Is it safe practice to reuse same ip and servername during migration/upgrade of domain controllers?

Hi,

I am in the process of upgrading my domain controllers. I currently have DC1 (2008R2 on physical hardware with all FSMO roles on it and dhcp server) and DC2 ( 2008r2, virtual on VMware 5.5).

I am planning on putting up a 2016 VM and promoting it to a DC, called DC3.  Then I would demote DC2, make sure AD replicates and no meta data left from DC2, then take vm DC2 off the domain. Create a new 2016 VM, give it same ip and server name of DC2 and then promote the server to a domain controller (called DC2)

Is this proper/safe procedure? I would ideally like to keep same ip and name if there is no risk involved.

Thank you.
rivkamakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shaun VermaakTechnical SpecialistCommented:
Is this proper/safe procedure? I would ideally like to keep same ip and name if there is no risk involved.
Yes, with proper cleanup but avoid it if possible.

Proper cleanup is either a normal DCPromote out of the domain, a forceful DCPromote out of domain with metadata cleanup. For both, you need to delete the site server object after

Is this proper/safe procedure? I would ideally like to keep same ip and name if there is no risk involved.
You can add more than one IP to a server. You can assign the old IP to a new server

I am planning on putting up a 2016 VM and promoting it to a DC, called DC3.  Then I would demote DC2, make sure AD replicates and no meta data left from DC2, then take vm DC2 off the domain. Create a new 2016 VM, give it same ip and server name of DC2 and then promote the server to a domain controller (called DC2)
Correct. I prefer to only rename after a day

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaheshArchitectCommented:
Yes you can
Once you demoted dc gracefully, clear its all trace from active directory except domain controller account
Just reset that computer account and join new server to ad domain with same hostname
Rest of the plan would be fine
JohnBusiness Consultant (Owner)Commented:
Yes you can do this. As per the post above, do not leave any traces of what you wish to re-use or else you may have issues.

As noted earlier, avoid reusing names and such. It may be OK to keep the static IP address if the duplicated IP has been disconnected.
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization ConsultantCommented:
We prefer to use new names and new IP Addresses.

which includes, new IP Addresses for DNS and DHCP servers.
rivkamakAuthor Commented:
Thank you all.

Assuming I would want to be extra cautious, any suggestions for the naming convention? The main reason to keep my dns name the same is that it will look weird to have dc names like dc1, dc3, without a dc2 r. Or when I upgrade dc1, the naming would then be dc3 and dc4.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization ConsultantCommented:
Is it really weird....

we name our servers after the Simpson Characters....

So we have

homer
marge
bart
lisa

what's in a name....IP Addresses are more important and good working DNS

What would happen in the future if you had a DC which you had to forcibly remove, if it failed...

would you rename all your DCs again... (against Microsoft advice, re-using any name for a failed DC)

The reason we don't re-use names, and we re-IP, is because of connections, e.g. users often do weird things...

when we decommissions a server or service, it's gone and retired the name and IP Address.
MaheshArchitectCommented:
its really upto you and how your AD integrated applications, firewalls, network devices and any other AD dependant services constructed?

If they are pointing to DC IPs, you could retain IP of  renewed DC

If they are pointing to DC hostname / FQDN, you could retain hostnames

If you can manage all of them with new name / IP, that is also possible

No need to worry about naming conventions by involving complexity
JohnBusiness Consultant (Owner)Commented:
We normally use a portion of the Company name as the Domain name - abbreviation or like.
Adam BrownSenior Systems AdminCommented:
Doing a server swap is possible, but not recommended. You would need to do a lot of cleanup work to get things functioning properly. Here's the process:

Install new server on a different IP than the original server
Promote new server as a DC
Make sure both servers are holding the same version of the AD database
Migrate FSMO roles to new DC
Demote old DC
Remove old DC from the domain (change it to a workgroup system)
Power down old DC
Stop the NETLOGON service on the new DC
Change the IP of the new DC to match what the old DC's IP was
Restart NETLOGON
You can change the name of the new DC, but I would recommend against doing that unless absolutely necessary, it's a complicated process and unless you have a lot of stuff pointing specifically to the old DC's name, it isn't worth the effort.

Note, you will probably have a good bit of downtime when you do this, particularly since your clients will be pointing to the old DC until you re-IP the new DC.
rivkamakAuthor Commented:
Hi Adam,

In my case I am not swapping DC1 info to DC2 info. I would have 3 live DC's up and then demote one (say DC2) and then on a new VM (not a dc) I would put dc2 info into it (ip and name) and then promote it to a domain controller.
rivkamakAuthor Commented:
Thank you all for your valuable help.
JohnBusiness Consultant (Owner)Commented:
You are most welcome and I was happy to help you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.