DHCP via Two Domains -- one network ?

Posted on 2016-09-02
Last Modified: 2016-09-03
I need to keep both domains running for 2+ weeks since
my 50 employees are sometimes remote, therefore I cannot
do the entire cutover on a weekend/etc and do NOT want to
migrate my current 2008 domain since it is messed up/etc

Are step #3 and #4 valid ?
What recommendations do you have ?
 1.  keep my ONE "DomainName=domain1" Windows 2008 SERVER
      running DC, AD, DHCP, DNS, VPN, FileServer, and NOTHING else
 2. setup a 2nd "DomainName=domain2" Windows 2012 R2 SERVER
     running DC, AD, DHCP (with different range then above "domain1",
     DNS, VPN, FileServer, and NOTHING else
 3. change 1st employee to new domain, no VLANs/etc,
     causes employee to get DHCP from the "domain2" server ?
 4. 1st employee can still access \\domain1\srvrFiles, but will
      need to enter their "domain1\username" credentials ?
 5. after all employees are moved over, getting DHCP from
     new server I will then move \\domain1\srvrFiles to
     \\domain2\srvrFiles and remap drives if needed
Question by:finance_teacher
  • 2
LVL 38

Accepted Solution

Adam Brown earned 250 total points
ID: 41781662
You can't have 2 DHCP servers from different AD domains actively running on the same subnet. They will either conflict with one another or one will forcibly shut down the other.

The solution here is to create a stub zone for domain2 in DNS on the domain1 server (and vice versa). This will allow computers that have the DC for domain1 as their DNS server to communicate with the DC for domain2 because the DNS server in Domain1 will forward DNS requests for domain2 to the DC for domain2. Basically, your migration would look like this:

1. Create stub zone for Domain2 in DNS on domain1
2. Create Domain2 with everything you need, but make sure DHCP is installed, but not enabled (basically disable the DHCP service until all users are migrated)
3. Begin migrating users. During this period, Users on Domain2 can open Domain1 shares and services with a domain1 username and password, and vice versa.
4. After the employees are all moved over, disable DHCP on DC1, enable it on DC2.
5. Migrate files over (You can do this either before or after DHCP gets migrated)
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 41781987
You can't have 2 DHCP servers from different AD domains actively running on the same subnet.
Sure you can.  It won't work as you want it to and will create problems... but there's nothing preventing it.  People often mess up and leave a wifi router's DHCP on while using Windows.  It works in that they both hand out IP addresses.  It doesn't work in that some machines have problems connecting to network resources or end up with IP conflicts or possibly have issues accessing the internet, depending on the subnet used.

They will either conflict with one another or one will forcibly shut down the other.
They don't conflict at all.  The nature of DHCP is that it's BROADCAST based.  A computer comes on, shouts to all the computers on the network "I'm here and need an address" - the DHCP server hears this and says "hey you, with MAC address x, use this address".

The problem is that if you have more than one DHCP server, you don't know which one will answer.  If they are in the same domain, it doesn't matter if you use a split scope.  If you want/need them to have different information (such as different gateways or DNS servers) THEN you have a problem since either one could answer and if the wrong one does, the client has a problem talking to the servers it needs to.

The only DHCP servers that shutdown if they detect another are on SBS servers in my experience.  I've never heard of another DHCP server do that (though in some respects, I think they should - they should broadcast a DHCP request first, if one is received, they should shutdown before ever handing out an address - this should be part of the DHCP spec that is otherwise overrideable for split scope configs.  But that's my opinion.

If you need to do this piecemeal, then you set the machines you migrate to STATIC addresses and change their DNS servers.  Once done with the migration, you remove the old DHCP server, setup the new, and change everyone back to dynamic addresses.
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 41782346
The conflict actually comes into play when two DHCP servers are handing out addresses in the same subnet. Some DHCP servers will not detect whether an IP is already on the network and hand out an address that already exists, resulting in an IP conflict. DHCP in Windows Server since 2008 does check addresses before handing them out, but will tag addresses that are already used as Bad addresses and give a lease to that address that won't go away until manually deleted. This would normally be okay, but if you have two DHCP servers on the same network doing this, you can end up potentially filling up the scopes with bad addresses (If there are more devices than half the size of the scope, this is guaranteed to happen eventually).

You don't need to set static DNS on the systems that are on the new domain server. You just need to make sure the existing DNS server that the clients are using can forward DNS requests for the new domain name to the new DC. This can be accomplished with a conditional forwarder or a stub zone in DNS.

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now