Source is SBS 2011 (previously migrated from SBS 2003 5 years ago). Target will be 2016 Essentials. Before doing the FSR to DFSR migration in phase 2, I ran "dcdiag /c" on source. It does have some errors, but I'm not sure which ones may be critical that I need to be concerned with and try to cleanup before doing the FRS migration. Results of the dcdiag can be viewed here: http://kwsupport.com/downloads/dcdiag-sbs2011-2.pdf
Hello Kevin,
Can you run
DCDIAG /test:DNS /DNSALL /e /v
that report is easier to read. Specially the last summary tells it all
OK. I ran "dcdiag /test:DNS /DNSALL /e /v".
C:\Users\administrator.CEA-ENGINEERING>dcdiag /test:DNS /DNSALL /e /v Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine CEA-FILESERVER, is a Directory Server. Home Server = CEA-FILESERVER * Connecting to directory service on server CEA-FILESERVER. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=CEA-ENGINEERIN G,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=CEA-ENGINEERING,DC=local Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=CEA-ENGINEERIN G,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=CEA-FILESERVER,CN=Serv ers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CEA-ENGINEERING,DC=l ocal objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 1 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CEA-FILESERVER Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... CEA-FILESERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CEA-FILESERVER Test omitted by user request: Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Test omitted by user request: FrsEvent Test omitted by user request: DFSREvent Test omitted by user request: SysVolCheck Test omitted by user request: KccEvent Test omitted by user request: KnowsOfRoleHolders Test omitted by user request: MachineAccount Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: ObjectsReplicated Test omitted by user request: OutboundSecureChannels Test omitted by user request: Replications Test omitted by user request: RidManager Test omitted by user request: Services Test omitted by user request: SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: VerifyReferences Test omitted by user request: VerifyReplicas Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... See DNS test in enterprise tests section for results ......................... CEA-FILESERVER passed test DNS Running partition tests on : DomainDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : ForestDnsZones Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Schema Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : Configuration Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running partition tests on : CEA-ENGINEERING Test omitted by user request: CheckSDRefDom Test omitted by user request: CrossRefValidation Running enterprise tests on : CEA-ENGINEERING.local Starting test: DNS Test results for domain controllers: DC: CEA-FILESERVER.CEA-ENGINEERING.local Domain: CEA-ENGINEERING.local TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) The OS Microsoft Windowsr Small Business Server 2011 Standard (Service Pack level: 1.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000014] Microsoft Virtual Machine Bus Network Adapter: MAC address is 00:15:5D:35:03:02 IP Address is static IP address: 192.168.1.2, fe80::c436:f6dc:ccbf:e408 DNS servers: 192.168.1.2 (cea-fileserver.cea-engineering.local.) [Valid] The A host record(s) for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found primary Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 8.8.8.8 () [Valid] TEST: Delegations (Del) Delegation information for the zone: CEA-ENGINEERING.local. Delegated domain name: _msdcs.CEA-ENGINEERING.local. DNS server: cea-fileserver.cea-engineering.local. IP:192.168.1.2 [Valid] TEST: Dynamic update (Dyn) Test record dcdiag-test-record added successfully in zone CEA-ENGINEERING.local Test record dcdiag-test-record deleted successfully in zone CEA-ENGINEERING.local TEST: Records registration (RReg) Network Adapter [00000014] Microsoft Virtual Machine Bus Network Adapter: Matching CNAME record found at DNS server 192.168.1.2: a6d73a8b-a310-4c38-931a-fc1a7f6d1045._msdcs.CEA-ENGINEERING.local Matching A record found at DNS server 192.168.1.2: CEA-FILESERVER.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.eb06a192-e7b8-4700-91d1-051b4287d269.domains._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _kerberos._tcp.dc._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.dc._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _kerberos._tcp.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _kerberos._udp.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _kpasswd._tcp.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.Default-First-Site-Name._sites.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _kerberos._tcp.Default-First-Site-Name._sites.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.gc._msdcs.CEA-ENGINEERING.local Matching A record found at DNS server 192.168.1.2: gc._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _gc._tcp.Default-First-Site-Name._sites.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.CEA-ENGINEERING.local Matching SRV record found at DNS server 192.168.1.2: _ldap._tcp.pdc._msdcs.CEA-ENGINEERING.local TEST: External name resolution (Ext) Internet name www.microsoft.com was resolved successfully Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.1.2 (cea-fileserver.cea-engineering.local.) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered DNS delegation for the domain _msdcs.CEA-ENGINEERING.local. is operational on IP 192.168.1.2 DNS server: 8.8.8.8 () All tests passed on this DNS server Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: CEA-ENGINEERING.local CEA-FILESERVER PASS PASS PASS PASS PASS PASS PASS ......................... CEA-ENGINEERING.local passed test DNS Test omitted by user request: LocatorCheck Test omitted by user request: Intersite C:\Users\administrator.CEA-ENGINEERING>
Looks much cleaner ... hopefully
I looked at the output of DCDiag you posted:
Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: CEA-ENGINEERING.local CEA-FILESERVER PASS PASS PASS PASS PASS PASS PASS
Can you also check FRS logs? No Journal Wrap issues? If all is 'green' you can start with the migration of FRS to DFRS
There are no journal wrap events in the File Replication Service event log. This is the most recent event entry: "The File Replication Service is no longer preventing the computer CEA-FILESERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL. Type "net share" to check for the SYSVOL share."
Your browser doesn't have Flash, Silverlight or HTML5 support.
BTW, the errors you saw in your first report are discussed here DCDIAG.EXE /E or /A or /C expected errors. There is just one thing in that first report that is a bit strange and that is the warning that the DC is not in the Domain Controllers OU, why is that?
Mariette, I saw that, too (DC not in Domain Controller OU). This is SBS 2011 which was migrated from SBS 2003. In SBS 2011, I did recreate the SBS "MyBusiness" OU structure. So the server (CEA-FILESERVER) is located under "MyBusiness > Computers > SBSServers (see screenshot here
Do I need to move it back to "Domain Controllers" OU?
Yes, I would put it in the Domain Controllers OU because that way it should also get the correct policies.
Mariette. I moved the SBS server back to default Domain Controller and that cleared that error. Follow up -- all of the user's workstations are in a similar custom SBS OU, and not the default Computer OU. Do I need to plan to move them as well or can I leave them where they are -- not sure how that affects the workstations connecting to 2016 when I get to that point.
No, client computers should just stay in that SBS Computers OU. It does not make a difference for the migration but if you want to re-organize things later after the migration has been completed you can do that.
In the old SBS days, the default location for Users and Computers was always the SBS Users and SBS Computers. We can check those from within Powershell
PS C:\Users\sbsadmin> Get-ADDomain | select *Container ComputersContainer : OU=SBSComputers,OU=Computers,OU=MyBusiness ,DC=adatum,DC=local DeletedObjectsContainer : CN=Deleted Objects,DC=adatum,DC=local DomainControllersContainer : OU=Domain Controllers,DC=adatum,DC=local ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=adatum,DC= local LostAndFoundContainer : CN=LostAndFound,DC=adatum,DC=local QuotasContainer : CN=NTDS Quotas,DC=adatum,DC=local SystemsContainer : CN=System,DC=adatum,DC=local UsersContainer : OU=SBSUsers,OU=Users,OU=MyBusiness,DC=adat um,DC=local PS C:\Users\sbsadmin>
If we want to change the default location for Users and Computers that are either created with Active Directory Users and Computers or with the new Essentials Dashboard in Windows Server 2016 we need to change that with Set-XADWellKnownContainer on Windows Server 2016 or with redirusr <container-DN> or redircmp <container-DN> on the good old SBS 2011
thank you!