Link to home
Start Free TrialLog in
Avatar of First Last
First LastFlag for United States of America

asked on

DC Upgrades during the day?

I'm planning to add two Server 2008 R2 domain controllers into my domain in the next couple of weeks and was wondering how much of the process can be performed during the day while staff is working.  I have two Server 2003 SP2 DCs at the moment on a LAN with all static addressing.  Both DCs are the DNS servers and the new machines will need to assume the old machine's IP addresses so I don't have to change all of the static DNS settings on my devices.  All of the FSMO roles are on DC1 and both machines are global catalogs.  The basic plan is to prep the domain (adprep), demote DC2, have DC3 take DC2's IP address then promote it to a DC.  I'd then make it a global catalog and transfer the FSMO roles over to it.  Lastly I'd repeat the process for DC1.  I'm curious if most of this can be done during the day or if these changes would cause problems for staff trying to log in and resolve DNS requests.  Let me know what you think, thanks!
Avatar of Vinchenzo-the-Second
Vinchenzo-the-Second
Flag of United Kingdom of Great Britain and Northern Ireland image
During the day should be ok.  Only do one DC a day though.
SOLUTION
Avatar of mat_sullivan
mat_sullivan
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Svet Paperov
Svet Paperov
Flag of Canada image
Yes, your plan is OK and can be performed during the day, one DC at a time.

Just one small note: pay attention to the DNS. DNS server in WS2008 uses longer UDP packets than the one in WS2003 and you could have dns related issues with some firewalls, for example Cisco ASA which dns inspection agent has default value of 512 bytes.
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image
Again changing IP addresses during the day could cause major DNS issues. I would wait to change IP addresses between the two Domain Controllers until you have some lower overhead times.

Everything else for promotion is fine but not change IP addresses around
SOLUTION
Avatar of Svet Paperov
Svet Paperov
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Chris Geraghty
Chris Geraghty
If you do have to change IPs during the day I'd promote DC3 before giving it DC2's old address.
Clients will fail more gracefully if they can't make a connection to a specific server, generally less so if they can connect to the server but it isn't offering them the services they expect.
Avatar of First Last
First Last
Flag of United States of America image

ASKER

Outstanding suggestions all, I'll spread the points around in a moment.  First one thing...CGretski, it is my understanding that once a machine has been made a DC changing the IP isn't really possible or at least difficult.  Have you been able to change this in the past without problems?  If so that would make things much easier.
SOLUTION
Avatar of Chris Geraghty
Chris Geraghty
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial