bstillion
asked on
Swapping IP addresses on 2 Domain Controllers (Windows Server 2003/2008)
Server A: Windows Server 2003 sp2 domain controller - Primary DNS server in DHCP and statically assigned on member servers
Server B: Windows Server 2008 R2 domain controller - DNS installed but not in use
Windows 2003 Native domain and forest
Healthcare environment (there are other DC/GCs in this domain)
Both IP addresses are on the same network
Many medical applications (no reliable list of applications exists) point to Server A as their sole LDAP source. Not sure if they point to the name or IP address.
I need to retire Server A as part of an upgrade to Windows Server 2008 R2. I would like to assign the IP address of Server A to Server B and also create a CNAME record that points queries for Server A to Server B. Once the IP addresses are swapped, I would then run
Ipconfig /registerdns and dcdiag /fix
to register the new name/ip and to refresh the DNS resource records respectively. I believe it would then be best to remove the domain controller role from Server A to force use of the alias.
I would like to do this in both the root domain and also one of the child domains. I am not sure how the computers/servers will respond to the change in domain controller availability. Will these steps be a transparent way to retire a server without changing DHCP settings and the static, primary DNS server IP on member servers?
Server B: Windows Server 2008 R2 domain controller - DNS installed but not in use
Windows 2003 Native domain and forest
Healthcare environment (there are other DC/GCs in this domain)
Both IP addresses are on the same network
Many medical applications (no reliable list of applications exists) point to Server A as their sole LDAP source. Not sure if they point to the name or IP address.
I need to retire Server A as part of an upgrade to Windows Server 2008 R2. I would like to assign the IP address of Server A to Server B and also create a CNAME record that points queries for Server A to Server B. Once the IP addresses are swapped, I would then run
Ipconfig /registerdns and dcdiag /fix
to register the new name/ip and to refresh the DNS resource records respectively. I believe it would then be best to remove the domain controller role from Server A to force use of the alias.
I would like to do this in both the root domain and also one of the child domains. I am not sure how the computers/servers will respond to the change in domain controller availability. Will these steps be a transparent way to retire a server without changing DHCP settings and the static, primary DNS server IP on member servers?
ASKER
Thanks dibi!
It's hard to create a test environment that is in any way close
to our complex production environment so I'm not sure how
vaulable the test would be.
a test environment is always valuable in helping establish the
step-by-step procedure that works best which in turn reduces
downtime. It's just difficult to really know what implications my
actions will have on production systems.
There are hundreds of applicaitons running software versions that
are often out of support, Macintosh PCs and devices, Groupwise email,
and forest and external trusts with multiple sites. It would take months
to test all of the major parts with any confidence.
Any suggestion on what would be the critical elements to test?
It's hard to create a test environment that is in any way close
to our complex production environment so I'm not sure how
vaulable the test would be.
a test environment is always valuable in helping establish the
step-by-step procedure that works best which in turn reduces
downtime. It's just difficult to really know what implications my
actions will have on production systems.
There are hundreds of applicaitons running software versions that
are often out of support, Macintosh PCs and devices, Groupwise email,
and forest and external trusts with multiple sites. It would take months
to test all of the major parts with any confidence.
Any suggestion on what would be the critical elements to test?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
At first, run a sniffing tool like Wireshark and scan for LDAP requests. This should answer your question, how many LDAP-clients you have. I'd recommend to create a plan, first - just in case of unexpected behaviour later.
Second, I do not recommend doing your "migration" without testing it in a productive environment! Really.
Third: Theoretically, your "migration" should work.
Best regards!
PS: Test it before doing it :)