SCCM 2002 server not in a good place for co-management

%3CLINGO-SUB%20id%3D%22lingo-sub-1983550%22%20slang%3D%22en-US%22%3ESCCM%202002%20server%20not%20in%20a%20good%20place%20for%20co-management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1983550%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Everyone%3C%2FP%3E%3CP%3EI%20am%20currently%20working%20with%20a%20customer%20who%20has%202002%20and%20want%20to%20move%20to%20co-management%20as%20they%20move%20to%20Modern%20device%20management.%20They%20are%20currently%20moving%20from%20one%20AD%20domain%20to%20another%20(they%20have%20a%20two%20way%20trust%20setup)%2C%20the%20new%20domain%20is%20configured%20with%20Azure%20Cloud%20and%20Azure%20AD%20Connect%20to%20sync%20AD%20identities%20to%20the%20cloud.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20SCCM%20server%20sits%20in%20the%20old%20domain%20however%20there%20are%20some%20issues%20with%20the%20current%20environment%20and%20it%E2%80%99s%20not%20in%20a%20healthy%20state.%20Examples%20include%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Remote%20control%20tools%20do%20not%20work%20for%20machines%20configured%20in%20the%20new%20AD%20Domain.%20work%20fine%20in%20the%20old%20domain.%3C%2FP%3E%3CP%3E2.%20Task%20sequence%20smsts%20logs%20not%20reporting%2Fcoping%20back%20to%20MECM%20server%20on%20completion%20of%20build.%3C%2FP%3E%3CP%3E3.Deployment%20of%20user%20virtual%20apps%20in%20SCCM%20fail%20in%20new%20domain%2C%20work%20fine%20in%20old%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20issue%20occurring%20is%20due%20to%20in%20the%20past%20the%20SCCM%20server%20was%20built%20from%20a%20golden%20image%20containing%20duplicate%20SIDs%2C%20when%20they%20only%20had%20one%20domain%2C%20everything%20worked%20as%20expected%20however%20introducing%20the%20new%20domain%2C%20certain%20functionality%20of%20SCCM%20no%20longer%20works%20on%20new%20machines.%20The%20login%20is%20invalid%20as%20the%20authentication%20attempt%20contains%20a%20SiD%20that%20references%20multiple%20machines%20in%20the%20target%20domain%20meaning%20the%20domain%20controller%20cannot%20return%20valid%20credentials.%20The%20customer%20believes%20that%20re%20sysprepping%20the%20SCCM%20server%20could%20resolve%20this%20issue%20however%20the%20problem%20is%20the%20server%20will%20still%20remain%20in%20the%20old%20domain%20and%20they%20are%20looking%20to%20move%20all%20their%20environment%20to%20the%20new%20domain%20eventually%20and%20dispose%20of%20the%20old%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBefore%20we%20enable%20co-management%20and%20cloud%20enable%20SCCM%20on%202006%20we%20have%20asked%20the%20client%20to%20resolve%20these%20issues.%20My%20thoughts%20are%20to%20build%20a%20new%20SCCM%20server%20in%20their%20new%20domain%20and%20perform%20a%20backup%20of%20configMgr%20DB%20and%20other%20data%20and%20just%20restore%20that%20onto%20a%20new%20server%2C%20this%20means%20no%20other%20windows%20server%20specific%20config%20like%20SIDs%20will%20move%20across%20and%20it%20should%20mean%20a%20nice%20tidy%20clean%20environment.%20My%20question%20is%20what%20impact%20could%20this%20have%20with%20the%20existing%20estate.%20Would%20the%20same%20server%20name%20need%20to%20be%20used%20for%20clients%20to%20connect%20or%20is%20further%20config%20required%20to%20make%20it%20work%20by%20restoring%20ConfigMgr%20to%20new%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20good%20documentation%20around%20that%20assists%20with%20moving%20SCCM%20to%20a%20new%20server%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20Thanks%2C%20happy%20to%20provide%20more%20detail%20if%20required.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1983550%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECM%20current%20branch%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1983573%22%20slang%3D%22en-US%22%3ERe%3A%20SCCM%202002%20server%20not%20in%20a%20good%20place%20for%20co-management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1983573%22%20slang%3D%22en-US%22%3EBuilding%20a%20new%20site%20in%20the%20new%20forest%20is%20probably%20a%20good%20idea%3B%20restoring%20a%20backup%20of%20the%20current%20site%20to%20the%20new%20site%20server%20is%20not%20(and%20most%20likely%20unsupported).%20Use%20the%20built-in%20migration%20functionality%20to%20migrate%20everything%20from%20the%20current%20site%20to%20the%20new%20one%20instead.%20See%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fconfigmgr%2Fcore%2Fmigration%2Fmigrate-data-between-hierarchies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fconfigmgr%2Fcore%2Fmigration%2Fmigrate-data-between-hierarchies%3C%2FA%3E%20for%20details.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1983732%22%20slang%3D%22en-US%22%3ERe%3A%20SCCM%202002%20server%20not%20in%20a%20good%20place%20for%20co-management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1983732%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F241578%22%20target%3D%22_blank%22%3E%40Michiel%20Overweel%3C%2FA%3E%26nbsp%3BMany%20thanks%20for%20the%20reply%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20in%20a%20migration%20scenario%2C%20new%20server%2C%20new%20host%20name%20and%20new%20Site%20ID.%20As%20part%20of%20the%20migration%20I%20assume%20once%20all%20data%20required%20is%20moved%20away%20the%20old%20server%20can%20be%20decommissioned%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20just%20wondering%20how%20existing%20devices%20connected%20to%20one%20site%20ID%20would%20then%20be%20able%20to%20communicate%20to%20a%20new%20site.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20just%20watched%20the%20video%20on%20the%20link%20and%20it%20seems%20a%20possible%20way%20forward.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20reason%20why%20backup%20and%20restore%20would%20not%20be%20supported%3F%20I%20probably%20prefer%20that%20approach%20as%20it%20a%20simpler%20method%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi Everyone

