
  3. Type the Administrator account and password.

Migration Information

Accept the default of Create/modify mailbox accounts.

Account Migration

Select the accounts for which you want to migrate the mailboxes.

Important considerations for account migration:

  • This tool does not support migrating mail for the Administrator account. To migrate mail for this account, from a client computer, use Outlook to export the mail to a .pst file and then later import it. You must also export any mailbox rules for the Administrator account. For more information about exporting to a .pst file or exporting mailbox rules, see Outlook Help on the client computer.
  • If you are migrating the mailbox for an account, the account must have been migrated to the server using the User Account Migration Wizard described earlier in this document.

Container for New Windows Account

Browse to YourDomain\MyBusiness\Users\SBSUsers.

  1. Follow the instructions to complete the Exchange Migration Wizard.

To move Users shared folders

Move the Users shared folder by using the Xcopy command. For more information about Xcopy, type Xcopy /? at the command prompt.

Note

Ensure that each user folder on the source server is no larger than 1 GB. Disk quotas are enabled on the destination server for the partition where the Users Shared Folder is located. Each folder is allocated 1 GB of space. For more information about modifying the default quotas for all users, on the destination server, click Start, click Help and Support, and then search for “set disk space quotas for all users.”

  1. On the destination server, click Start, click Run, and then type Cmd.

  2. At the command prompt, type:

    Xcopy \\SourceServerComputerName\Users \\DestinationServerComputerName\Users /e /o /d /h /v /c>>C:\Copyresults.txt
    
Parameter Description

SourceServerComputerName

Specifies the computer running Small Business Server 2000 or Windows 2000 Server.

DestinationServerComputerName

Specifies the computer running Windows SBS 2003.

/e

Copies all subdirectories, even if they are empty.

/o

Copies file ownership and discretionary access control list (DACL) information.

/d

Copies only those files whose source time is newer than the destination time.

To copy files changed on or after a specified date, type /d: m-d-y, where m-d-y is the specified date, in month-day-year format, to begin checking for file changes.

/h

Copies files with hidden and system file attributes. By default, Xcopy does not copy hidden or system files.

/v

Verifies each new file.

/c

Ignores errors.

>>C:\Copyresults.txt

Appends the results of the copy to a file named Copyresults.txt.

Note

An alternative to Xcopy is RoboCopy, which is available at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20249).

  1. Using Windows Explorer, open C:\Copyresults.txt and verify if any errors occurred during the file copy. You can also compare the number and size of the files that were in the Users folder on the source server with the number of files that are now on the destination server.

Note

If you have custom logon scripts, copy them from the NETLOGON shared folder on the source server to the NETLOGON folder on the destination server. Additionally, if the custom logon scripts reference any files, copy those files to the destination server as well.

To move additional shared folders

Important

If you have set permissions for users to access a shared folder on the network, then before you begin, migrate the shared folder you need set permissions to allow the Domain Admins group to access the folder.

Important

Both Xcopy and Robocopy do not support migration of encrypted files.

  1. On the destination server, create a shared folder for the share that you want to move, and then assign the necessary permissions.
  2. Use the previous procedure, “To move Users Shared folders,” to copy the folder from the source server to the destination server.

Note

If you create a shared folder on the same partition as the Users shared folder, disk quotas will also apply. For more information about modifying the default quotas for all users, on the destination server, click Start, click Help and Support, and then search for “Set disk space quotas for all users.”

Note

In order for you to assign permissions for the shared folders, the drive must be formatted using NTFS.

To move the Company folder to the intranet Web site

  1. On the destination server, click Start, and then click Server Management.
  2. In the console tree, click Internal Web Site.
  3. In the details pane, click Import Files. The Import Files Wizard appears.
  4. On the File and Document Library Location page, do the following: For Copy files from, type: \\SourceServerComputerName\Company, which is the path to the Company shared folder. For Copy files to, either accept the default of https://companyweb/General Documents or click Browse to select a different document library or to create a new document library.
  5. If an error occurs while importing files, it may be due to one of the following issues:
    • Files larger than 50 megabytes (MB) are blocked. To change this setting, open a browser window, and then type https://DestinationServerComputerName:8081. Click Configure virtual server settings, click Companyweb, and then click Virtual server general settings. Under Maximum Upload Size, specify a file size.
    • Files with certain extension types (such as .exe and .vbs) are blocked. To verify if a file type is blocked or to modify the list of blocked extensions, open a browser window, type https://DestinationServerComputerName:8081, and then click Manage blocked file types.
    • Files that do not contain data are not migrated.

To move additional data

If you recorded the location of data to move in Worksheet 3, “Location of Data for Line-of-Business Applications and of General User Data,” you can copy the data to the destination server. Or, if you want to retain the file ownership and discretionary access control list (DACL) information, you can use the Xcopy command described in the procedure, “To move Users shared folders.” If you have one or more SQL Server databases, migrate the data by using the next procedure.

  1. On the destination server, click Start, click Run, and then type **\\SourceServerComputerName\**DriveLetter$, where DriveLetter is the letter of the specific drive where the files are located (such as C$ or D$).
  2. Browse to the location of the additional data that you want to move, and then copy the data to the desired location on the destination server.
  3. Repeat this process for any additional applications that have data folders.

Note

If you have custom Web sites configured with Internet Information Services (IIS), you must copy the files to the destination server and then recreate the Web sites. Or, you can use the IIS 6.0 Migration Tool available at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20161).

Note

If you have additional applications to install on your destination computer, such as line-of-business applications, you can install them now or wait until after you have completed the migration.

Note

If folders or files have permissions assigned for built-in groups or the built-in Administrator account, you must reset these permissions after copying the folders and files to the destination server as the permissions will still be set for the built-in groups on the source server, which were not migrated.

To move SQL Server databases

If you are migrating to the Premium Edition of Windows SBS 2003 and have SQL Server 2000 running on the destination server, you must migrate your SQL Server databases.

  1. If you have not yet installed SQL Server 2000 on the destination server, do so now. To do so, follow the Premium Technologies installation instructions available from Autorun on the Windows SBS 2003 Premium Technologies disc. Ensure that you verify the collation settings prior to installing SQL Server 2000, as discussed in the Premium Technologies installation instructions.
  2. Search for article 314546, “How to: Move Databases Between Computers That Are Running SQL Server” at the Microsoft Web Site (https://go.microsoft.com/fwlink/?LinkId=20167), and then follow the instructions in the article.

To move Software Update Services (SUS) 1.0

  1. Install and configure Software Update Services (SUS) 1.0 on the destination server.
  2. Copy Approveditems.txt from the systemdrive**\Inetpub\Wwwroot** folder on the source server to the same folder on the destination server.
  3. Copy Approveditems.txt from the systemdrive**\Inetpub\Wwwroot\Autoupdate\Dictionaries** folder on the source server to the same folder on the destination server.
  4. Copy the Cabs folder from C**:\SUS\Content** on the source server, where C is the letter of the disk drive where SUS 1.0 is installed, to the same folder on the destination server.
  5. On the destination server, click Start, point to Administrative Tools, and then click Microsoft Software Update Services.
  6. In the left pane, click Set Options, and then enter the necessary options for configuring SUS.
  7. In the left pane, click Synchronize Server, and then click Synchronize Now.
  8. In the left pane, click Approve Updates, and then verify that the list of approved updates is correct. The updates that were approved on the source server should already be selected. Additionally, it is recommended that you select any additional updates that you want to have installed.

Note

Be sure to configure client computers to get the SUS updates from the destination server.

Step 5. Configure the Destination Server

In this step, you assign user accounts to a Windows SBS 2003 template and deploy applications to the client computers so that users can properly access the Windows SBS 2003 network. You must also complete additional configuration settings on the destination server, including completing the Management Tasks on the To Do List, configuring custom settings from the source server, configuring distribution lists and custom recipient policies, and configuring the Microsoft Connector for POP3 Mailboxes.

To assign permissions to migrated accounts

You must complete this task for users to have access to the necessary resources on the Windows SBS 2003 network.

When you complete this step, if you configured the destination server for remote access, you must assign users the necessary permissions. You can also deploy the Connection Manager configuration package, which configures the settings necessary for connecting mobile and remote client computers to the network.

  1. On the destination server, click Start, and then click Server Management.
  2. In the details pane, click Users, and then click Change User Permissions.
  3. On the Template Selection page, select a Windows SBS 2003 template for each user account that was migrated from the source server, and then click Add permissions to any previous permissions granted to the users.

Note

If user accounts are not listed on the User Selection page, ensure that the user account is enabled. In Server Management, click Users. In the details pane, if an account is disabled, right-click the account, and then click Enable account.

  1. Follow the instructions to complete the Change User Permissions Wizard.

Note

If you were not previously running Exchange, the wizard creates a mailbox account for each user account that was migrated from the source server.

To assign applications to client computers

Complete this procedure to assign applications to client computers running Windows 2000 Professional or Windows XP Professional. On client computers running any other Windows operating system, you must install the software manually. For more information, see “To configure client computers that are running operating systems earlier than Windows 2000 Professional” later in this document.

If you have member servers running Windows NT Server 4.0 or later, follow the instructions for configuring a second server. On the destination server, click Start, click Server Management, click Server Computers, click More Information, and then click Configure additional servers.

Note

If you have configured any additional applications for distribution to the client computers on the source server, then you need to make sure that these additional applications are copied to the destination server so that they are also available for distribution after migration.

Important

Windows Small Business Server 2003 includes five client access licenses (CALs). If you have more than five client computers, you must first add additional CALs before completing this task. For more information about adding CALs, see “Add Client Licenses” earlier in this document.

