Detecting Legacy URI Usage

I was asked to look into the question of how to proactively discover users and processes which are using old server names to access data on a new server.

The question that needs to be answered is about which Client is getting to the active server, call it NewServer, using a URI which refers to an inactive server, call it OldServer. (Therefore, it seems to me that this question is not about DFS, since DFS only takes you out of a server to another network location for accessing data.)

We modified the DNS entry for OldServer and gave it the same IP address as NewServer. Then, we ensured that the Root folders on OldServer were also present (without subfolder conflicts) on NewServer. Problem solved.

In this case, in order to detect legacy URI's in use, we would need one of the following to be true:

1) It is possible (and feasible) to configure the DNS server to log requesting IP address along with the Server they are requesting resolution for. Said another way, there is a way to answer the question, "Which IP addresses are requesting name resolution for OldServer.

2) When the request is sent from the Client to NewServer's IP address, there is something in the request that still references the original server name, OldServer, and we can log that something.

Are either of those things possible? Is there another way to detect this?

LVL 11
anyoneisSoftware DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve KnightIT ConsultancyCommented:
How about.... give Newserver a second IP address - ideally on a seperate card connected to the same network, and using that in DNS for "OldServer" then you can see connections to the server on that IP.  Set this to not "register in DNS" on the connection properties and lower in the binding order than the other card.

What services are we talking about here that the users are accessing is this file shares (UNC, mapped drives etc), http or https to and IIS server etc?

If nothing else with this method you can do at any one point in time a check using

netstat -m | find ""

where is the OLD address to see what is connected to.

Other than that is this MS DNS we are talking about?  If so you can put on debug logging of all incoming for Queriesrequests and then filter the logs for the requests or OldServer.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
anyoneisSoftware DeveloperAuthor Commented:
So far it is just file shares. (We have old shortcuts, manual drive mappings,  old programs, etc.) Eventually, it would be nice to turn out the lights on those old server names. I'll investigate your suggestion.
Steve KnightIT ConsultancyCommented:
A further suggestion is... does everyone run a login script?  If so you could run from that a check of

a) mapped drives, i.e. ones they have set as persistent
b) scan their desktop perhaps for the old name.
Realistically though when moving a file share there i always going to be certain amount of stuff -- links from an intranet page or inside a Word document to another file, links to template file that a Word document was created from, recently used document links etc. so it CAN be a pig.  At least you have been able to reduce the user impact by carrying over the old name for a while.

Assuming you are using MS DNS then turning on logging for a period and scanning the results sounds like a good plan to start with.  Will think more if needed or no doubt someone else will jump in with more answers too.

anyoneisSoftware DeveloperAuthor Commented:
These are good ideas! I would like to leave this open longer but the system is already generating "inactive question" messages.


Steve KnightIT ConsultancyCommented:
Yes it can be annoying when it keeps prodding you to keep questions active.  Feel free to drop a comment in here or post a new related Q using the link above - we and others should see it and can think more if you need it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.