Monday, September 27, 2010

Password Complexity for SBS 2003 to 2008 Migration

Windwos Server 2008 Password Policy Setting Recomendations

The following excerpt is from the Small Business Server 2008 Setup and Migration Help File:

"Password policies in Windows SBS 2008 enforce strong passwords by default, and the password policies dialog in the Windows SBS Console writes the configuration to the default domain policy. The password policy configuration is not written to the Small Business Server Domain Password Policy object, as in Windows SBS 2003. "



The password complextity is a small over-comeable problem that you could encounter during a migration from SBS2003 to SBS2008. The pasword complexity could lead to an even getting logged in the SBS migration and setup logs. The even doesn't tell you it's thecomplexity of the administrator account password, but instead leads you to believe that it the directory services restore mode password that has a problem.
The complexity of the pasword required varies depending on the stage of the install. The 2008 SBS server when joining the domain is a client and uses it's own local policy which at this point is no password is required. when joining the domain, it uses the default policy for a domain controller not the policy that is already set for the domain controller in the domain group policy. once in the domain, it will use the policy that has already been established.
So, when creating your answer file be sure to have a password complexity matching 8 characters and included uppercase, lower case, a number or a special character (!,@,#,$,%,etc>). If the administrator account that is being used for the migration does not match these characteristics then the migration will fail with and error "FATAL: DcPromo_JoinDomain: The server was not promoted to a domain controller" and an error telling you that "The Directory Services restore Mode password does not meet its complexity criteria" .

BEFORE starting the migration, make the administrator password or the password for the administrator account that will be used for the migration match complexity requirements. I recommend, OVERMATCHING!, or you could be formatting the installation of the new SBS2008 server and trying the migration again. Use 14 characters or more is the main recommended action to over match - that's what I did.

2 comments:

Anonymous said...

My company often encounters Microsoft SBS servers. The product itself is resourceful idea from Microsoft to have an affordable server platform for smaller companies that included an Active Directory server which enables the security domain of a local domain. It also includes Exchange server which is the worlds leading email platform. I am not a Microsoft fanatic but Exchange rightfully has achieved the largest user base and greatest deployment over all other email server. many decades ago, there were surprisingly more competitors for the mail server market. Mainly because when email was introduced to the masses, it was mostly POP and SMTP configurations. Then came IMAP, that further secured and permitted better syncing of mailbox folders. There were competitors hat were able to both deliver and send email messages for small businesses. Exchange , when it first began, was not so feature rich and was not every reliable in terms of it was problematic and broke very easily. It has evolved greatly however and has become the most popular email platform for email. We have had to perform more than several migrations of SBS over the years. Always expect problems. The only way to reduce the real problems is with more planning and preparation. Just winging a migration will get all levels of support professionals into trouble for sure. Seeing a data-store not mount or Exchange services not start-up is a very time consuming task to overcome in most all cases.

gg1177 said...

We use remote support software to implement and manage our exchange installations and SBS migrations. Since the source server is already managed and needs very little changes to prepare for the migration in terms of restarts, web based support accommodates this needs very easily. Online remote support software has enables us to implement more servers and desktop without having to be on-site. Moreover, supporting the systems dafter they have been installed and left to the customer's IT department or pseudo IT person has been simplified with online remote support software. One of the most popular and useful incarnations of remote support software is the server based iLO and DRAC technologies. These tow give remote control of servers. Not just the desktop of a working server but also servers that are having issues and not rebooting or booting. Up. Just the other evening we had encounters a server for a client that would not boot up. iLO and DRAC is my favorite remote control software that we use for remote support software. Remote support software such as this is invaluable. Because we can access a server console as if we were in front of the server saves us an incredible amount of time and money. We are able to deploy more servers and desktops with less staff than before . We are able to support more servers and desktop with remote support software than without.