  1. On the destination server, click Start, click Server Management, and then in the console tree, click Client Computers.

  2. In the details pane, click Assign Applications to Client Computers.

  3. Complete the Assign Application Wizard using the information in Table 1.5. Table 1.5   Assign Applications to Client Computers

Wizard page Action

Client Computers

Add the computers that you want to configure with client applications.

Client Applications

  • Accept the default for applications to install.
  • If you were not previously running ISA Server on the source server and you installed it on the destination server, you must deploy Firewall Client to each client computer. To do so, click Edit Applications. The Set Up Client Applications Wizard appears.
  • On the Available applications page, click Add. The Application Information dialog box appears.
  • In the Application Name box, type Firewall Client, and then type or browse to \\DestinationServerComputerName\Mspclnt\Setup.exe.
  • Complete the Set Up Client Applications Wizard and then return to the Assign Applications Wizard.
  1. Follow the instructions to complete the Assign Applications Wizard. When you receive the message to go to the client computer and start Client Setup, click OK. You will complete Client Setup for each client computer in “Step 6: Configure Client Computers.”

To complete Management Tasks on the To Do List

  • If you closed the To Do List, you can return to it through Server Management.
    1. On the destination server, click Start, and then click Server Management.
    2. In the console tree, click To Do List.
  • Add a Printer. Complete this task to install a printer. Clicking this task starts the Add Printer Wizard.

Note

If you moved a printer from the source server to the destination server, you will delete the printer that references the source server from client computers in “Step 6. Configure Client Computers.”

  • Add Users and Computers. Complete this task if you are adding new users and computers to the network. Clicking this task starts the Add User Wizard. After you provide user account information, the Set Up Computer Wizard enables you to configure a client computer for new users.

Note

When you run Client Setup, it is recommended that you turn off or disable any real-time antivirus monitoring programs on the client computer because they can cause problems during application installation.

  • Configure Fax. If you have a fax modem, complete this task to configure Fax Service for sending and receiving faxes. Clicking this task starts the Fax Configuration Wizard.
  • Configure Monitoring. Complete this task to set up alert notifications and server performance and usage reports for your server. Clicking this task starts the Monitoring Configuration Wizard.
  • Configure Backup. Complete this task to configure Server Backup. Clicking this task starts the Windows Small Business Server Backup Configuration Wizard. Third-party software is not required.

Configure custom settings from the source server

If you completed “Worksheet 5: Custom Settings,” you must re-create these settings on the destination server.

To start Folder Redirection on the destination server

If you disabled a Folder Redirection Group Policy object in your domain before beginning migration, you need to start Folder Redirection for all users. To start Folder Redirection, do the following:

  1. On the destination server, click Start, and then click Server Management.
  2. On the console tree, click Backup.
  3. In the details pane, click Configure My Documents Redirection.
  4. In the Client Document Redirection dialog box, ensure that the Redirect all My Documents folders to the default shared folder for users on the Small Business Server option is selected, and then click OK.
  5. Click OK to close the Client Document Redirection message box.

To configure distribution lists and custom recipient policies

If you completed “Worksheet 6: Exchange 2000 Server Information,” you must reconfigure the custom recipient policies and distribution groups that had built-in groups (such as Administrator) as members on the destination server.

To add a built-in group account on the destination server to a distribution group, do the following:

  1. On the destination server, click Start, and then click Server Management.
  2. In the console pane, click Distribution Groups.
  3. In the details pane, double-click the distribution group, click the Members tab, and then add the built-in groups as members.

Note

You will configure the Public Folders custom permissions that are also listed in Worksheet 6 later in the migration.

Note

For more information about how to reconfigure custom recipient policies, click Start, click Server Management, and then press F1. Click the Search tab, and then search for “custom recipient policies.”

To enable sending and receiving e-mails for migrated security groups and distribution groups

If you have migrated any security or distribution groups that were e-mail enabled, then after migration, you can no longer send e-mails to them or receive e-mails from them. In order to resolve this problem, do the following:

  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the Active Directory Users and Computers console, expand YourDomainName, where YourDomainName is the name of your domain (for example, smallbusiness.local).
  3. To migrate security groups, complete steps 4 and 5. To migrate distribution groups, complete steps 6 and 7.
  4. Expand MyBusiness, click Security Group, in the details pane right-click the security group to enable sending and receiving of e-mail by this group, and then click Exchange Tasks.
  5. In the Exchange Task Wizard do the following:
    1. On the Available Tasks page, click Establish E-mail Addresses on Groups.
    2. On the Establish E-mail Address on Groups page, in the Alias box, type the alias for the group.
  6. To migrate distribution groups, expand MyBusiness, click Distribution Group, in the details pane right-click the distribution group to enable sending and receiving of e-mail by this group, and then click Exchange Tasks.
  7. In the Exchange Task Wizard do the following:
    1. On the Available Tasks page, click Establish E-mail Addresses on Groups.
    2. On the Establish E-mail Address on Groups page, in the Alias box, type the alias for the group.

