+ Post New Thread
Results 1 to 15 of 15
Windows Server 2008 R2 Thread, Single 2008x86 DC -> R2 : To swing or not to swing... ? in Technical; Scenario is a Primary with just the one existing 2008x86 DC (Enterprise). Being able to manage GP from the console ...
  1. #1

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Single 2008x86 DC -> R2 : To swing or not to swing... ?

    Scenario is a Primary with just the one existing 2008x86 DC (Enterprise). Being able to manage GP from the console (remotely) is a key requirement, but although they're not using it yet Windows 7 isn't supported blah-blah. There isn't any nasty 3rd party s/w with it's claws embedded in the DC, print drivers could be that occasional 65 & 32-bit fail though.

    So:

    Option 1: Make a little Win 7 + RSAT VM you can fire up on the server on when you do need to play with GP settings. [We have ample h/w resources available)

    Option 2: Swing migrate, ensuring the result has the same name as the original via an (external) 2008 R2 VM. May need to fix-up some GPP SIDs afterwards though.

    Head says the first option, heart says the second (albeit with head heckling about greater endeavour - twice, coz I'd likely run through it virtually first).

    Anyone have any opinions based on real experience?
    Last edited by PiqueABoo; 15th May 2011 at 09:44 PM. Reason: resources for VM

  2. #2
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Ok question before I answer your question, I have an idea, just need to confirm what extually you have

    You say you have one single DC

    Is this your only server? You could have another server(s) thats not a dc

    How many hard drives has the server got? also how much RAM does it have?

  3. #3
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    Why not bring up a 2008r2 server as a dc for failover. This then cures your issue and gives you a backup dc.

    Nick

  4. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,800
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    You won't be able to do an inplace upgrade of the 2008 x86 box straight to 2k8 r2 as its x64 only.

    but i would get another server and promote as dc and possible file store then hide somewhere in your school so that you have a second copy of AD as its a pain to restore!

  5. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Bring up a virtual 2008 r2 DC copy whats required, demote other one then reinstall as 2008 r2 no swing needed.

    Ben

  6. #6

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Server is the only one and it's Enterprise, it's has a few years life in it and has 8GB RAM with more than half of that 'spare' i.e. there are no serious obstacles for the proposed Win7 VM.
    It's Primary, there is no money in most of those including this one, so a new second server simply isn't viable.
    I know about the lack of in-place upgrade path , hence "swing" via a (temporary) VM - a significant point in this would be to only replace the (lots of space) system partition, leaving the mountains of user data and it's perms etc. on other logical drives throughout.

    Bring up a virtual 2008 r2 DC copy
    Nowhere to keep it, so I need to "take down" that VM, which would likely be on my laptop, afterwards i.e. new R2 install on original h/w gets promo'd and all the FSMOs back, virtual DC is depromo'd and disappeared from AD i.e. what is conventionally called a swing migration.
    Last edited by PiqueABoo; 15th May 2011 at 11:04 PM.

  7. #7
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Quote Originally Posted by PiqueABoo View Post
    Server is the only one and it's Enterprise, it's has a few years life in it and has 8GB RAM with more than half of that 'spare' i.e. there are no serious obstacles for the proposed Win7 VM.
    It's Primary, there is no money in most of those including this one, so a new second server simply isn't viable.
    I know about the lack of in-place upgrade path , hence "swing" via a (temporary) VM. A key point there is to only replace the system partition, leaving the mountains of user data and it's perms etc. on other logical drives throughout.
    Im hoping you have some sort of backups going on?

    Ok what I sugguest

    As you said you have all the user files etc on the other hard drives, that leaves you able to do the following

    Create a virtual server (2008, not r2 as you cant run a 64bit virtual server as you running a 32bit server) transfer all the roles to this virtual server (makeing sure you save the files for the virtual server to another hard disk/partition)
    then demote the physical server as a DC.

    Makes sure any files on the system drive/partiton is copy to another drive

    Now as you have a virtual server running for the domain you can now reload the physical server to Server 2008 R2. Of course your need to do this during half term, unless the school can have downtime

    Once Server 2008 R2 is installed you can install hyper-v again add the virual server back on to server thats still saved on the other drive.

    Transfer everything roles etc on the physical server, setup how you want it

    Once this is done demote the virtual server.

    Make a new virtual server (2008 R2)

    Just make this a Domain Controller, this would be a backup just incase a problem arises on the first Domain Controller


    Long progress, but thats all I can think off.

  8. #8

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,080
    Thank Post
    853
    Thanked 2,677 Times in 2,271 Posts
    Blog Entries
    9
    Rep Power
    769
    Swing is longwinded but will give you better upgrade paths in future as 32bit is a deadend. I have to ask though, why not just copy the policy files from a Windows 7 box into the certral policy store. That way you can manage all the Windows 7 settings and don't really need to change anything.

    In Group Policy for versions of Windows earlier than Windows Vista, if you modify Administrative template policy settings on local computers, the Sysvol share on a domain controller within the domain is automatically updated with the new ADM files. In Group Policy for Windows Server 2008 and Windows Vista, if you modify Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new ADMX or ADML files (ADML files are XML-based ADM files that contain language-specific settings). This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts from occurring between ADMX files and ADML files when edits to Administrative template policy settings are made across different locales. To ensure that any local updates are reflected in Sysvol as well, you must manually copy the updated ADMX or ADML files from the PolicyDefinitions folder on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.
    http://technet.microsoft.com/en-us/l...47(WS.10).aspx

    Here are the latest templates, it should just be a case of installing it then copying from %Systemroot%\PolicyDefinitions to sysvol\PolicyDefinitions
    http://www.microsoft.com/downloads/e...2-3E57F3CCD490
    Last edited by SYNACK; 16th May 2011 at 01:03 AM.

