Pedro Azevedo
asked on
Migrating DC's Server System but mantaining IP's
Whats the best way to preserve Domain controllers IP addresses when migrating to 2016 Server from 2018 R2? Remove 1st the old DC's and after replication install new DC's with same names on the same old DC's IP's addresses? Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As to the necessity of using the same IP's, that's easy: big old enterprise, where not all the servers are DHCP connected...So? Add the new IP right now. It simply won't respond when called upon. Yes, it MIGHT slow resolution a few milliseconds... but since DNS is caching, it shouldn't cause a significant long term delay. And besides, don't all systems have more than one DNS Server specified? If not, you should probably correct that... and if so, then you're covered. Assuming you don't want to be proactive and add the new IP first, you can add it later. You could also script things to be added via powershell or even batch and NETSH.
And my job as an A.D. guy is, gess what?
Do it without anybody notice on a weekend time lapse!
FIX THINGS. Don't just kick the can down the road... you're not the US Government... (are you?)
Yeah, if they're all on AD you should be able to update the configs en masse (there are DNS GPOs).
ASKER
Oh Dustin, just when you gave a great guide before, now you reply with a comment that forguet one obvious thing: if I wont the same IP's is because I do not have a quick and efficient communication with local IT on site worldwide. I cannot force AD settings with GPO on app servers that are not domain bounded... Nor on network devices from other firms... The scenario is mutch more complicated, I gess, on old entreprises that do not rely only on Windows Tech...
ASKER
OK:
After some tests I have come to the following optimal routine on test environment (win 2008 R2 promoting to 2016 Server):
1 - Move FSMO roles to DC's where IP is not important
2 - Update DFRSG mode
3 - Replace all DC's on top domain and after on the child domains wich does not envolve using same IP's
4 - Start replacing DC's from top domain that need the same IP on new 2016 DC (except FSMO)
a) - Create a new 2016 DC
b) – Use dcpromo to decommission old DC
c) - Short DNS scavenging and time-out periods
d) - Only when ntdsutil check out on PDC confirms removal of old DC, proceed with changing old DC (now server) change of IP
e) - wait for DNS replication
f) - add secondary IP to new Domain Controller 2016
g) - shutdown old 2008 R2 Domain Controller
h) - force DNS scavenging and replication (AD integrated?)
i) - make the secondary IP (old win 2008 DC IP) the primary IP of the 2016 Domain Controller
j) - When it comes to FSMO Roles migration, this should be done last to a 2016 DC already implemented, starting from the top domain.
Please always perform checking of your AD each steps, like dcdiag, netshare on each DC, etc.
On a big entreprise, this should be implemented off-hours and fazed trough time.
Don't forget to use 2016 Core on small sites ;), it increases a lot the performance and reduces hardware and administration requirements!
Thanks to all the contributions
After some tests I have come to the following optimal routine on test environment (win 2008 R2 promoting to 2016 Server):
1 - Move FSMO roles to DC's where IP is not important
2 - Update DFRSG mode
3 - Replace all DC's on top domain and after on the child domains wich does not envolve using same IP's
4 - Start replacing DC's from top domain that need the same IP on new 2016 DC (except FSMO)
a) - Create a new 2016 DC
b) – Use dcpromo to decommission old DC
c) - Short DNS scavenging and time-out periods
d) - Only when ntdsutil check out on PDC confirms removal of old DC, proceed with changing old DC (now server) change of IP
e) - wait for DNS replication
f) - add secondary IP to new Domain Controller 2016
g) - shutdown old 2008 R2 Domain Controller
h) - force DNS scavenging and replication (AD integrated?)
i) - make the secondary IP (old win 2008 DC IP) the primary IP of the 2016 Domain Controller
j) - When it comes to FSMO Roles migration, this should be done last to a 2016 DC already implemented, starting from the top domain.
Please always perform checking of your AD each steps, like dcdiag, netshare on each DC, etc.
On a big entreprise, this should be implemented off-hours and fazed trough time.
Don't forget to use 2016 Core on small sites ;), it increases a lot the performance and reduces hardware and administration requirements!
Thanks to all the contributions
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'Dustin Saunders' (https:#a42680686)
-- 'Lee W, MVP' (https:#a42680527)
-- 'Paul MacDonald' (https:#a42680513)
-- 'Alex' (https:#a42680506)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'Dustin Saunders' (https:#a42680686)
-- 'Lee W, MVP' (https:#a42680527)
-- 'Paul MacDonald' (https:#a42680513)
-- 'Alex' (https:#a42680506)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
ASKER
Gona try it in some days - the weekend is here and I have asked VMware team to rebuild my test environment to start clean.
All previous replyes didn't made it in a transition beteween 2008R2 to 2016 Server Domain Controllers - all seems OK with DCdiag but the fact is that as soon as I create a new DC with the same IP, old Win2008 R2 DC Machines give replications errors, due to DNS problems.
Probably I had already problems when I migrated the FSMO roles to a 2016 DC.
As to the necessity of using the same IP's, that's easy: big old enterprise, where not all the servers are DHCP connected...
And my job as an A.D. guy is, gess what?
Do it without anybody notice on a weekend time lapse!
Until I check in test environment, thanks to all.
I will reply my conclusions as soon as possible.
Best Regards
Pedro Azevedo