Solved

Windows 2003 DNS Server Active Directory integrated Zones DC Shutdown

Posted on 2010-11-16
8
443 Views
Last Modified: 2012-05-10
Hello,

we have a mixed enviroment and we have 2 Windows 2003 DNS Servers and 2 Windows 2008 DNS Servers. They are all domain controllers. We are planing now to raise the domain functional level to windows 2008. We have a client skope in DHCP where we can change the DNS Name Server Adress. But we have a lot of network devices where we put in staticly the old DNS Server. What can I do ? We want to shutdown the old Servers with Windows 2003. First step is to take them out of Active Directory but we want to shutdown them in the near Future. What can I do on the DNS side. Can I do some kind of redirection or something because we have a big enviroment and it is imposible to change all the dns server ip adresses by hand. Or do i have to create a script ?

Regards
0
Comment
Question by:jensmg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 5

Expert Comment

by:dacasey
ID: 34143032
There may be an easy way do accomplish your goal.  Note the IP address of your 2003 DNS server(s), when you shut them down you could assign the IP as an additional IP to the 2008 server(s).  You may have to verify that DNS is listening on that IP address as well but this way you could keep the static DNS entries and have everything work with a minimum effort.  If you want to do this before shutting the serers down you would just change the 2003 servers to different IP addresses and add the IPs to the 2008 servers.



0
 
LVL 6

Expert Comment

by:mattconroy
ID: 34143038
You can use netsh in a script to change the member Server's DNS entries. Make sure you transfer the FSMO roles to the new 2008 Server's before you decommission the old 2003 Server DC's.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 300 total points
ID: 34143039
Do you have them hard coded by name or IP.  A script is possible, I don't have that script handy though.   if it is by IP you can just make your new box the same IP as your old (once your old is off).  Or on a weekend change the IP of your old box then you can use that previous IP on your new server.

Ace also has a good entry on keeping the same IP   http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx

Thanks

Mike
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 200 total points
ID: 34143054
Is there any reason why you can't assign the IP addresses of the old servers to the new servers? What I did was to change the IP address of the ol2003 DC to a different IP, rebooted it, and then changed the IP address of my new 2008 R2 DC to have that of my old DNS server, and I rebooted it. I did the same for the other pair of servers. I let things settle out for a little while (maybe a week or more, but it could have been just days) before I demoted the old DCs and eventually turned them off.

You may want to turn off your 2003 DCs for a few days before you demote them and permanently retire them. If you forget to migrate something, it's a lot easier to power your DC back on than it is to recreate things or restore anything from backup. I had forgotten to migrate my DHCP settings before I moved things, and I am glad that I was able to go back to my old DC and migrate my 20 or so DHCP scopes without having to recreate them.
0
 
LVL 5

Expert Comment

by:dacasey
ID: 34143061
Hi Kevinhsieh,

That was my exact recommendation; I guess my language my not have been clear.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34143069
You can reuse the IP,but there is proper steps to be followed for re-using same name & IP address to the new DC. You will require to give sufficient time so that changes are replicated to other dc.

Its usually very difficult to demote the dc & reuse its IP if the demoted dc records has not be cleared from AD from all the place like esp in all the folder inside _msdcs in dns, domain partition etc.

if you make sure there is no traces left then only promote the new DC with old IP & hostname else,its going to be tough time if it detects the single record in AD as system GUID is written with hostname in several places in AD.

Take a look at below article.

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_2706-Why-not-to-re-use-DC-names.html
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34143079
Changing IP to new unused IP is not a tough task,but changing to same IP which has been used an DC on new server with old dc, can be difficult sometime.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34147115
dacasey, when I started composing my respionse, there were 0 responses to the question. Three were posted by the time I got my answer posted. If it was my question I would give you points.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question