To configure POP3 e-mail accounts for the Microsoft Connector for POP3 Mailboxes

If you completed “Worksheet 4: Microsoft Connector for POP3 Mailboxes Information,” you must reconfigure the POP3 accounts on the destination server.

  1. On the destination server, click Start, and then click Server Management.
  2. In the console pane, click Internet and E-mail.
  3. In the details pane, click Manage POP3 E-mail, and then click Open POP3 Connector Manager.

To update custom logon scripts

If you copied custom logon scripts to the destination server while migrating your data, you must now update each user account to refer to the destination server for the logon script, and you must update any references to the source server in the logon script to now reference the destination server.

To add users to the Remote Desktop Users group

If some of your users have permissions to log on to a server running Terminal Services in Application Mode, then you need to add these users to the Remote Desktop Users Group for that server. This is because the Domain Users permissions in the Remote Desktop Users group is not migrated for the server running Terminal Services in Application Mode.

Step 6. Configure Client Computers

In this step, you configure e-mail and proxy settings for client computers running Windows 2000 Professional or Windows XP Professional. If you have client computers running operating systems earlier than Windows 2000 Professional, you must manually configure them for the destination server, install applications, and configure e-mail and proxy settings. It is also recommended that you verify that client computers can connect to all necessary resources and files. You can also import Exchange Server public folders now that a client computer is configured to connect to Exchange Server on the destination server.

Note

If you exported the Administrator account mailbox and any mailbox rules, log on to a client computer as Administrator after it is configured for the destination server, and then import the mailbox and rules to the destination server. You should then delete the files from the client computer.

Note

If users exported their mailbox rules before the migration, you must remind them to import their rules the first time they log on after the migration is complete.

Note

Do not attempt to use the Offline Address Book for Outlook until at least one hour after installing Windows SBS 2003, because the Offline Address Book is not generated until then.

Note

If a search for sources dialog box appears, then you need to point to the new server for these sources.

To disconnect the source server from the network

At this point, disconnect the local network adapter for the source server from the local network. You will retire the source server in “Step 7: Complete the Migration.”

Note

There may be a slight delay the first time you log on to the destination server.

To configure client computers running Windows 2000 Professional or Windows XP Professional

  1. Ensure that the client computer is set to log on to the destination domain, and then log on to each client computer using the user account for that computer. Unless you migrated user passwords following the instructions in Knowledge Base article 326480, referenced in “Step 4. Begin the Migration,” the user account passwords were saved to the password file. The default location is \Program files\Active Directory Migration Tool\Logs\Passwords.txt.

Important

You will be prompted to enter a new password for the user account. Enter a unique password for each user account, and then record the new password so that you can give it to the user. It is highly recommended that you use a strong password for each account because you will reconnect the destination server to the Internet at the end of the migration.

  1. You must update or delete any references to the source server name on the client computer. These can appear, for example, in UNC paths, mapped drives, shortcuts, or printers that were moved from the source server to the destination server. You must update or delete these references because the destination computer name must be different from the source computer name, and if a client computer refers to the source computer name the references become invalid during the migration.
  2. For client computers that you deployed applications to, the Client Setup Wizard dialog box appears. Click Start Now to install the applications. Wait for the wizard to complete, and then continue to the next step.
  3. Open Control Panel, double-click Mail, and then update the mail properties to the destination server.
  4. If you were not running ISA Server on the source server and you deployed Firewall Client to client computers in “Step 5: Configure the Destination Server,” a shortcut to install Firewall Client appears on the desktop. Double-click the shortcut, and then complete the Firewall Client Wizard.
  5. If Firewall Client was already installed on the client computers and you installed ISA Server on the destination server, you must reconfigure the Firewall Client settings. To do so, double-click the Firewall Client tray icon. The Firewall Client Options dialog box appears. Change Use this ISA Server to the computer name of the destination server.
  6. If Firewall Client was already installed on the client computers and you installed ISA Server on the destination server, you must reconfigure the Internet Explorer proxy settings to use the destination server.
    1. Open Internet Explorer.
    2. Click the Tools menu, and then click Internet Options.
    3. Click the Connections tab, and then click LAN Settings.
    4. Select the Use a proxy server for your LAN check box, type the destination server name for the Address field, and then type 8080 in the Port field.
  7. If you were running ISA Server on the source server and did not install it on the destination server, ensure that the proxy client settings in Internet Explorer are cleared.
    1. Open Internet Explorer.
    2. On the Tools menu, click Internet Options.
    3. Click the Connections tab, and then click LAN Settings.
    4. Ensure that neither the option to automatically detect settings or the option to use a proxy server is selected.
  8. Re-enable the antivirus software on each client computer.
  9. Skip to the section titled “To confirm connectivity for client computers.”

