Network/internet Slowness since replacing primary domain contoller

I inherited an older Microsoft Server 2008R2 DC running AD/DNS/DHCP taht was converted to a VM.  I was having some issues with it but I was trying to wait until we moved to a new circuit and made some other networking issues.  It crashed.

I built a new DC with 2012R2- I was able to get everything up and running no problems.

That being said have some quirky issues.  There are some people who were experiencing slowness- if I gave them a static ip address slowness went away

I have one server that doesn't seem to resolve to DNS anymore.

i realize that not running dcpromo is not ideal but I did not have an option.  Everything else seems to be ok
Rob HayesDirector of ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
moved to a new circuit and made some other networking issues.  It crashed.

Did this DC hold any of the roles? if so, you need to make sure that you have seized the roles to the domain controller that is still online. You will also need to setup the new DC as the PDC (external time source provider)

External Time Source - http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

You will also need to perform metadata cleanup as well.
Metadata Cleanup
https://technet.microsoft.com/fr-ca/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Also you need to change the DHCP user scopes not to point to the old domain controller for DNS. If you have this entry there this could very well be a reason why your users are getting a delay.

Another very important thing you ensure is that the SRV records for the old DC have been cleaned up. This is the folder under the DNS Zones for domain.com. It is the _msdcs.domain.com folder. In there you will see several folders gc,dc,pdc, etc. You need to go through all of those folders and remove/delete any references that still exists from the old DC. This is also another common reason why users have slowness if SRV records are not cleaned up.

Will.
0
Rob HayesDirector of ITAuthor Commented:
I am using the same ip address on the rebuilt DC- so since the records refer to ip address the scope options - did not have to change

the DC has a different name though
0
Hypercat (Deb)Commented:
Try adding an alias in DNS with the old server same, and (obviously) resolving to the new server name.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Rob HayesDirector of ITAuthor Commented:
i have never see that before- can you tell me how that is done?
0
Hypercat (Deb)Commented:
You simply open the DNS management console, navigate down to your domain forward lookup zone, right-click and select New Alias.  Here are a couple of screen captures:

 DNS console right-click menuAdd DNS alias record

The reason I'm suggesting this is because the new server's IP is the same but the name is different, so there may be devices on your network that have the older server name cached with that IP.  This could cause name resolution slowness and browsing problems until that cached record is removed.  So, a way around that is to put in the old server name as an alias to the new one, so if a device looks for the old server name it will find it immediately and then go to the new server name to resolve the IP address.
0
Will SzymkowskiSenior Solution ArchitectCommented:
First of all, did you Seize the roles to the current domain controller? If you have not you need to do so.

If you have Seized the roles of this machine you cannot even bring this server back into the environment.

Have you gone through everything in my original post to ensure that all remnants are removed properly?

You need to start there.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob HayesDirector of ITAuthor Commented:
Will- I have done all the steps you have suggested except that I cannot delete thee old DC for AD Sites and Services- it keeps giving me an access denied error.

Also I am not sure what you mean about the seize the roles
0
compdigit44Commented:
Can you post the results for the following command so we can get an overview of your AD environement

dcdiag /v /e >c:\dcidag.txt
0
Rob HayesDirector of ITAuthor Commented:
0
compdigit44Commented:
You dcdiag seems ok.

On an affected workstation install Network Monitor or Wireshark and capture traffic while the workstation is using DHCP the upload the results so we can help you review them
0
compdigit44Commented:
Stupid question but DNS is set for Dynamic updates correct???
0
Will SzymkowskiSenior Solution ArchitectCommented:
If you are getting access denied it is most like "protected from accidental deletion". Right click on the computer object in sites and services, properties, click on the object tab and if it is enabled remove the checkmark.

Then delete the computer object. If this is not the case your account probably doesn't have access to do this.

Also for any other objects you might have issues deleting associated with the old DC make sure you check accidental deletion is not enabled.

Even if you have domain admin permissions you will not be able to delete objects if protect from accidental deletion is enabled.

Sorry for the delayed response.

Will.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Run the command netdom query fsmo

If the command comes back and it is pointing to the old dc then you need to seize the roles on the new dc.

Will.
0
Rob HayesDirector of ITAuthor Commented:
everything says its good excpet I get
dns.JPG
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.