Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Host Hyper-V server is getting it's Authentication/DNS from a DC that I need to remove.  How do I proceed

Posted on 2014-02-25
14
Medium Priority
?
327 Views
Last Modified: 2014-11-12
I have two DC's 1 is virtual.  I need to remove the physical DC to rebuild it.  However, the Host member Hyper-V server is authenticating to the server I need to rebuild.

How do I proceed to accomplish this task?
0
Comment
Question by:J.R. Sitman
  • 7
  • 6
14 Comments
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 39886252
Active Directory is a multi-master topology, so as long as your DC is healthy, advertising, and working properly (use dcdiag to check this) machines will seamlessly move among available DCs. They won't lock onto and authenticate against only one. So you can remove a DC easily and transparently without extra steps.
0
 
LVL 9

Expert Comment

by:TunerML
ID: 39886257
You will however want to ensure that the DC you are rebuilding does not hold the FSMO roles, and if it does transfer them to the DC that will remain active during this period.
0
 

Author Comment

by:J.R. Sitman
ID: 39886271
So lets say the physical DC is off.  If I reboot the Host Hyper-V server, it will authenticate to the VM on itself that is the DC?

All FSMO roles have been moved to the VM DC.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 39886287
No, that is a chicken-and-egg scenario. If you envision rebooting your hyper-v server within the time it takes to rebuild your physical DC, stand up another DC in the interim, even if only temporarily.
0
 

Author Comment

by:J.R. Sitman
ID: 39886393
That's what I thought.  Does it need to be a DNS server?

Thanks
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39886479
If your only other DNS servers with AD zones are VMs on the host, yes. AD is heavily dependent on DNS.
0
 

Author Comment

by:J.R. Sitman
ID: 39886534
got it.  It will using the existing scope that exists on AD, correct?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 39886567
Scope?
0
 

Author Comment

by:J.R. Sitman
ID: 39886573
Sorry, was thinking DHCP.  I just checked it has the proper "Zones"
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 39886581
So I am not sure there was a question there, but the rule is the same as it is for a domain controller. You want to make sure a DNS server is always available. If that means making a temp DC also be a DNS server then do that.
0
 

Author Comment

by:J.R. Sitman
ID: 39886635
got it.  All is good.

Thanks
0
 

Author Comment

by:J.R. Sitman
ID: 39887025
Final question.  I have the DHCP scope split over two DC.  If the DC that I'm shutting down is one DHCP and the other is the VM, is that a problem?
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 2000 total points
ID: 39887056
It would be for clients requesting leases if you rebooted the host or guest while the physical machine is down. Or if the host also gets its address from DHCP. Otherwise, no.
0
 

Author Closing Comment

by:J.R. Sitman
ID: 39893511
Thanks for all the help
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question