I am currently working with a customer who has 2002 and want to move to co-management as they move to Modern device management. They are currently moving from one AD domain to another (they have a two way trust setup), the new domain is configured with Azure Cloud and Azure AD Connect to sync AD identities to the cloud.

 

The SCCM server sits in the old domain however there are some issues with the current environment and it’s not in a healthy state. Examples include:

 

1. Remote control tools do not work for machines configured in the new AD Domain. work fine in the old domain.

2. Task sequence smsts logs not reporting/coping back to MECM server on completion of build.

3.Deployment of user virtual apps in SCCM fail in new domain, work fine in old domain.

 

The issue occurring is due to in the past the SCCM server was built from a golden image containing duplicate SIDs, when they only had one domain, everything worked as expected however introducing the new domain, certain functionality of SCCM no longer works on new machines. The login is invalid as the authentication attempt contains a SiD that references multiple machines in the target domain meaning the domain controller cannot return valid credentials. The customer believes that re sysprepping the SCCM server could resolve this issue however the problem is the server will still remain in the old domain and they are looking to move all their environment to the new domain eventually and dispose of the old domain.

 

Before we enable co-management and cloud enable SCCM on 2006 we have asked the client to resolve these issues. My thoughts are to build a new SCCM server in their new domain and perform a backup of configMgr DB and other data and just restore that onto a new server, this means no other windows server specific config like SIDs will move across and it should mean a nice tidy clean environment. My question is what impact could this have with the existing estate. Would the same server name need to be used for clients to connect or is further config required to make it work by restoring ConfigMgr to new server.

 

Is there any good documentation around that assists with moving SCCM to a new server?

 

Many Thanks, happy to provide more detail if required.

3 Replies
Building a new site in the new forest is probably a good idea; restoring a backup of the current site to the new site server is not (and most likely unsupported). Use the built-in migration functionality to migrate everything from the current site to the new one instead. See https://docs.microsoft.com/en-us/mem/configmgr/core/migration/migrate-data-between-hierarchies for details.

@Michiel Overweel Many thanks for the reply

 

So in a migration scenario, new server, new host name and new Site ID. As part of the migration I assume once all data required is moved away the old server can be decommissioned? 

 

I am just wondering how existing devices connected to one site ID would then be able to communicate to a new site. 

 

I just watched the video on the link and it seems a possible way forward. 

 

Is there a reason why backup and restore would not be supported? I probably prefer that approach as it a simpler method

@isotonic_uk Correct: after completing the migration, the source site can be decommissioned (Complete migration). Before doing that, you'll need to make sure that all clients have been assigned to the new site (Plan client migration). Restoring a site backup to a server in a different domain/forest essentially means that the domain membership for the site server is changed, and that is unsupported (Support for Active Directory domains). To be honest, I'd be surprised if it even works.