Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.
How to integrate the new AD domain controller + DNS with the current AD domain controller with no downtime ?
Hi all,
I'm about to commission 2x new Windows Server 2012 R2 and promote it as AD integrated DNS with Domain Controller (GC) role to replace the existing 2008 R2 DC/GC & DNS role.
What are the steps to implement it without outage or downtime to the existing environment ?
How can I decommission the old 2008 R2 Domain controller without impacting the Exchange email and DNS resolution ?
Thanks.
I'm about to commission 2x new Windows Server 2012 R2 and promote it as AD integrated DNS with Domain Controller (GC) role to replace the existing 2008 R2 DC/GC & DNS role.
What are the steps to implement it without outage or downtime to the existing environment ?
How can I decommission the old 2008 R2 Domain controller without impacting the Exchange email and DNS resolution ?
Thanks.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
I did this a few months ago. Long story short, I added a new 2012 server as a DC and let it run for a few days before taking down my first old server. I did it again a week or so later for the other one. I did not have any downtime. I used new names and IP's. I did not raise my domain functional level.
Now there are a lot of details in there and adjustments / cleanup that needs to be done, but it's usually not too bad. If you don't do this often, I would highly recommend bringing in someone that regularly makes this transition for people and who can help you take a hard look at your environment and clean up any problems before you start. It is very important to make sure your environment is sound before you start making changes.
Now there are a lot of details in there and adjustments / cleanup that needs to be done, but it's usually not too bad. If you don't do this often, I would highly recommend bringing in someone that regularly makes this transition for people and who can help you take a hard look at your environment and clean up any problems before you start. It is very important to make sure your environment is sound before you start making changes.
Simply promote the new servers and make them both DNS servers and global catalog servers (these will all be options during the promotion). Any AD-integrated DNS zones will be replicated to them automatically as part of AD replication. Once you've verified that replication is taking place, you'll need to configure the machines in your domain to use the new servers as their DNS servers. Client machines typically get this setting from a DHCP server, so you'll need to change it there if you have one. Machines with static IP addresses, which likely include any other servers in your domain, will need to have their DNS servers configured manually.
Exchange shouldn't have a problem locating one of the new global catalog servers. You don't have Exchange installed on the old DC, though, do you? If so, that could get sticky.
You'll want to transfer the FSMO roles off of the old server before demoting it, and you will want to demote it before taking it offline, so the new servers won't keep trying to replicate from it.
Exchange shouldn't have a problem locating one of the new global catalog servers. You don't have Exchange installed on the old DC, though, do you? If so, that could get sticky.
You'll want to transfer the FSMO roles off of the old server before demoting it, and you will want to demote it before taking it offline, so the new servers won't keep trying to replicate from it.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Hi Luis,
No, I plan to have different name and IP address since keeping the same name is going to be harder to cutover.
No, I plan to have different name and IP address since keeping the same name is going to be harder to cutover.
Dave and Sykes,
Thanks for the reply. No, it is just running as Domain Controller / Global Catalog + DNS and DHCP only for the remote office (different AD site but same AD domain).
The old 2008 R2 server does not have any FSMO role since the FSMO roles are held by the main DC/GC in the Data Center.
I guess it is just simple Next-Next-Finish deployment :-)
Thanks for the reply. No, it is just running as Domain Controller / Global Catalog + DNS and DHCP only for the remote office (different AD site but same AD domain).
The old 2008 R2 server does not have any FSMO role since the FSMO roles are held by the main DC/GC in the Data Center.
I guess it is just simple Next-Next-Finish deployment :-)
I've also checked in the AD domain, any server with static DNS is not using the DNS in these two servers that I'm about to decommission.
DHCP scope can be changed the day before the demotion I guess.
DHCP scope can be changed the day before the demotion I guess.
Theb*cirrent* lease time should be used to decide the window between changing DHCP scope options and when you can decommission the server. Changing the lease time wouldn't impact leases already issued, and decommissioning in the lease window will cause interruption, which is what you are trying to avoid. "a day before, I guess" is a bit dangerous. Guessing usually is.
Cliff,
OK, so in this case how do I plan this properly ?
Can I reduce the DHCP IP lease to just 1 hour few days before the decommission process ?
so that on the decommission day, I can just wait one hour for the new IP to be assigned by the DHCP server ?
OK, so in this case how do I plan this properly ?
Can I reduce the DHCP IP lease to just 1 hour few days before the decommission process ?
so that on the decommission day, I can just wait one hour for the new IP to be assigned by the DHCP server ?
You can go ahead and add the two new servers as DNS servers in DHCP right now without removing the old server, if you'd like, then simply remove the old server once it's been decommissioned. If a client gets no response from a DNS server, it'll move on to the next one in its list, so having multiple DNS servers on a client isn't a problem. Cliff's right, though; the changes won't be seen immediately on DHCP clients with existing leases.
OK so the high-level steps will be:
1. Install & Configure the 2x new 2012 R2 VMs newDC1 & newDC2 as AD/DC&GC
2. Configure as DNS+DHCP server role
3. In the existing DHCP server oldDC1, add the new DNS server as newDC1 & newDC2
4. Reduce the IP lease from 8 days into 1 hour to make it in effect
5. After all workstation clients get the new lease, decommission / demote oldDC1 and oldDC2
Can anyone clarify if that is correct ?
1. Install & Configure the 2x new 2012 R2 VMs newDC1 & newDC2 as AD/DC&GC
2. Configure as DNS+DHCP server role
3. In the existing DHCP server oldDC1, add the new DNS server as newDC1 & newDC2
4. Reduce the IP lease from 8 days into 1 hour to make it in effect
5. After all workstation clients get the new lease, decommission / demote oldDC1 and oldDC2
Can anyone clarify if that is correct ?
You are configuring a new DHCP server *then* reconfiguring an old DHCP server? That's what your steps imply. Definitely backwards. And depending on how long the servers will coexist, adjusting lease times may not even be necessary.
To be very up front, it sounds like you have very limited experience in this area. That's a recipe for disaster.I recommend finding and working with someone who had more experience to minimize risk on such a project. It isn't worth learning on a live network.
To be very up front, it sounds like you have very limited experience in this area. That's a recipe for disaster.I recommend finding and working with someone who had more experience to minimize risk on such a project. It isn't worth learning on a live network.
Cliff,
I'm decommissioning the old 2008 R2 servers and introducing the new 2012 R2.
Hopefully the steps above I mentioned is correct apart from the DHCP scope lease modification that I'm modifying and importing with another steps (Powershell script).
I'm decommissioning the old 2008 R2 servers and introducing the new 2012 R2.
Hopefully the steps above I mentioned is correct apart from the DHCP scope lease modification that I'm modifying and importing with another steps (Powershell script).
Should be good. I just did this but I used same host/IP. I'm assuming your DHCP are plicated between the two DCs? so if you create a new one and demote the other one nothing should be down while you promote the other one up.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012
From novice to tech pro — start learning today.
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 388 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.