  9. #9

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    why not just copy the policy files from a Windows 7 box into the certral policy store. That way you can manage all the Windows 7 settings
    I especially want to manage Win7, IE8 etc. GPPs on the DC and rightly|wrongly assumed you need Win7 RSAT or the R2 editor for that?

    PS: Have they sorted IE9 preferences yet?
    Last edited by PiqueABoo; 16th May 2011 at 09:10 AM.

  10. #10
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,507
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    46
    I think you're making it way too complicated for a primary school and possibly frightening the head into thinking that excess 'mucking' around with a system that works (in his eyes) won't work afterwards.
    Is the aim to have gp control over windows 7? I'd go for the RSAT option but would just install it on the first windows 7 machine you get.

  11. #11

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,712
    Thank Post
    144
    Thanked 548 Times in 492 Posts
    Rep Power
    149
    You can manage your Windows 7 clients from a mix of 2008 and R2 DCs. I'm not 100% as I set my clients up on R2, but I believe all 7 policies can be managed from 2008 - the key switch was in moving from 2003 where .admx was not supported. As long as you update the central store, should be fine.

    You'll want a second DC though

  12. #12

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I think you're making it way too complicated for a primary school and possibly frightening the head
    This isn't going anywhere near the Head's delicate constitution. I'm essentially on your side, but hassle-free remote access to all necessary GPO/GPP config tools on the DC is a *requirement* (remote support=lower cost).

    I believe all 7 policies can be managed from 2008
    I'm prepared to accept that updating the ADM[X]s SYNACK posted will likely expose new Win7/R2 GPO policies in the existing 2008 editing because we all know how they work etc., I'm doubtful about the GPPs.

  13. #13

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,080
    Thank Post
    853
    Thanked 2,677 Times in 2,271 Posts
    Blog Entries
    9
    Rep Power
    769
    Quote Originally Posted by PiqueABoo View Post
    I especially want to manage Win7, IE8 etc. GPPs on the DC and rightly|wrongly assumed you need Win7 RSAT or the R2 editor for that?

    PS: Have they sorted IE9 preferences yet?
    You have 2008 which has the same ADMX editor as the later versions the only difference is the templates as above, update those and your done. You will be ably to fully manage the Windows 7 GPOs on the server (all in about 20 minutes worth of work ). Not sure about the IE9 prefs, have not had to change any since IE8 so has not really come up.

  14. #14

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,712
    Thank Post
    144
    Thanked 548 Times in 492 Posts
    Rep Power
    149
    GPPs are available on 2008 here, identical to R2.

  15. #15

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Here's some MS DS blog text:

    Windows 7 ADMX files now include support for two registry types: REG_MULTI_SZ and REG_QWORD. The REG_MULTI_SZ registry data type represents multi strings entries within a single registry value. The REG_QWORD registry data type represents a 64-bit number, which is twice the size of the 32-bit number stored in REG_DWORD. These new aspects of the ADMX syntax are only viewable when using the GPMC and Group Policy editors from Windows Server 2008 R2 or Windows 7 Remote Server Administration Tools (RSAT). Group Policy editors and the GPMC from Windows Vista cannot read ADMX files containing this new syntax.

    My emphasis. I just have experienced and I'm certain you will get a complaints if you try getting 2008 GPMC/GPME to use Win7/R2 ADMXs. Specifically these are about terminalserver-server.admx which I simply removed from the central store because I don't think I'll need that in this scenario. That done it all seems happy and although I can't say anything about the Software and Windows Settings, I have Win7/R2 specific policy settings in Administrative Template using the 2008 tools.

    As for GPP identical-ness this did nothing for that - go to Internet Settings and the newest IE you get is still IE7, not the IE8 you have with R2.

    I'm rethinking all of this: On reflection IE is the only GPP that's bothering me and as remarked above I believe you have the same problem on R2 just shifted a version upwards - you can make GPPs for IE8 but not IE9. This is a pain, I really liked the IE GPPs for their idiot-friendliness but if MS aren't going to add GPP support for new versions then I think I'll have to revert to the old method. You can edit the relevant sysvol XML file as an obviously unsupported workaround, but that edit can get reverted very easily.

SHARE:
+ Post New Thread

Similar Threads

  1. Single Status
    By danielson81 in forum General Chat
    Replies: 5
    Last Post: 5th March 2009, 09:01 AM
  2. Single Status
    By beeswax in forum General Chat
    Replies: 5
    Last Post: 21st January 2009, 09:53 AM
  3. [Video] 360 on a Giant Swing
    By mattx in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 19th October 2008, 04:21 PM
  4. Swing-arm mounted Interactive Whiteboard
    By beast_gts in forum Hardware
    Replies: 5
    Last Post: 1st June 2007, 02:47 PM
  5. Single Status
    By faza in forum General Chat
    Replies: 36
    Last Post: 2nd February 2007, 09:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •