Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
How to integrate the new AD domain controller + DNS with the current AD domain controller with no downtime ?
Hi all,
I'm about to commission 2x new Windows Server 2012 R2 and promote it as AD integrated DNS with Domain Controller (GC) role to replace the existing 2008 R2 DC/GC & DNS role.
What are the steps to implement it without outage or downtime to the existing environment ?
How can I decommission the old 2008 R2 Domain controller without impacting the Exchange email and DNS resolution ?
Thanks.
I'm about to commission 2x new Windows Server 2012 R2 and promote it as AD integrated DNS with Domain Controller (GC) role to replace the existing 2008 R2 DC/GC & DNS role.
What are the steps to implement it without outage or downtime to the existing environment ?
How can I decommission the old 2008 R2 Domain controller without impacting the Exchange email and DNS resolution ?
Thanks.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I did this a few months ago. Long story short, I added a new 2012 server as a DC and let it run for a few days before taking down my first old server. I did it again a week or so later for the other one. I did not have any downtime. I used new names and IP's. I did not raise my domain functional level.
Now there are a lot of details in there and adjustments / cleanup that needs to be done, but it's usually not too bad. If you don't do this often, I would highly recommend bringing in someone that regularly makes this transition for people and who can help you take a hard look at your environment and clean up any problems before you start. It is very important to make sure your environment is sound before you start making changes.
Now there are a lot of details in there and adjustments / cleanup that needs to be done, but it's usually not too bad. If you don't do this often, I would highly recommend bringing in someone that regularly makes this transition for people and who can help you take a hard look at your environment and clean up any problems before you start. It is very important to make sure your environment is sound before you start making changes.
Simply promote the new servers and make them both DNS servers and global catalog servers (these will all be options during the promotion). Any AD-integrated DNS zones will be replicated to them automatically as part of AD replication. Once you've verified that replication is taking place, you'll need to configure the machines in your domain to use the new servers as their DNS servers. Client machines typically get this setting from a DHCP server, so you'll need to change it there if you have one. Machines with static IP addresses, which likely include any other servers in your domain, will need to have their DNS servers configured manually.
Exchange shouldn't have a problem locating one of the new global catalog servers. You don't have Exchange installed on the old DC, though, do you? If so, that could get sticky.
You'll want to transfer the FSMO roles off of the old server before demoting it, and you will want to demote it before taking it offline, so the new servers won't keep trying to replicate from it.
Exchange shouldn't have a problem locating one of the new global catalog servers. You don't have Exchange installed on the old DC, though, do you? If so, that could get sticky.
You'll want to transfer the FSMO roles off of the old server before demoting it, and you will want to demote it before taking it offline, so the new servers won't keep trying to replicate from it.
Hi Luis,
No, I plan to have different name and IP address since keeping the same name is going to be harder to cutover.
No, I plan to have different name and IP address since keeping the same name is going to be harder to cutover.
Dave and Sykes,
Thanks for the reply. No, it is just running as Domain Controller / Global Catalog + DNS and DHCP only for the remote office (different AD site but same AD domain).
The old 2008 R2 server does not have any FSMO role since the FSMO roles are held by the main DC/GC in the Data Center.
I guess it is just simple Next-Next-Finish deployment :-)
Thanks for the reply. No, it is just running as Domain Controller / Global Catalog + DNS and DHCP only for the remote office (different AD site but same AD domain).
The old 2008 R2 server does not have any FSMO role since the FSMO roles are held by the main DC/GC in the Data Center.
I guess it is just simple Next-Next-Finish deployment :-)
I've also checked in the AD domain, any server with static DNS is not using the DNS in these two servers that I'm about to decommission.
DHCP scope can be changed the day before the demotion I guess.
DHCP scope can be changed the day before the demotion I guess.
Theb*cirrent* lease time should be used to decide the window between changing DHCP scope options and when you can decommission the server. Changing the lease time wouldn't impact leases already issued, and decommissioning in the lease window will cause interruption, which is what you are trying to avoid. "a day before, I guess" is a bit dangerous. Guessing usually is.
Cliff,
OK, so in this case how do I plan this properly ?
Can I reduce the DHCP IP lease to just 1 hour few days before the decommission process ?
so that on the decommission day, I can just wait one hour for the new IP to be assigned by the DHCP server ?
OK, so in this case how do I plan this properly ?
Can I reduce the DHCP IP lease to just 1 hour few days before the decommission process ?
so that on the decommission day, I can just wait one hour for the new IP to be assigned by the DHCP server ?
You can go ahead and add the two new servers as DNS servers in DHCP right now without removing the old server, if you'd like, then simply remove the old server once it's been decommissioned. If a client gets no response from a DNS server, it'll move on to the next one in its list, so having multiple DNS servers on a client isn't a problem. Cliff's right, though; the changes won't be seen immediately on DHCP clients with existing leases.
OK so the high-level steps will be:
1. Install & Configure the 2x new 2012 R2 VMs newDC1 & newDC2 as AD/DC&GC
2. Configure as DNS+DHCP server role
3. In the existing DHCP server oldDC1, add the new DNS server as newDC1 & newDC2
4. Reduce the IP lease from 8 days into 1 hour to make it in effect
5. After all workstation clients get the new lease, decommission / demote oldDC1 and oldDC2
Can anyone clarify if that is correct ?
1. Install & Configure the 2x new 2012 R2 VMs newDC1 & newDC2 as AD/DC&GC
2. Configure as DNS+DHCP server role
3. In the existing DHCP server oldDC1, add the new DNS server as newDC1 & newDC2
4. Reduce the IP lease from 8 days into 1 hour to make it in effect
5. After all workstation clients get the new lease, decommission / demote oldDC1 and oldDC2
Can anyone clarify if that is correct ?
You are configuring a new DHCP server *then* reconfiguring an old DHCP server? That's what your steps imply. Definitely backwards. And depending on how long the servers will coexist, adjusting lease times may not even be necessary.
To be very up front, it sounds like you have very limited experience in this area. That's a recipe for disaster.I recommend finding and working with someone who had more experience to minimize risk on such a project. It isn't worth learning on a live network.
To be very up front, it sounds like you have very limited experience in this area. That's a recipe for disaster.I recommend finding and working with someone who had more experience to minimize risk on such a project. It isn't worth learning on a live network.
Cliff,
I'm decommissioning the old 2008 R2 servers and introducing the new 2012 R2.
Hopefully the steps above I mentioned is correct apart from the DHCP scope lease modification that I'm modifying and importing with another steps (Powershell script).
I'm decommissioning the old 2008 R2 servers and introducing the new 2012 R2.
Hopefully the steps above I mentioned is correct apart from the DHCP scope lease modification that I'm modifying and importing with another steps (Powershell script).
Premium Content
You need an Expert Office subscription to comment.Start Free Trial