Host Hyper-V server is getting it's Authentication/DNS from a DC that I need to remove. How do I proceed

J.R. Sitman
J.R. Sitman used Ask the Experts™
on
I have two DC's 1 is virtual.  I need to remove the physical DC to rebuild it.  However, the Host member Hyper-V server is authenticating to the server I need to rebuild.

How do I proceed to accomplish this task?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Active Directory is a multi-master topology, so as long as your DC is healthy, advertising, and working properly (use dcdiag to check this) machines will seamlessly move among available DCs. They won't lock onto and authenticate against only one. So you can remove a DC easily and transparently without extra steps.
TunerMLSystems Engineer

Commented:
You will however want to ensure that the DC you are rebuilding does not hold the FSMO roles, and if it does transfer them to the DC that will remain active during this period.
J.R. SitmanIT Director

Author

Commented:
So lets say the physical DC is off.  If I reboot the Host Hyper-V server, it will authenticate to the VM on itself that is the DC?

All FSMO roles have been moved to the VM DC.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018
Commented:
No, that is a chicken-and-egg scenario. If you envision rebooting your hyper-v server within the time it takes to rebuild your physical DC, stand up another DC in the interim, even if only temporarily.
J.R. SitmanIT Director

Author

Commented:
That's what I thought.  Does it need to be a DNS server?

Thanks
Distinguished Expert 2018
Commented:
If your only other DNS servers with AD zones are VMs on the host, yes. AD is heavily dependent on DNS.
J.R. SitmanIT Director

Author

Commented:
got it.  It will using the existing scope that exists on AD, correct?
Distinguished Expert 2018

Commented:
Scope?
J.R. SitmanIT Director

Author

Commented:
Sorry, was thinking DHCP.  I just checked it has the proper "Zones"
Distinguished Expert 2018

Commented:
So I am not sure there was a question there, but the rule is the same as it is for a domain controller. You want to make sure a DNS server is always available. If that means making a temp DC also be a DNS server then do that.
J.R. SitmanIT Director

Author

Commented:
got it.  All is good.

Thanks
J.R. SitmanIT Director

Author

Commented:
Final question.  I have the DHCP scope split over two DC.  If the DC that I'm shutting down is one DHCP and the other is the VM, is that a problem?
Distinguished Expert 2018
Commented:
It would be for clients requesting leases if you rebooted the host or guest while the physical machine is down. Or if the host also gets its address from DHCP. Otherwise, no.
J.R. SitmanIT Director

Author

Commented:
Thanks for all the help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial