SBS 2000 to 2011, clean AD install, 2 AD on same network with same NETBIOS name?

[Kremlar]

We are planning on migrating from our existing SBS 2000 server to a new SBS
2011 server sometime soon. Long story short, but we plan on starting fresh
with a new AD. Copy all data & export mailboxes from the old server and
import it all to the new server.

My plan would be to stop/disable DHCP on the SBS 2011 server and plug it
into our network. Both servers would be on the same network until
everything is transferred over, at which point the old server would be shut
down.

My only concern is NETBIOS name. The old AD is named ourdomain.com, while
the new AD will be named ourdomain.local, so I don't think that will be an
issue. But the NETBIOS domain name is OURDOMAIN for both.

Is it a problem to have 2 ADs on the same network with the same NETBIOS
domain name? Don't want to plug it in if it will muck things up.

Thanks!

 

[drebo]

Microsoft has a 100+ page prescribed procedure for migrating to SBS 2011. I'd suggest following it to the T to avoid any issues, unless you're are planning on starting absolutely from scratch with absolutely nothing the same.

Hint: you can make your netbios name different from your FQDN. ourdomain.local can have a netbios domain of ourdomain2011 instead of ourdomain.

 

[Kremlar]

Like I mentioned above we are starting from scratch for a variety of reasons.

I do know that we can use a different NETBIOS name but would prefer not to.

What I'm asking is if anyone knows the ramification of having 2 different ADs on the same network with the same NETBIOS domain name.

 

[yinan]

It wont let you promote the DC if it detects a NETBIOS name conflict.

 

[Genx87]

It wont let you promote the DC if it detects a NETBIOS name conflict.

this

 

[Kremlar]

The SBS 2011 machine will already be installed and configured off the LAN, so no promotion needed. I just want to drop it onto the LAN with the old SBS 2000 server for a couple of days while I am migrating data if there will be no side effects.

If there will be side effects I'll come up with another plan. Just wondering if anyone has tried to do this for any reason and might share their results.

 

[imagoon]

Yes, having to 2 NETBIOS domains of the same name can cause issues. I would be more concerned with the IP conflicts from the DNS etc however. Also last I checked, I don't think you can promote the controller if the NIC is offline.

Also all of the computer accounts will have to be rejoined, same name or not. The domain security ID will be different and the computer accounts will fail to authenticate which will prevent people from logging in.

 

[Kremlar]

The NIC wouldn't be offline, it would be on a separate LAN when SBS 2011 is installed and configured. Yes I'm aware computers will need to be disjoined/rejoined, profiles recreated, replies to previous emails will not work, etc...

What DNS conflicts would you be concerned about? Related to duplicate NETBIOS names, or something else?

Thanks

 

[imagoon]

The NIC wouldn't be offline, it would be on a separate LAN when SBS 2011 is installed and configured. Yes I'm aware computers will need to be disjoined/rejoined, profiles recreated, replies to previous emails will not work, etc...

What DNS conflicts would you be concerned about? Related to duplicate NETBIOS names, or something else?

Thanks

When I originally read the post I didnt see the "domain.com to domain.local" so the DNS issues no longer apply. Since you are starting from scratch, I personally would just change the ip on the old box, install the new box on the same IP (assuming same DHCP / DNS settings etc will be moved over) and start from there.

I assume you aware of the DNS on the server and clients should only point at AD, yatta yatta yatta. Once you do that the old server would be accessed via the IP address. You can also simply disable netbios with a DHCP option and eliminate the issue.

 

[GeekDrew]

I know that I'm late to this thread, but I'd advocate against using domain.local for DNS. It's best practice to use a sub-domain off of a "real" domain name. I.e. corp.microsoft.com, ds.mydomain.net, core.somewhere.org, etc.

Benefits are that 1) it doesn't conflict with the organizations website, because it's using a sub-domain that you'll never use for anything publicly, 2) it uses a valid domain, which is registered to you, and 3) it does not use "local" for the TLD, which is a reserved TLD that can conflict with certain equipment/software.

 

[imagoon]

I know that I'm late to this thread, but I'd advocate against using domain.local for DNS. It's best practice to use a sub-domain off of a "real" domain name. I.e. corp.microsoft.com, ds.mydomain.net, core.somewhere.org, etc.

Benefits are that 1) it doesn't conflict with the organizations website, because it's using a sub-domain that you'll never use for anything publicly, 2) it uses a valid domain, which is registered to you, and 3) it does not use "local" for the TLD, which is a reserved TLD that can conflict with certain equipment/software.

I have become torn on this lately for the reasons you stated. It used to be recommended (local), now we are drifting to a sub domain. I am starting to lean towards the subdomain more and more myself.

Is there any other blogs / work papers that suggest why either way is better?

 

[GeekDrew]

I have become torn on this lately for the reasons you stated. It used to be recommended (local), now we are drifting to a sub domain. I am starting to lean towards the subdomain more and more myself.

Is there any other blogs / work papers that suggest why either way is better?

Where was "local" ever recommended by Microsoft? I've only ever seen it recommended on websites by mis-informed sysadmins (and I admit that I had that opinion for a while, many years ago). I've seen numerous docs on TechNet that recommend using a subdomain of a registered domain, though I don't have the time right now to find any links. If you search for Active Directory design, you'd probably be able to stumble upon something.

 

[imagoon]

Where was "local" ever recommended by Microsoft? I've only ever seen it recommended on websites by mis-informed sysadmins (and I admit that I had that opinion for a while, many years ago). I've seen numerous docs on TechNet that recommend using a subdomain of a registered domain, though I don't have the time right now to find any links. If you search for Active Directory design, you'd probably be able to stumble upon something.

The original reasons were not specific to MS. Main reasons were the FQN not being 'routable', not needing to buy a domain, no chance to conflict outside the network, no need to link the internal DNS vs external DNS etc.

 

[drebo]

Subdomain is the generally-accepted method now.

There are very, very good reasons not to use "domain.com", though, and I would never recommend doing it.

"corp.domain.com" is recommended, or, failing that, "domain.local".

 

[GeekDrew]

Subdomain is the generally-accepted method now.

There are very, very good reasons not to use "domain.com", though, and I would never recommend doing it.

"corp.domain.com" is recommended, or, failing that, "domain.local".

... but you just said that subdomain is the generally-accepted method. Why would you then say "failing that, domain.local"?

Register a domain name just for ADDS if you have to (though I'd still make it a subdomain of that domain name, to just be safe). I can't think of *any* good reason to use an invalid or reserved domain/tld as the ADDS domain name.

And yes, imagoon, I understand why those reasons were chosen to defend that opinion. Fortunately, that time has passed.