To configure client computers that are running Windows 95, Windows 98, Windows Millennium Edition, or Windows NT Workstation 4.0

Client computers running Windows 95, Windows 98, Windows Millennium Edition, or Windows NT Workstation 4.0 must be manually configured for the destination domain.

  1. Configure each client computer for the destination domain, and then manually install applications. For step-by-step instructions, on the destination server, click Start, click Help and Support, and then search for “Configure client computers running earlier versions of Windows” and “Install applications on client computers running earlier versions of Windows.”

Note

To install Dsclient.exe, it is recommended that you download the client from the “Active Directory Client Extensions for Windows 95/98 and Windows NT 4.0” page at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=27030).

  1. Using Windows Explorer, search for *.pwl to locate any Windows passwords that were set locally on the computer. Delete any .pwl files found in the search.
  2. Log on to each client computer using the user account. Unless you migrated user passwords following the instructions in Knowledge Base article 326480, referenced in “Step 4. Begin the Migration,” the user account passwords were saved to the password file. The default location is \Program files\Active Directory Migration Tool\Logs\Passwords.txt.

Important

You will be prompted to enter a new password for the user account. Enter a unique password for each user account, and then record the new password so that you can give it to the user. It is highly recommended that you use a strong password for each account because you will reconnect the destination server to the Internet at the end of the migration.

  1. Open Control Panel, double-click Mail, and then update the mail properties to the destination server.
  2. Delete any Internet Explorer favorites that point to the source server, including Microsoft Small Business Website, My Internet Home Page, My Intranet Home Page, and SBS User Guide, because they are no longer valid.
  3. Delete or update the desktop shortcuts for the user and company shared folders. Also, delete or update any UNC paths, mapped drives, or shortcuts that point to the source server.
  4. If client computers have printers or fax printers that point to the source server, delete the printers or fax printers. The printers were already configured on the destination server in “Step 5. Configure the Destination Server.”
  5. If Firewall Client was already installed on the client computers and you installed ISA Server on the destination server, you must update the name of the ISA Server to the destination server. Double-click the Firewall Client tray icon on the client computer. The Firewall Client Options dialog box appears. Change the server listed for Use this ISA Server to the destination server name.
  6. If you installed ISA Server on the destination server and were not running it prior to the migration, you must install Firewall Client. Click Start, click Run, and then type \\ServerName\Mspclnt\Setup.exe.
  7. If you installed ISA Server on the destination server, you must configure the Internet Explorer proxy settings.
    1. Open Internet Explorer.
    2. Click the Tools menu, and then click Internet Options.
    3. Click the Connections tab, and then click LAN Settings.
    4. Select the Use a proxy server for your LAN check box, type the destination server name for the Address field, and then type 8080 for the Port field.
  8. If you were running ISA Server on the source server and did not install ISA Server on the destination server, ensure that the proxy client settings in Internet Explorer are cleared.
    1. Open Internet Explorer.
    2. On the Tools menu, click Internet Options.
    3. Click the Connections tab, and then click LAN Settings.
    4. Ensure that neither the option to automatically detect settings nor the option to use a proxy server is selected.
  9. Re-enable the antivirus software on each client computer.

To confirm connectivity of client computers

Ensure that client computers have access to all necessary resources and files.

  1. Ensure that the source server is disconnected from the network.
  2. Send a test e-mail message to one or more users, and then verify that they received the message.
  3. Connect to any shared folders or line-of-business applications.
  4. If the client computer uses a shared printer, print a test document.

To import public folders to the destination server

If you exported public folders from your source server to a .pst file, you can now import the .pst file to the destination server. Additionally, if you recorded any custom permissions for the public folders in “Worksheet 6: Exchange 2000 Server Information,” you must reconfigure these permissions.

  1. On a client computer, log in using an account with administrative credentials or with credentials to create public folders.
  2. Open Outlook. Import the public folders, which you saved to a .pst file in “Step 1: Prepare for the Migration,” to the currently selected folder. If you are using Outlook 2003, use the following procedure:
    1. From the Go menu, click Folder List to display the Public Folders.
    2. Double-click Public Folders, and then double-click All Public Folders.
    3. From the File menu, click Import. The Import Export Wizard appears. Select Import from another program file.
    4. On the Import a filepage, select Personal Folder File (.pst).
    5. On the Import Personal Folders page, browse to the public folder you saved, and ensure that Include Subfolders is selected.
    6. Select IPM-Subtree, and then select Import items into current folder.
    7. Follow the instructions to complete the wizard.
  3. If you had assigned special permissions to any of the public folders you just imported, you must configure the permissions now.
    1. On the destination server, click Start, and then click Server Management.
    2. Double-click Advanced Management, double-click YourExchangeOrganization, double-click Servers, double-click YourServer, double-click YourStorageGroup, double-click Public Folder Store, and then click Public Folders.
    3. In the details pane, right-click a public folder, and then click Properties.
    4. Click the Permissions tab, and then click Client permissions.
    5. Configure the Name, Role, and Permissions fields to your specific needs based on the information you recorded in “Worksheet 6: Exchange 2000 Server Information.”
  4. You should then delete the .pst file from the client computer.

Step 7. Complete the Migration

In this step, you remove permissions that were necessary for the migration, and you uninstall ADMT from the destination server. You also configure password policies to prompt users for a new password the first time they log on to the new domain (destination server). After verifying that all necessary data and settings were migrated, you retire the source server.

To remove the DNS forwarder for the source server on the destination server

  1. On the destination server, click Start, point to All Programs, point to Administrative Tools, and then click DNS.
  2. Right-click the destination server, and then click Properties.
  3. Click the Forwarders tab. Under DNS domain, click the domain name for the source domain, and then click Remove.

To remove permissions used for the migration

Complete this procedure if you added permissions to the source server in “Step 4. Begin the Migration.” If you have member servers running Windows NT Server 4.0, skip this procedure so that the member servers will have access to the new domain.

  1. On the destination server, click Start, click Run, and then type Cmd.

  2. At the command prompt, type each of the following commands:

    Net Localgroup "Pre-Windows 2000 Compatible Access" Everyone /Delete
    
    Net Localgroup "Pre-Windows 2000 Compatible Access" "Anonymous Logon" /Delete
    

Important

You must include the quotation marks in order for the commands to run successfully.

  1. Restart the destination server.

  2. Log back on to the destination server using the built-in Administrator account.

To uninstall ADMT on the destination server

After you have migrated all user, group, and computer accounts, you should remove ADMT.

  1. On the destination server, click Start, point to Control Panel, and then click Add or Remove Programs.
  2. Click Active Directory Migration Tool, and then click Remove.
  3. Follow the instructions to remove the tool.

To configure password policies

After verifying connectivity for each client computer, reset user passwords to prompt the user to change the password at first logon.

  1. On the destination server, click Start, and then click Server Management.
  2. In the console tree, click Users.
  3. In the details pane, click Configure Password Policies.
  4. It is recommended that you select all three options for the password policies.
  5. Click the Configure password policies dropdown box, and then click Immediately.

Important

If you allow access to the server from the Internet, it is highly recommended that you enforce strong user passwords. Strong passwords provide an additional layer of protection against an unauthorized user gaining access to your network. The requirement for strong passwords does not take effect for three days, which helps to simplify the process of setting up user accounts and client computers.

Important

If, when you created the user accounts, you chose to prevent users from changing their passwords, you must disable that option now. Click Start, and then click Server Management. In the details pane, click Users. Double-click an account, and then click the Account tab. Clear the Userscannot change password check box.

  1. Unless you migrated user passwords following the instructions in Knowledge Base article 326480, referenced in “Step 4. Begin the Migration,” delete the password file that was saved by ADMT. The default location is \Program files\Active Directory Migration Tool\Logs\Passwords.txt.
  2. For client computers running Windows 95, Windows 98, or Windows Millennium Edition, if the user encounters an error while trying to change the password, you may need to manually set the password.
    1. Click Start, click Server Management.
    2. In the console tree, click Users.
    3. In the details pane, select a user account, and then click Change Password.
    4. Enter and then confirm a password in the Reset Password dialog box. Ensure that the User must change password at next logoncheck box is clear.

To reconnect to the Internet

Reconnect the Internet connection device to the Internet so that your destination server and client computers can connect to the Internet.

Note

To verify Internet connectivity, from a client computer open a Web browser and connect to an Internet Web site. To verify e-mail, send a test e-mail to an e-mail account on the Internet. If you have Fax Service configured, send a test fax from a client computer.

To recreate DNS forwarders on the destination server

  1. Run the Configure E-mail and Internet Connection Wizard and recreate the DNS forwarders that were removed from the destination server in “Step 4. Begin the Migration.”
  2. Click Start, and then click Server Management.
  3. In the console tree, click Internet and E-mail.
  4. In the details pane, click Connect to the Internet.
  5. On the Connection Type page, click Nextto accept the connection type specified the last time the wizard was run.

Note

When you are prompted for the DNS servers, use the information from “Worksheet 7: DNS Forwarders on Destination Server.”

  1. Until you reach the Firewall page, click Nexton each wizard page to accept the settings specified the last time the wizard was run. On the Firewall page, accept the default of Do not change firewall configuration.

Note

The Firewall page does not appear if the server uses an external firewall and only one network adapter to connect to both the local network and the Internet. In this situation, click Next until the Web Server Certificate page appears, and then continue with step 6 of this procedure.

