We have an old SBS 2003 server with a messed-up configuration, that I want to replace with a new SBS 2011 Standard installation. We're a small 20 user shop.
I don't have much faith in the 2003 AD setup, so I'd like to start from scratch with a fresh 2011 install. But here's the catch: I'd like to reuse the Domain name, simply since it's our company name and it's short and simple.
No clients are connected to AD anymore, in effect we're a workgroup now, but all employees are using their old AD account credentials to access various shares that are hosted on the server. Also, the server runs IAS, which is used to authenticate VPN users via Radius. I'd like these services to remain available until I have the new Domain running.
I've been thinking about migrating the SBS 2003 Domain to SBS 2011, but am afraid of all the cruft that I wil inherit. All I want is the name.
How can I 'remove' the AD Domain from the SBS 2003 server, in order to reuse it in SBS 2011, while keeping the shares and IAS available with the current credentials?
Best Answer
You can't "remove" the domain and still have authentication work. That being said, having 2 different domain controllers on the same LAN both claiming to be foobar.local is less difficult than you might think.
What you CAN do is this:
Server A - 2003 SBS Server B - 2011 SBS domain: foobar.local
Make sure ServerA and ServerB have different names (i.e. both cannot be SERVER or FILESHARE or WHATEVER).
Do not demote Server A from being a Domain Controller. That is, leave Active Directory intact. Make sure DNS/DHCP is running on Server B. Point all your workstations to use Server B for DNS. Make a static entry for Server A in the DNS of Server B. So long as your workstations are in a workgroup (that is, NOT joined to the domain hosted on Server B), they should be able to auth just fine against both servers when prompted for credentials.
If/when you join the workstations to the domain, you'll have to retire Server A instantly - everything will pretty much stop working. But before that you can run in a hybrid fashion, though it's not very pretty.