Replacing 2012 R2 essentials "server" with 2016 server

[occsean]

A vet practice I've been asked to help with has a generic crap box that's running Server 2012 R2 essentials. There is no AD to speak of and 90% of the workstations on the network have not been added. There is a domain, but really the only function of the box is to run Avimark (vet software). The practice finally bought a real server to install and I am a little unsure on best practice on doing so.

Do I install new server then promote it to DC and then demote old machine? Then copy data over from LOB app? What, if anything, happens to local profiles of the workstations which are NOT using folder redirection? Do I need to remove them from domain and then rejoin?

Any advice or help is appreciated

Thanks

 

[trevm999]

There's a domain but no AD? I'm confused.

So 90% of the workstations are not on the domain, so me I would think that the people on the other 10% are using their AD account to log in.

On the other 90% they will using regular Windows logins, so when you add those workstations to the domain you would use their new AD account to log in and transfer their data. I believe Transwiz has a tool for this, or you could just use Fabs.

I believe I've heard Server essentials won't let you add another DC to the domain? I've never dealt with it myself, but I think I've seen links about migrations strategies around. Normally that's what you do - add to domain, promote to DC, transfer FSMO roles, demote old DC.

With only 10% in use, I'm thinking starting with a new domain wouldn't be that much work? Are you sure they're not using AD authentication with their software?

 

[CLC]

When you say 90% of the workstations are not on the domain how many are? It may easier to start from scratch and just move the user profiles for the few that are currently on the domain. Most business software like the one you mentioned has a database that can be moved over with out too much fuss and then you don't really have to deal with the older server at all except for some data transfers.

 

[YeOldeStonecat]

Server Essentials does indeed allow additional member servers on the same domain. Just like its predecessor...Small Business Server. However, there can be only 1x "top of the domain" DC...just like its predecessor SBS.

Your question of doing a migration or a pure cutover depends on a few questions and how you want to address them.

***For larger networks...I try to do "migrations". This doesn't involve touching each workstation as much. You can re map drives, re map folder redirection, re map printers...all done from the server. However some LOB apps need a refreshment...running desktop/workstation setup over on top so the LOB client learns to look to the new server.

Doing migrations allows you to take your time, doing a major step each night, or each weekend...and then the following evening or weekend..proceed to the next step. Minimal interruption to the client this way. You can work remotely from your office and/or home each time after hours.

*For really small networks, sometimes it's just easier to just nuke 'n pave. See what's on the old server, and what you have to move. If it currently has folder redirection..a week ahead of time disable that GPO. Workstations will retreat and go back to locally again. Yeah you'll have to unjoin the old domain and join the new domain. Make sure you secure(control) the local Administrator account before you remove from old domain. On each and every workstation. Joining the new domain, you'll get a virgin new profile, I prefer to manually copy over what I need. Yes there are profile migration tools but I prefer to not use those, too many times I've seen them bring over issues and quirks or cause problems down the road. Usually you know what you need...Desktop, Faves, Pics, Docs...it's so dang easy to manually crap what you need and copy over to the new profile. I do much of that right from the server, via UNC path to each workstations \c$. Don't need to literally touch each rig for that.

The old server might be poorly setup and have an active directory that's a mess, setup by some shoemaker. In those cases it's better to avoid a migration and just start a new AD nice 'n fresh. Being a Vet business...I bet the network isn't much in size, likely under a dozen workstations...so a nuke 'n pave might be your best bet. Depends on your comfort level and what your windows of opportunity are.

 

[trevm999]

Server Essentials does indeed allow additional member servers on the same domain. Just like its predecessor...Small Business Server. However, there can be only 1x "top of the domain" DC...just like its predecessor SBS.

Ok, so you're confirming what I heard, right? There can only be one DC at a time. The whole "top of the domain" thing confused me for a second.

So adding it as a member server doesn't really get you very far in a AD migration. I would imagine you would have to backup AD and restore - something that probably doesn't get done very often since in other environments you would let replication do most of the job.

 

[YeOldeStonecat]

I know in SBS you can have additional DCs on the domain..as I've done it. That was when I had larger SBS clients, up to 75 rigs...yeah I'd have an additional DC. When I say "top of the domain" DC..that means the SBS box had to hold all the fizzymo roles...the secondary DC was just a second DC (could have CG, just not hold the other roles). So in the past you could have multiple DCs in the SBS domain. The "top" level DC just holds all the roles. SBS would start freaking out after removing the roles (rebooting hourly..although there are tricks to halt that if you need to do a slow migration).

