SBS 2011 to 2012R2 Standard with Essentials Service and 365

Pre-requisite reading (optional)

We will be moving from a 2 server setup SBS 2011 Premium to a 1 server Essentials, SQL had stopped being used for several months after the initial installation of 2011 Premium

Depending on when you will be migrating mail you will want to create 365 account and verify your domain. This can take up to 72 hours so do it well in advance to doing the work but not so far that your wasting weeks/months of paying for nothing.
Do a backup of all GPO’s
Create a GPO that make a local admin user so further on in this process you can log on locally
- http://www.dannyeckes.com/create-local-admin-group-policy-gpo/
On Source Server get it all updated well in advance, that means exchange and server OS
- Personally I would do this over the course of 2 weeks in advance over every dinnertime and set aside 1 hour to monitor it to make sure updates apply correctly.
2 x 600GB 15k disks in raid one partitioned for the Hyper V OS with 120GB and 400GB for the VM OS Partition (known as fast storage)
- In hindsight it would of been better to install the HyperV host OS on the slow storage so there is no impact on IO for the fast disks.
3 x 2TB Nearline SAS Disks in Raid 5 giving a 1.72TB usable space for secondary drives storage etc…. (Known as slow storage)
2012 R2 standard fully updated with dot NET 3.5 and 4.5 installed
Team the two NICS inside the server
Install Hyper-V and Windows Server Backup
- Note it is recommended to have a hyper-v host to be in a domain however since we have no physical DC (post migration) we are not doing this in this guide. This is your decision to make !
Run Windows Update again on the host
Configure WSB to run at night every night or at a period when downtime can occur
Create a VM (on the slow storage)as an image and name it BASE OS, configure it as you would like, Customer experience unchecked, make it fully updated etc…. then Sysprep it
- I used this as a reference http://sondreb.com/blog/post/hyper-v-making-template-virtual-machines.aspx
- It might be worth while to take note of this guide to keep your base os updated http://blogs.technet.com/b/keithmayer/archive/2013/12/13/step-by-step-offline-vm-template-servicing-with-windows-server-2012-r2-and-powershell.aspx
- Use the following guides to help with performance of Hyper-V
  - http://blogs.technet.com/b/askpfeplat/archive/2013/03/10/windows-server-2012-hyper-v-best-practices-in-easy-checklist-form.aspx
  - http://msdn.microsoft.com/en-us/library/windows/hardware/dn567657.aspx
- To ensure Integration Services are always up to date across all server you might want to run this script below
  - http://blogs.msdn.com/b/virtual_pc_guy/archive/2012/03/06/using-powershell-to-check-integration-services-versions.aspx
Now create your DC VM without a disk and copy across the BASE OS vhdx and rename it
- Set dynamic memory and set the minimum to 2048 and set the maximum to as much as you can spare
- Set the memory weight to high
- set “Automatic Start Action” to “Always Start” with a delay of 0
- set “Automatically Stop Action” to “Shutdown the guest OS”
  - This is only for a DC however depending on the application may apply to other VM’s
- Boot the VM and Name it
- Ensure a backup on the host has taken place
Follow this guide to start the migration http://technet.microsoft.com/en-us/library/dn408634.aspx (below is a general summery of what to do)
- Ensure the Source server (SBS 2011) is up to date
- Ensure Backups are working and you have a recent copy
- Run best Practice Analyzer
  - http://www.microsoft.com/en-us/download/details.aspx?id=15556
  - Fix any errors that occur
Now you will want to go to Part 2 of the Technet Article here http://technet.microsoft.com/en-us/library/dn408637.aspx (below is a general summery of what to do)
- Ensure you have set the correct name for your server
- Set your Static IP
  - Ensure DNS is updated with it
- Install the following Services
  - Active Directory Domain Services
    - Once configured promote this to a DC
      - add this server to an existing domain
        
        You may run into this issue http://technet.microsoft.com/en-us/library/cc754463(WS.10).aspx#BKMK_Dcpromo
      - The server will be restarted
      - Start BPA for AD and address any issues
        
