Friday, 16 March 2007

SBS Migration - Check Admin Password Status when Swinging into a non-SBS domain.

Jeff Middleton over at has put a lot of work into simplifying the management of an SBS domain.

His methods can facilitate an excellent DRP (Disaster Recovery Planning) structure for single server SBS based networks, as well as SBS networks that have an additional AD domain controller or controllers on the network.

When utilizing the Swing method to introduce an SBS server into an existing non-SBS domain, make sure to check the expiry password policy on the existing domain admin account.

In its stock form, the non-SBS domain admin account will have a revolving password in place. SBS needs that password to remain static, that is unchanging.

Because of this requirement, one should evaluate the strength of the existing domain admin password before the Swing. If the password is weak, one should change it to something strong, like a passphrase: ThejoyofIT! and make sure that changed setting has replicated to any other domain controllers in the domain.

GPUpdate /force

The above will facilitate the replication of the changes.

Once the changes are verified, set the domain admin account to never expire:

GPUpdate /force ...

Begin your Swing!

Philip Elder
Microsoft Small Business Specialists

No comments: