Is it safe practice to reuse same ip and servername during migration/upgrade of domain controllers?
Hi,
I am in the process of upgrading my domain controllers. I currently have DC1 (2008R2 on physical hardware with all FSMO roles on it and dhcp server) and DC2 ( 2008r2, virtual on VMware 5.5).
I am planning on putting up a 2016 VM and promoting it to a DC, called DC3. Then I would demote DC2, make sure AD replicates and no meta data left from DC2, then take vm DC2 off the domain. Create a new 2016 VM, give it same ip and server name of DC2 and then promote the server to a domain controller (called DC2)
Is this proper/safe procedure? I would ideally like to keep same ip and name if there is no risk involved.
Thank you.
I am in the process of upgrading my domain controllers. I currently have DC1 (2008R2 on physical hardware with all FSMO roles on it and dhcp server) and DC2 ( 2008r2, virtual on VMware 5.5).
I am planning on putting up a 2016 VM and promoting it to a DC, called DC3. Then I would demote DC2, make sure AD replicates and no meta data left from DC2, then take vm DC2 off the domain. Create a new 2016 VM, give it same ip and server name of DC2 and then promote the server to a domain controller (called DC2)
Is this proper/safe procedure? I would ideally like to keep same ip and name if there is no risk involved.
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it really weird....
we name our servers after the Simpson Characters....
So we have
homer
marge
bart
lisa
what's in a name....IP Addresses are more important and good working DNS
What would happen in the future if you had a DC which you had to forcibly remove, if it failed...
would you rename all your DCs again... (against Microsoft advice, re-using any name for a failed DC)
The reason we don't re-use names, and we re-IP, is because of connections, e.g. users often do weird things...
when we decommissions a server or service, it's gone and retired the name and IP Address.
we name our servers after the Simpson Characters....
So we have
homer
marge
bart
lisa
what's in a name....IP Addresses are more important and good working DNS
What would happen in the future if you had a DC which you had to forcibly remove, if it failed...
would you rename all your DCs again... (against Microsoft advice, re-using any name for a failed DC)
The reason we don't re-use names, and we re-IP, is because of connections, e.g. users often do weird things...
when we decommissions a server or service, it's gone and retired the name and IP Address.
its really upto you and how your AD integrated applications, firewalls, network devices and any other AD dependant services constructed?
If they are pointing to DC IPs, you could retain IP of renewed DC
If they are pointing to DC hostname / FQDN, you could retain hostnames
If you can manage all of them with new name / IP, that is also possible
No need to worry about naming conventions by involving complexity
If they are pointing to DC IPs, you could retain IP of renewed DC
If they are pointing to DC hostname / FQDN, you could retain hostnames
If you can manage all of them with new name / IP, that is also possible
No need to worry about naming conventions by involving complexity
We normally use a portion of the Company name as the Domain name - abbreviation or like.
Doing a server swap is possible, but not recommended. You would need to do a lot of cleanup work to get things functioning properly. Here's the process:
Install new server on a different IP than the original server
Promote new server as a DC
Make sure both servers are holding the same version of the AD database
Migrate FSMO roles to new DC
Demote old DC
Remove old DC from the domain (change it to a workgroup system)
Power down old DC
Stop the NETLOGON service on the new DC
Change the IP of the new DC to match what the old DC's IP was
Restart NETLOGON
You can change the name of the new DC, but I would recommend against doing that unless absolutely necessary, it's a complicated process and unless you have a lot of stuff pointing specifically to the old DC's name, it isn't worth the effort.
Note, you will probably have a good bit of downtime when you do this, particularly since your clients will be pointing to the old DC until you re-IP the new DC.
Install new server on a different IP than the original server
Promote new server as a DC
Make sure both servers are holding the same version of the AD database
Migrate FSMO roles to new DC
Demote old DC
Remove old DC from the domain (change it to a workgroup system)
Power down old DC
Stop the NETLOGON service on the new DC
Change the IP of the new DC to match what the old DC's IP was
Restart NETLOGON
You can change the name of the new DC, but I would recommend against doing that unless absolutely necessary, it's a complicated process and unless you have a lot of stuff pointing specifically to the old DC's name, it isn't worth the effort.
Note, you will probably have a good bit of downtime when you do this, particularly since your clients will be pointing to the old DC until you re-IP the new DC.
ASKER
Hi Adam,
In my case I am not swapping DC1 info to DC2 info. I would have 3 live DC's up and then demote one (say DC2) and then on a new VM (not a dc) I would put dc2 info into it (ip and name) and then promote it to a domain controller.
In my case I am not swapping DC1 info to DC2 info. I would have 3 live DC's up and then demote one (say DC2) and then on a new VM (not a dc) I would put dc2 info into it (ip and name) and then promote it to a domain controller.
ASKER
Thank you all for your valuable help.
You are most welcome and I was happy to help you.
Hello,
I have the same problem:
I have like 50 DC'S in my company two DC for 25 sites.
We need to migrate the 50 DC's from 2008 R2 to 2019, but we need to keep the same name and ip as a lot devices are pointing to the ip, others to name.
The best procedure would be:
-Create new server, assign other IP.
-Demote old DC, put in a workgroup, delete from ad, delete from sites and services, ensure all metadata is deleted (ndtdsutil).
-Change ip, name old server.
-In new server leave domain, assign same name and ip from the old server, join domain, and promote DC.
I think this steps are ok, not? The problem is I dont know how to ensure all metada is 100% clear from old DC and the production is 24/7 and would like to know how many hours will have to be stopped the server as can't leave 1 entery date as are devices that only has 1 dns pointing to them, and not secundary.
Any help?
Thanks
I have the same problem:
I have like 50 DC'S in my company two DC for 25 sites.
We need to migrate the 50 DC's from 2008 R2 to 2019, but we need to keep the same name and ip as a lot devices are pointing to the ip, others to name.
The best procedure would be:
-Create new server, assign other IP.
-Demote old DC, put in a workgroup, delete from ad, delete from sites and services, ensure all metadata is deleted (ndtdsutil).
-Change ip, name old server.
-In new server leave domain, assign same name and ip from the old server, join domain, and promote DC.
I think this steps are ok, not? The problem is I dont know how to ensure all metada is 100% clear from old DC and the production is 24/7 and would like to know how many hours will have to be stopped the server as can't leave 1 entery date as are devices that only has 1 dns pointing to them, and not secundary.
Any help?
Thanks
ASKER
Assuming I would want to be extra cautious, any suggestions for the naming convention? The main reason to keep my dns name the same is that it will look weird to have dc names like dc1, dc3, without a dc2 r. Or when I upgrade dc1, the naming would then be dc3 and dc4.