        I ran into AD being on a hyper-v server read through the following to ensure all is OK
        
        http://technet.microsoft.com/en-us/library/dd363553(WS.10).aspx
      - Run the AD replication status Tool http://www.microsoft.com/en-gb/download/details.aspx?id=30005
  - DNS
    - Once the server is back on check replication is all ok
    - Start BPA for this role in Server Manager and address any issues
      - I ran into the following
        
        http://technet.microsoft.com/en-us/library/ff807390(v=ws.10).aspx
        http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx
        http://technet.microsoft.com/en-us/library/ff807382(v=ws.10).aspx
  - DHCP
    - Migrate DHCP with the following guide
      - http://blogs.technet.com/b/canitpro/archive/2013/04/29/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012.aspx
    - Start BPA for this role in Server Manager and address any issues
      - I ran into the following issues
        
        http://technet.microsoft.com/en-us/library/ee941150(v=ws.10).aspx
        http://technet.microsoft.com/en-us/library/ee941181(v=ws.10).aspx
- Add role Essentials Experience Pack
- Transfer the FSMO Roles
  - Follow the steps at the bottom
- Configure Essentials from Server Manager
  - I ran into this lovely issues where a user account needs to be added to continue with the configuration
    - http://blogs.technet.com/b/sbs/archive/2013/12/04/you-may-be-unable-to-run-post-deployment-configuration-wizard-after-you-install-the-windows-server-essentials-experience-role.aspx
    - http://support.microsoft.com/kb/2914651
  - Start BPA for this role in Server Manager and address any issues
    - I ran into this issue ” Windows Server Backup is configured to back up an unsupported partition,” however according to tech-net ignore it….. http://msdn.microsoft.com/en-us/library/azure/dn520828.aspx#BKMK_Limitations
Now Start work on Exchange on the SBS Server
- You can go two ways here depending on the size Cut-over or Export PST and re-import we will be going with cutover
- To do this follow these instructions http://help.outlook.com/en-US/140/ms.exch.ecp.emailmigrationwizardexchangelearnmore.aspx I did the following
  - Check your external connectivity here https://www.testexchangeconnectivity.com/ with the outlook connectivity option
    - troubleshoot any issues
  - Set the cutover account to have full access permission’s on every mailbox
    - use the following in exchange ps
      - Get-Mailbox | Add-MailboxPermission -User Administrator -AccessRights Fullaccess -InheritanceType all
      - Source http://msundis.wordpress.com/2011/06/21/manage-full-access-permissions-on-mailboxes-in-exchange-2010/
  - Enable the MRS Proxy Endpoint
    - See http://technet.microsoft.com/en-GB/library/dn155787(v=exchg.150).aspx
    - use “Set-WebServicesVirtualDirectory -Identity “EXCH-SRV-01\EWS (Default Web Site)” -MRSProxyEnabled $true
      ” in EXCHANGE PS
    - To confirm use “Get-WebServicesVirtualDirectory | fl” in Exchange PS and look for “MRSPROXYEnabled” and ensure it is true
  - Ensure there are no hidden mailbox’s
  - disable unified messaging
  - Ensure your domain is validated on 365
  - Log into your 365 account (this will be of help http://blogs.technet.com/b/canitpro/archive/2013/05/31/step-by-step-migration-of-exchange-2003-server-to-office-365.aspx)
    - Go to Exchange admin centre
    - click recipients
    - click migration
    - click the plus symbol
      - select staged migration
      - enter the details of the account your using to transfer the mailbox’s
      - for exchange server enter the local name so “exchangeserver.contoso.local”
      - for RPC use the external address which is typically how you access owa so “remote.domain-name.com”
      - Click advanced
        
        set basic for authentication
        select full access for mailbox permission
      - To confirm all of the above use “Get-WebServicesVirtualDirectory | fl” in Exchange PS on the SBS server
    - Monitor the synchronization
      - Confirm and Troubleshoot any errors
Enable integration with 365
- Assign all the users the 365 account
  - Now on a test machine test Desktop Setup or Office 2013 upgrade (depending on your setup
    - Desktop Setup, wouldnt pick up Outlook 2010 for me for some unknown reason which I couldnt find
    - Installing Office 2013 caused all kinds of issues due to being behind a Watchguard XTM 5 Series (11.9.3), however they were easily resolved
      - See http://community.spiceworks.com/topic/464184-how-to-fix-office-2013-error-30174-4
        
        Open Internal > External HTTP Proxy
        Edit Proxy Action
        
        Check “Allow Range Requests through unmodified”
        
        Click HTTP Exceptions (this you may not want to do)
        
        Add “*.microsoft.com”, “*.microsoftonline.com” and *.office.com”
        Save and apply the rule
      - Try installing again and it should work if not see http://support.microsoft.com/kb/2822317/en-gb or http://office.microsoft.com/en-gb/support/error-code-30174-4-when-installing-office-HA104250348.aspx
Now make changes to DNS

Go to 365 admin setup > domains > fix issues on new default domain and log into your website DNS ssite
ensure DNS has updated I would recommend using http://digwebinterface.com/ to check
- You may want to hold off here and check mail is in the
Then test with https://testconnectivity.microsoft.com
- Click Office 365 Tab and run the following tests
  - Microsoft Exchange Active Sync Connectivity Test > Auto Discover
  - Microsoft Office Outlook Connectivity Tests > Outlook Auto discover & Outlook Connectivity
  - Troubleshoot if necessary
Test a desktop machine with outlook you may need to delete the profile for this

I ran into the following issue of not being able to configure it without the SBS server popping into outlook

http://office.microsoft.com/en-gb/office365-suite-help/manually-update-and-configure-desktops-for-office-365-HA102817833.aspx
http://support.microsoft.com/kb/2404385
Make the below into a reg file this should fix any client trying to connect to on-prem exchange

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\AutoDiscover] “ExcludeSCPlookup”=dword:00000001

Migrate all drive mappings / shares to target server and update group policy Note this shouldn’t cause much hassle but you may want to make copies of the GPO and just apply to test user / machine just to be safe
- I used robocopy to shift everything see command below
  - Robocopy “C:\Share-location\Folder-name” “\\Target-Server\D$\ServerFolders\Folder-Name” /MIR /COPYALL /w:2 /r:2 /zb
Deployment time
- Ensure all machines have Do Net 4-5
- Uninstall the old SBS Connector, you could do this through GPO if you like
- Install the new Connector by going to http://server-name/connect
- Install Office 365 Pro
- Check if their are any archives for outlook before removing Mail profile from Mail for 2013 in Control Panel
  - Apply reg key if required
- Open and Configure Outlook
Now time to implement the new GPO’s for folder redirection
- Firstly Backup all Group Policy’s again before proceeding
- Go to Essentials Dashboard > Devices > Implement Group Policy’s
  - Configure as you desire
    - I had the dashboard crash on me when doing this so you may have to run it again
- Now remove old GPO’s
- Troubleshoot any issues
Here you may want to think about moving AV, Wifi or any other third party applications to the destination server
After Ensuring people can log in successfully and everything is all ok time
Here I started to Move Server-side Applications like AV and Wifi Controller and WSUS
- When installing WSUS you may come to an error upon installation see http://support.microsoft.com/kb/2762663
Decommission Old SBS Server
See http://technet.microsoft.com/en-us/library/dn408635.aspx for more info see
- Exchange – http://www.exchangedictionary.com/articles/clean-uninstallation-of-exchange-2010-mailbox-server-guide
- AD – http://technet.microsoft.com/en-us/library/cc755937(v=ws.10).aspx

This was a big task in a short time and I have to give a big thanks to my colleague JB for his help with this! This is essentially most of the work myself and colleague did with a few bits here and there obviously this can be up to you to decide how you perform this.

I hope this helps!

Note