  1. On the Web Server Certificate page, accept the default of Do not change current Web server certificate.
  2. On the Internet E-mail page, ensure that Do not change Internet e-mail configurationis selected.
  3. Follow the instructions to complete the Configure E-mail and Internet Connection Wizard.

To retire the source server

It is recommended that you leave the source server disconnected from the network but still available for at least one week to ensure that all necessary data was migrated. You must then reformat the source server. You can then use the source server as a second server. For more information about second servers for Windows Small Business Server 2003, on the destination server, click Start, click Server Management, click Server Computers, click More Information, and then click Configure additional servers.

ADMT Troubleshooting

If the Active Directory Migration Tool is not migrating user and computer accounts properly, complete the following procedures to check that your source server, destination server, and client computers are properly configured, and then run the tool again. If the tool still does not migrate the user or computer accounts properly, complete the procedure “Advanced options to troubleshoot ADMT.”

Check the configuration of the source server

  1. Ensure that the DHCP Server service is disabled.
    1. Click Start, click Run, and then type Services.msc.
    2. Verify that the DHCP Server service Statusis Stopped and that the Startup Typeis Disabled. If the service is not stopped, double-click DHCP Server to open Properties, and then click Stop. After the service stops, change Startup Type to Disabled.
  2. Ensure that both Remote Procedure Call (RPC) services have a Status of Started and a Startup Type of Automatic.
    1. Click Start, click Run, and then type Services.msc.
    2. Verify that the **Remote Procedure Call (RPC)**service is listed as Started and that the Startup Type is Automatic. If the service is not started, right-click RPC, and then click Start.
    3. Repeat Step 2b for the Remote Procedure Call (RPC) Locatorservice.
  3. Ensure that only the forwarder for the local network adapter of the destination server is listed.
    1. Go to Start, point to Programs, point to Administrative Tools, and then click DNS.
    2. Right click the SourceServerName, and then click Properties.
    3. Click the Forwarders tab. Only the IP address for the local network adapter of the destination server should be listed. If additional forwarders are listed, delete them.

Check the configuration of the destination server

  1. Unless you chose to use the DHCP service on an external router device, ensure that the DHCP Server service is started.
    1. Click Start, click Run, and then type Services.msc.
    2. Verify that the DHCP Server service Statusis Started and that the Startup Type is Automatic. If the service is not started, right-click DHCP Server, and then click Start.
  2. Ensure that the Remote Procedure Call (RPC) service has a Status of Startedand a Startup Type of Automatic.
    1. Click Start, click Run, and then type Services.msc.
    2. Verify that the RPC service is listed as Started and that the Startup Type is Automatic. If the service is not started, right-click RPC, and then click Start.
  3. Ensure that the Remote Procedure Call (RPC) Locator service has a Status of Stoppedand a Startup Type of Manual.
    1. Click Start, click Run, and then type Services.msc.
    2. Verify that the Remote Procedure Call (RPC) Locator service is listed as Stopped and that the Startup Type is Manual. If the service is not stopped, right-click the Remote Procedure Call (RPC) Locator service, and then click Stop.
  4. Ensure that only the forwarder for the local network adapter of the source server is listed.
    1. Go to Start, point to Administrative Tools, and then click DNS.
    2. Click the DestinationServerName.
    3. Right click the DestinationServerName, and then click Properties.
    4. Click the Forwarders tab. Only the IP address for the local network adapter of the source server should be listed. If additional forwarders are listed, delete them.

Check the following on the client computers

  1. Ensure that the Remote Procedure Call (RPC) service has a Status of Startedand a Startup Type of Automatic.
    1. Click Start, click Run, and then type Services.msc.
    2. Verify that the RPC service is listed as Started and that the Startup Type is Automatic. If the service is not started, right-click RPC, and then click Start.
  2. Ensure that File and Print Sharing is installed for the Local Area Connection.
    1. Click Start, click Run, and then type Control.
    2. Double-click Network Connectionsor Network and Dial-up Connections depending on the operating system that the client computer is running.
    3. Right-click your Local Area Connection, and then click Properties.
    4. Ensure File and Printer Sharing for Microsoft Networks is listed. If not, click Install, click Service, and then click Add. Click File and Printer Sharing for Microsoft Networks, and then click OK.
  3. Verify that the IP address is in the same range as the destination server.
    1. Release and then renew the IP address for each client computer.
    2. Check that the IP address for the local network adapter is in the same range as the destination server’s DHCP Server service (for example, 192.168.16.2 and 192.168.16.15 are in the same range).

Advanced options for troubleshooting ADMT

If you have completed the previous procedure to check the configuration of the source server, the destination server, and the client computers, but ADMT still does not migrate the user and computer accounts properly, complete the following steps.

  1. When migrating a client computer using the Computer Migration Wizard, if you get an RPC 1722 error message, then from the client computer, click Start, click Run, and then type eventvwr. Verify whether an RPC 1722 error has been recorded. If yes, unjoin and rejoin the client computer to the source domain, and then re-run the ADMT test migration of this computer.
  2. On the client computers, review the log files for warnings and errors at c$\%Windir%\tmp\dtclog.txt.
  3. On the destination server, check to see if the client computers that did not migrate properly have A (host) records in DNS.
    1. Go to Start, point to Administrative Tools, and then click DNS.
    2. If not, manually create host records and check the box to create the associated PTR record. For more information about creating PTR records, see Help and Support on the destination server.
  4. On the destination server, connect any client computer that did not migrate properly to the administrative shares, to ensure the administrative shares are available.
    1. Click Start, click Run, and then type Cmd.

    2. Type the following, and then press ENTER:

      Net use \\ClientComputerName\Admin$
      
    3. Type the following, and then press ENTER:

      Net use \\ClientComputerName\IPC$
      
    4. If either of the administrative shares are not available, manually create the missing share on the client computer. For more information about sharing a folder, see Help on the client computer.

See the following resources for further information:

Migration Worksheets

Worksheet 1   Source and Destination Computer Information

Prepared by:

Date Prepared:

Important

Computer Name

If your source server is running a DHCP service, check the DHCP scope to locate the IP addresses that are currently in use on the network.

  1. On the source server, click Start, point to Programs, point to Administrative Tools, and then click DHCP.
  2. Double-click YourServer, double-click Scope, and then click Address Leases. A list of computers and IP addresses are displayed.

Destination Server________________________________________________

Built-in Administrator account name

The Administrator accounts on both the source and destination servers must be named Administrator. If you renamed a built-in Administrator account to something other than Administrator, you must rename the account back to Administrator for the migration.

Source Server_Administrator_______________________________________

Destination Server_Administrator________________________________________

Built-in Administrator account password

The Administrator account password for the destination server must be the same as for the source server. If the Administrator account password is blank, the migration will fail.

Important

For security reasons, it is recommended that you not record the administrator password.

Source Server_(Do not record the password.)____________________

Destination Server_(Same password. Do not record.)______________

Worksheet 2   Shared Folder Information

Prepared by:

Date Prepared:

Shared Folders on Small Business Server 2000

  1. Record the name of the Users shared folder. In both Small Business Server 2000 and Windows SBS 2003, the default share name is Users. To determine which shared folders are on the source server, click Start, click Run, and then type \\SourceServerComputerName.
    Users shared folder name__________________________________________________
  2. Record the name of the ClientApps folder, if there are applications that you want to continue to use in the folder. You will then copy the contents of the share to the destination server in “Step 4, Begin the Migration.” In Small Business Server 2000, the default share name is ClientApps5. In Windows SBS 2003, the default share name is ClientApps.
    ClientApps folder name____________________________________________________
  3. Record the name of the Company shared folder. In Small Business Server 2000, the default share name is Company. You will then import the Company folders into the company intranet Web site on the destination server at https://companyweb.
    Company shared folder name______________________________________________

Other shared folders

  • List the names of other shared folders to migrate.
    • Do not migrate the Printers, Scheduled Tasks, or SYSVOL shared folders. Additionally, unless you have custom logon scripts, do not migrate the NETLOGON shared folder.
    • If you are migrating from Small Business Server 2000, do not migrate the Mspclnt, Clients, MpClients, or Fax Clients shared folders, because Windows SBS 2003 includes updated versions. Additionally, do not migrate the TsClient shared folder, because Terminal Services in Application Server mode is not supported on a computer running Windows SBS 2003. If you want to continue to host applications centrally, you must install a second server. For more information about second servers for Windows SBS 2003, after completing Setup on the destination server, click Start, click Server Management, click Server Computers, click More Information, and then click Configure additional servers.
    • If Exchange 2000 Server is installed, do not migrate the Address or SourceServerComputerName.log shared folders.
      Shared folder names
      _______________________________________________________________________
      _______________________________________________________________________
      _______________________________________________________________________

Worksheet 3   Location of Data for Line-of-Business Applications and of General User Data

Prepared by:

Date Prepared:

Application or general data folder name Path to data Notes

Worksheet 4   Microsoft Connector for POP3 Mailboxes Information

Prepared by:

Date Prepared:

Note

POP3 Mailboxes Information If you are using the Microsoft Connector for POP3 Mailboxes for Small Business Server 2000 to download POP3 e-mail to the Exchange server, the connector’s account settings do not migrate. You must record the information for each account on the form titled “Required Information for Connecting to the Internet,” and then manually reconfigure the settings on the destination server. The form is available in Appendix A of "Getting Started" (if you are using the retail product) or in "Completing Setup" (if you purchased your server from an OEM). You can also download a copy of the appendix at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=20122). You will use the information you record to reconfigure the accounts on the destination server in “Step 5. Configure the Destination Server." To collect POP3 mailboxes information for the form titled “Required Information for Connecting to the Internet,” do the following: