Tag Archives: Windows Server 2012

Migrating Windows Server 2003 to 2012

This is an overview of my effort to upgrade some of our old 2003 servers to Windows Server 2012. It is quite possible there are better ways to accomplish this, as I’m just a developer and server upgrade is not something I do… well it was the first time I did it.

Migrating IIS 6.0 to 8.5

First, I needed to migrate IIS applications, app pools and app pools account. In order to automate this as much as possible, I installed Microsoft Web Platform installer on 2003 and Web Deploy 3.5 (The Web Deployment Tool). I used this guide http://www.iis.net/learn/publish/using-web-deploy/synchronize-iis-60-web-sites to help me.

Create backup on IIS6: iisback /backup /b PreWebDeploy

View dependencies on IIS 6: msdeploy -verb:getDependencies -source:metakey=lm/w3svc/1

Create package on IIS 6:

“C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe” -verb:sync  -source:metakey=lm/w3svc/1 -dest:package=C:\YourExportedPackage.zip,encryptPassword=YourPassword  -enableLink:AppPoolExtension

The password is required since we are exporting App Pools and the identities they use (by specifying enableLink:AppPoolExtension).

Run whatif analysis on IIS 2012:

“C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe” -verb:sync -source:package=c:\YourPackage.zip,encryptPassword=YourPassword -dest:metakey=lm/w3svc/1 -whatif > msdeploysync.log  -enableLink:AppPoolExtension

This will run what-if analysis without actually migrating anything. Check the log and install needed dependencies. Once all dependencies are installed, run the actual migration:

“C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe” -verb:sync -source:package=C:\YourPackage.zip,encryptPassword=YourPassword -dest:metakey=lm/w3svc/1 -enableLink:AppPoolExtension

 Another way (this does not copy the content, so you have to copy the folders with sites contents):
[appcmd seems to be available only starting with IIS7. Thanks to Nick for the correction.]
Run On Source:

C:\Windows\System32\inetsrv\appcmd list apppool /config /xml > C:\ apppools.xml

C:\Windows\System32\inetsrv\appcmd list site /config /xml > C: \sites.xml

Run On Destination:

C:\Windows\System32\inetsrv\appcmd add apppool /in < C:\apppools.xml

C:\Windows\System32\inetsrv\appcmd add site /in < C: \sites.xml

Migrating Shares and related permissions

First, create all of the folders for the shares. Then export the whole folder from the registry: Created registry export for the whole folder from 2003: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Shares

Restore it on the destination server. This almost takes care of all the shares, except for NTFS permissions.

To copy NTFS permissions run on source:

Icacls C:\YourFolderThatNeedsNtfsPermissionesCopied  /save ExportedFileWithPermissions.txt /t

Run on destination:

Icacls C:\ /restore ExportedFileWithPermissions.txt


Migrate Users and Groups

First, install Windows Server Migration. Then use SmigDeploy to migrate users and groups.

Run on Destination (some parameters may be different for other configurations. Google SmigDeploy):

SmigDeploy.exe /package /architecture X86 /os WS03 /path C:\userMigrationTool

Go to Source server and run from userMigrationTool folder (created in a previous step). This will register SmigDeploy on source.


Run on source:

Export-SmigServerSetting -User All -Group -Path C:\YourMIgrationFolder -Verbose

It’ll ask you a password. Pick one.

Run on destination:

Import-SmigServerSetting -Group -Path C:\YourMigrationFolder -Verbose



Since I needed to migrate some COM’s, I had to add a feature COM+ Network Access to enable COM.


Open Task Scheduler on destination.

Go to Action – Connect to another Computer. Connect to your source server.

Export the tasks to a temporary location as xml files. I didn’t see a way to export them all at once, so I did it one by one.

Open Task Scheduler on your destination again. Import the tasks.

It may pop up a message saying the account that you used to set up the task needs “Log on as batch job” privileges. In that case, follow a few more steps:

Run secpol.msc /s

Select “Local Policies” in MSC snap in

 Select “User Rights Assignment”

 Right click on “Log on as batch job” and select Properties

Click “Add User or Group”, and include the relevant user.