Since Essentials is not for networks >25...>I don't have any clients on Essentials with a second DC so I haven't tried or looked up if you could add a second DC. I would "guess" you can still have a second DC..just as long as it didn't hold the FSMO roles (I haven't looked this up, just guessing since so much of Essentials is similar to SBS).

 

[Markverhyden]

Based on the description of the site why even bother with any kind of migration. You have no idea what's been done in the past. According to the OEM, the LoB app does not have to run on a real server. So there should be nothing tied to the old domain per se. If it was me I'd want to start with a tabula rasa and go from there.

 

[occsean]

Great ideas everyone. Yes, it is a very small network. Under 15 workstations. And there are only a handful of user accounts. Only 4 machines show in AD so AD is not even being used per se.

So, if I just N&P, I would need to touch each workstation, backup profile, remove from domain, then rejoin domain? Does that workflow make sense and I am understanding it properly?

 

[trevm999]

According to the OEM, the LoB app does not have to run on a real server.

But unless the software works by the server only being a file server or if the clients are connecting to it over the internet, it would be against the Windows EULA for a desktop OS to be used as a server.

 

[Markverhyden]

Great ideas everyone. Yes, it is a very small network. Under 15 workstations. And there are only a handful of user accounts. Only 4 machines show in AD so AD is not even being used per se.

So, if I just N&P, I would need to touch each workstation, backup profile, remove from domain, then rejoin domain? Does that workflow make sense and I am understanding it properly?

Yes, sounds about right. But if the new server really is new you should not need to do a N&P. You can also look at https://www.forensit.com/domain-migration.html. Their tools allow you to migrate an in-place machine account. Personally I've never used it but I believe others on here have.

 

[Markverhyden]

But unless the software works by the server only being a file server or if the clients are connecting to it over the internet, it would be against the Windows EULA for a desktop OS to be used as a server.

We all know a server means a lot of things. If using a client OS, like W7, as a local app host for something like this app, was a violation of EULA I sincerely doubt that these OEM's would advertise this and support them. Seen this with things like Quickbooks Pro, Easy Dental, Open Dental, Carestream, etc. as well.

 

[YeOldeStonecat]

So, if I just N&P, I would need to touch each workstation, backup profile, remove from domain, then rejoin domain? Does that workflow make sense and I am understanding it properly?

Technically you don't need to back up the profile. Unless it had roaming profiles. And technically you don't need to unjoin the domain (go to workgroup mode)...you can just...join the new domain. BUT...I just prefer to be cleaner, (FIRST...SECURE LOCAL ADMINISTRATOR ACCOUNT), remove from the old domain first (put it in workgroup mode), possibly rename to your convention, join new domain.

The user profile from the old domain will still remain in C:\Users\username.olddomainname So you can always go browse to that and cherry pick out what you want. If it had redirected folders...disable that GPO first and reboot the workstation a few times so it'll pull those back (assuming the GPO had that setting to restore back to local when disabled). (else you'll have to manually snag those from the old server). (which still ain't hard to do)

 

[occsean]

If it had redirected folders...disable that GPO first and reboot the workstation a few times so it'll pull those back (assuming the GPO had that setting to restore back to local when disabled). (else you'll have to manually snag those from the old server). (which still ain't hard to do)[/QUOTE]


No redirected folders and only a few of the machines actually show in AD. I don't know much about AD but it appears that it was not utilized at all. I'd like to be able to leverage AD a little bit more with the new server for things like GPO's, roaming profiles, folder redirect, etc.

To answer previous queries about using a Server OS: The LOB software is Avimark (part of Henry Schein) and it is their recommendation to use a server OS. Customer has purchased server direct from OEM so it is pre installed with Server 2016 per recommended specs.

 

[trevm999]

We all know a server means a lot of things. If using a client OS, like W7, as a local app host for something like this app, was a violation of EULA I sincerely doubt that these OEM's would advertise this and support them. Seen this with things like Quickbooks Pro, Easy Dental, Open Dental, Carestream, etc. as well.

If they don't get in trouble for it, and it lowers the barrier of entry into their software, then why doubt? The Windows EULA is not their problem.

From the EULA

Restrictions. The manufacturer or installer and Microsoft reserve all rights (such as rights under intellectual property laws) not expressly granted in this agreement. For example, this license does not give you any right to, and you may not:

(v) use the software as server software, for commercial hosting, make the software available for simultaneous use by multiple users over a network, install the software on a server and allow users to access it remotely, or install the software on a device for use only by remote users;

and later on you get some things allowed

Device connections. You may allow up to 20 other devices to access the software installed on the licensed device for the purpose of using the following software features: file services, print services, Internet information services, and Internet connection sharing and telephony services on the licensed device. You may allow any number of devices to access the software on the licensed device to synchronize data between devices. This section does not mean, however, that you have the right to install the software, or use the primary function of the software (other than the features listed in this section), on any of these other devices.

 

[Computer Bloke]

(v) use the software as server software, for commercial hosting...

I'm not a lawyer, but I bet a good one could argue that the absence of a verb in "for commercial hosting" contrasted with the presence of a verb in every other clause indicates that the comma in "server software, for commercial hosting" is erroneous and should be struck out. That would make it perfectly fine to use a desktop OS on a server as long as it's not providing a commercial hosting service, which seems to be the original intent.

(And if anyone doubts the importance of commas, take a look a the history of the second amendment to the US Constitution - it's very illuminating.)

Anyone up for a class action?

 

[trevm999]

I'm not a lawyer, but I bet a good one could argue that the absence of a verb in "for commercial hosting" contrasted with the presence of a verb in every other clause indicates that the comma in "server software, for commercial hosting" is erroneous and should be struck out. That would make it perfectly fine to use a desktop OS on a server as long as it's not providing a commercial hosting service, which seems to be the original intent.

(And if anyone doubts the importance of commas, take a look a the history of the second amendment to the US Constitution - it's very illuminating.)

Anyone up for a class action?

First of all, the rest of their examples in that sentence still pretty much cover most server use.

Secondly, "Microsoft reserve all rights ... not expressly granted in this agreement"
They are only just providing helpful examples. What you're allowed to do is what needs to be analysed over

 

[Computer Bloke]

What you're allowed to do is what needs to be analysed over

I'm going to have to go ahead and sort of disagree with you there.

The Microsoft EULA only applies to their software (Windows, in this case) and it's the rights relating to that which are being reserved unless expressly granted, not to any other software that might be running on the same machine - you know, things like Quickbooks, AVImark, and other LOB stuff.

I'm not aware of any case where Microsoft has used the EULA to prohibit the use of any legitimate third-party software on Windows. Did I miss something?

 

[trevm999]

I'm going to have to go ahead and sort of disagree with you there.

The Microsoft EULA only applies to their software (Windows, in this case) and it's the rights relating to that which are being reserved unless expressly granted, not to any other software that might be running on the same machine - you know, things like Quickbooks, AVImark, and other LOB stuff.

I'm not aware of any case where Microsoft has used the EULA to prohibit the use of any legitimate third-party software on Windows. Did I miss something?

But Windows components are in use in order for someone to access the LoB software over the network.

I'm not aware of Microsoft ever going after someone about it, but it is something that is done often even though it is against the EULA.

 

[Computer Bloke]

I'm not aware of Microsoft ever going after someone about it, but it is something that is done often even though it is against the EULA.

I'm not convinced that it is against the EULA. I suspect that the reason that Microsoft doesn't crack down on third-party multi-user software is because it's not against the EULA to use it, and that Microsoft never intended that it should be. Ultimately it's really something for the courts to decide

On a practical level pretty much every useful piece of modern application software communicates with other machines in some way, often using peer-to-peer protocols that blur the distinction between "client" and "server". Can you imagine the reaction if Microsoft were even to hint that these programs could only be used on its server operating systems? I'm not thinking about Quickbooks here - if your interpretation is correct then Minecraft might be illegal on desktop Windows.

In any case, we're not likely to agree about this. In the OP's position I'd feel perfectly comfortable in using a non-server operating system to host AVImark as long as that configuration is supported by its manufacturers (which it is, for up to ten users), and I wouldn't worry about midnight raids from Microsoft's licence enforcement lawyers because of it.

Edited to add: The OP's server already has Server 2016 installed so there's really nothing to be concerned about.

 

[Markverhyden]

I've seen the term "commercial hosting" many times. Generally it means running a service on a computer and charging/generating revenue for that service. So if you are running the LoB for internal use it does not fall into that category since the price is not charging anyone for it. In fact these companies clearly state the W7 Pro, etc has limits in how many simultaneous connections it will allow for file sharing. Which is what is really happening.

At any rate these EULA's are intentionally vague. The lawyers try to cast a wide of a net as possible.