Solved

Host Hyper-V server is getting it's Authentication/DNS from a DC that I need to remove.  How do I proceed

Posted on 2014-02-25
14
315 Views
Last Modified: 2014-11-12
I have two DC's 1 is virtual.  I need to remove the physical DC to rebuild it.  However, the Host member Hyper-V server is authenticating to the server I need to rebuild.

How do I proceed to accomplish this task?
0
Comment
Question by:J.R. Sitman
  • 7
  • 6
14 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39886252
Active Directory is a multi-master topology, so as long as your DC is healthy, advertising, and working properly (use dcdiag to check this) machines will seamlessly move among available DCs. They won't lock onto and authenticate against only one. So you can remove a DC easily and transparently without extra steps.
0
 
LVL 9

Expert Comment

by:TunerML
ID: 39886257
You will however want to ensure that the DC you are rebuilding does not hold the FSMO roles, and if it does transfer them to the DC that will remain active during this period.
0
 

Author Comment

by:J.R. Sitman
ID: 39886271
So lets say the physical DC is off.  If I reboot the Host Hyper-V server, it will authenticate to the VM on itself that is the DC?

All FSMO roles have been moved to the VM DC.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39886287
No, that is a chicken-and-egg scenario. If you envision rebooting your hyper-v server within the time it takes to rebuild your physical DC, stand up another DC in the interim, even if only temporarily.
0
 

Author Comment

by:J.R. Sitman
ID: 39886393
That's what I thought.  Does it need to be a DNS server?

Thanks
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39886479
If your only other DNS servers with AD zones are VMs on the host, yes. AD is heavily dependent on DNS.
0
 

Author Comment

by:J.R. Sitman
ID: 39886534
got it.  It will using the existing scope that exists on AD, correct?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39886567
Scope?
0
 

Author Comment

by:J.R. Sitman
ID: 39886573
Sorry, was thinking DHCP.  I just checked it has the proper "Zones"
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39886581
So I am not sure there was a question there, but the rule is the same as it is for a domain controller. You want to make sure a DNS server is always available. If that means making a temp DC also be a DNS server then do that.
0
 

Author Comment

by:J.R. Sitman
ID: 39886635
got it.  All is good.

Thanks
0
 

Author Comment

by:J.R. Sitman
ID: 39887025
Final question.  I have the DHCP scope split over two DC.  If the DC that I'm shutting down is one DHCP and the other is the VM, is that a problem?
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 500 total points
ID: 39887056
It would be for clients requesting leases if you rebooted the host or guest while the physical machine is down. Or if the host also gets its address from DHCP. Otherwise, no.
0
 

Author Closing Comment

by:J.R. Sitman
ID: 39893511
Thanks for all the help
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question