Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 169
  • Last Modified:

DHCP via Two Domains -- one network ?

I need to keep both domains running for 2+ weeks since
my 50 employees are sometimes remote, therefore I cannot
do the entire cutover on a weekend/etc and do NOT want to
migrate my current 2008 domain since it is messed up/etc

Are step #3 and #4 valid ?
What recommendations do you have ?
 1.  keep my ONE "DomainName=domain1" Windows 2008 SERVER
      running DC, AD, DHCP, DNS, VPN, FileServer, and NOTHING else
 2. setup a 2nd "DomainName=domain2" Windows 2012 R2 SERVER
     running DC, AD, DHCP (with different range then above "domain1",
     DNS, VPN, FileServer, and NOTHING else
 3. change 1st employee to new domain, no VLANs/etc,
     causes employee to get DHCP from the "domain2" server ?
 4. 1st employee can still access \\domain1\srvrFiles, but will
      need to enter their "domain1\username" credentials ?
 5. after all employees are moved over, getting DHCP from
     new server I will then move \\domain1\srvrFiles to
     \\domain2\srvrFiles and remap drives if needed
  • 2
3 Solutions
Adam BrownSr Solutions ArchitectCommented:
You can't have 2 DHCP servers from different AD domains actively running on the same subnet. They will either conflict with one another or one will forcibly shut down the other.

The solution here is to create a stub zone for domain2 in DNS on the domain1 server (and vice versa). This will allow computers that have the DC for domain1 as their DNS server to communicate with the DC for domain2 because the DNS server in Domain1 will forward DNS requests for domain2 to the DC for domain2. Basically, your migration would look like this:

1. Create stub zone for Domain2 in DNS on domain1
2. Create Domain2 with everything you need, but make sure DHCP is installed, but not enabled (basically disable the DHCP service until all users are migrated)
3. Begin migrating users. During this period, Users on Domain2 can open Domain1 shares and services with a domain1 username and password, and vice versa.
4. After the employees are all moved over, disable DHCP on DC1, enable it on DC2.
5. Migrate files over (You can do this either before or after DHCP gets migrated)
Lee W, MVPTechnology and Business Process AdvisorCommented:
You can't have 2 DHCP servers from different AD domains actively running on the same subnet.
Sure you can.  It won't work as you want it to and will create problems... but there's nothing preventing it.  People often mess up and leave a wifi router's DHCP on while using Windows.  It works in that they both hand out IP addresses.  It doesn't work in that some machines have problems connecting to network resources or end up with IP conflicts or possibly have issues accessing the internet, depending on the subnet used.

They will either conflict with one another or one will forcibly shut down the other.
They don't conflict at all.  The nature of DHCP is that it's BROADCAST based.  A computer comes on, shouts to all the computers on the network "I'm here and need an address" - the DHCP server hears this and says "hey you, with MAC address x, use this address".

The problem is that if you have more than one DHCP server, you don't know which one will answer.  If they are in the same domain, it doesn't matter if you use a split scope.  If you want/need them to have different information (such as different gateways or DNS servers) THEN you have a problem since either one could answer and if the wrong one does, the client has a problem talking to the servers it needs to.

The only DHCP servers that shutdown if they detect another are on SBS servers in my experience.  I've never heard of another DHCP server do that (though in some respects, I think they should - they should broadcast a DHCP request first, if one is received, they should shutdown before ever handing out an address - this should be part of the DHCP spec that is otherwise overrideable for split scope configs.  But that's my opinion.

If you need to do this piecemeal, then you set the machines you migrate to STATIC addresses and change their DNS servers.  Once done with the migration, you remove the old DHCP server, setup the new, and change everyone back to dynamic addresses.
Adam BrownSr Solutions ArchitectCommented:
The conflict actually comes into play when two DHCP servers are handing out addresses in the same subnet. Some DHCP servers will not detect whether an IP is already on the network and hand out an address that already exists, resulting in an IP conflict. DHCP in Windows Server since 2008 does check addresses before handing them out, but will tag addresses that are already used as Bad addresses and give a lease to that address that won't go away until manually deleted. This would normally be okay, but if you have two DHCP servers on the same network doing this, you can end up potentially filling up the scopes with bad addresses (If there are more devices than half the size of the scope, this is guaranteed to happen eventually).

You don't need to set static DNS on the systems that are on the new domain server. You just need to make sure the existing DNS server that the clients are using can forward DNS requests for the new domain name to the new DC. This can be accomplished with a conditional forwarder or a stub zone in DNS.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now