Migration of Active Directory and Exchange From One Data-center to Another Datacenter

Muhammad Asif
Muhammad Asif used Ask the Experts™
on
Currently we have two Exchange servers in DAG and two Domain Controllers in one data-center with dedicated Rack.

We would like to completely migrate the Exchange and AD to new data-center. The plan is to deploy/mounted the new rack in old Data-center, to migrate the data from old rack. As, There would not be any site-2-site or VPN link for connectivity between the data-centers.

After the migration the new rack will be moved to new data-center and Exchange will be running from here.

Please suggest an plan to achieve the AD and Exchange Migration and then power-up the servers in new data-center .
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi How far will be the new datacenter from old datacenter?  Main challenge is with Networking. Are you going to keep the same IP ranges in the new Datacenter? New DC will be having same Network Setup with IPs ranges ?
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

Commented:
As commented above you dont need to worry about that if you keep the same IP range.
Just move and start working.

If you are using a different IP you just change the IP according to the new network and delete the old A records (with old IP addresses) from DNS server and restart the server.
You are done.

-> There would not be any site-2-site or VPN link for connectivity between the data-centers.
This made your work easy.

Do not forget to change the public IP in external DNS.  i.e. A records,  MX record and SPF record.
Murat ElmasGeneral Manager, Strategic Planning Director - Computer Engineer, MBA
Commented:
First we need to know some conditions.
However, if a plan is made based on possible assumptions,
first make 2 new Exchange installations and add them to the existing DAG structure.
Then install 2 new servers and add them as additional active directory servers.
Move the FSMO roles to the new servers.
Turn old servers out of order and shut down.
Uninstall Exchange from Old Servers.
Close the old Exchange servers in order.
At the end of this process, your old servers will be shut down and your new servers will be active.
In the new data center, if the real IP addresses of the Exchange servers will change, make sure that the Reverse DNS and MX records for these addresses are configured correctly.
First, shut down one of two Exchange server with the Failover Cluster Role inactive, then disconnect traffic to Exchange via firewall and then shut down the last Exchange server.
Then, turn off what does not have the FSMO roles of the Active Directory server, and finally shut down your Active Directory server with FSMO roles.
After the move, follow the same sequence to open your last close first.
Theoretically, this scenario runs smoothly when you do everything properly.
Have a nice day
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Muhammad AsifSenior Solutions Architect

Author

Commented:
Dear Murat Elmas,

Thank you so much for valuable suggestion. I am thinking in same way.  However, I have only one concern with this plan, there would not be any fail-back plan.

In-case of something happen, like hardware issue or any other in migration of new rack from old data center to new data-center.

I would like to have plan with failback plan.
Server engineer
Commented:
Plan For moving Exchange to New DataCenter:
=======================================


Here's the checklist I made to be followed in sequential order.
1. Notify our end-users ahead of time
2. Ensure all backups are functioning properly and up-to-date
3. Console into Exchange server and unplug from network
4. Re-static NIC w/ new network settings (IP, DNS, Gateway, etc.)
5. Shutdown server, un-rack, and physically move to new location
6. Rack server at new location and make all connection but don't power up just yet
7. Configure internal DNS - updating all entries w/ new IP info
8. Setup firewall rules on UTM @ new location (ie: allowing outbound SMTP)
9. Setup DNAT rules on UTM @ new location
10. Update all Exchange network definitions on all enterprise UTMs
11. Update external DNS a records (ie: mail.youdomain.com)
12. Since we use a 3rd party filtering service, we kept our MX records pointed there but we did have to repoint the filtering service to the new external IP for Exchange
13. We also filter outbound mail and had to configure the 3rd party outbound filter to accept mail from the new external IP
14. At this point we powered-on the Exchange server and started testing (ActiveSync, MAPI, OWA, internal SMTP relaying, etc.)
15. Configured backups for Exchange @ new location
Muhammad AsifSenior Solutions Architect

Author

Commented:
Dear Saif,

The Exchange servers are virtual machines on VMware and need to migrate on new HCI infrastructure. The plan provided by @Murat Elmas is the same which I am planing to move ahead.

But I have only problem with this plan is that I would not have any fail-back plan.
Saif ShaikhServer engineer

Commented:
Murat also said "Move the FSMO roles to the new servers."

This is something you will be doing with network connectivity but since you said that there will not be any VPN link, so how will you go with the above step.

transfer is not possible without network connectivity are you going to enroll a new AD site and enroll a new VM for DC's and exchange???

If yes then seizing is the only option with both the datacenter having the same set of nodes i.e AD and exchange.

If you are going with Murat plan then there is definately no failback because you have to decomission old AD and exchange servers//
Murat ElmasGeneral Manager, Strategic Planning Director - Computer Engineer, MBA

Commented:
Hello Muhammad,

The return plan needs to do well of course. But there will always be risk.
My suggestion is to take the clones servers which the newly installed machines when theye are off and run the clones on the same brand and model servers in case of a possible accident.

You can even test it in a closed network before moving.

Regards
Murat ElmasGeneral Manager, Strategic Planning Director - Computer Engineer, MBA

Commented:
Dear Saif,

The issue you missed is that the processes (new setups) will be done on the old site before moving operation.

Regards
MaheshArchitect
Distinguished Expert 2018

Commented:
If you can make network connectivity between old and new data centers, then its good choice to create new servers etc at new DC to minimize disruption, that's the only fool proof plan

Otherwise;
Since you don't have any connectivity between both DCs, better you should directly move storage and VMware servers to new DC and start there, engage your ad and exchange professionals there
Again if IP scheme is about to change, 1st change for DC one by one followed by reboot respectively and then make IP changes on exchange server followed by reboot

at new site sequence should be:
Establish networking in advance an ensure connectivity is correct with and within VLAN, public IPs and so on.
start storage and ensure its started and functioning
start VMware servers and ensure storage is mapped correctly, you may need to change IP scheme
start DC servers change IP config and reboot, follow for other DC as well
start exchange server, change IP and DNS, reboot
Next take other servers
Muhammad AsifSenior Solutions Architect

Author

Commented:
Dear Murat Elmas,

Thank you so much for understanding the situation correctly and providing the valuable suggestions. What if we migrate the same AD and Exchange machines by taking the snapshot? Will it work?

I am sure that it will work. But the Microsoft does not recommend the snapshot method as they have mentioned in below article:

https://docs.microsoft.com/en-us/exchange/exchange-2013-virtualization-exchange-2013-help?redirectedfrom=MSDN
Murat ElmasGeneral Manager, Strategic Planning Director - Computer Engineer, MBA

Commented:
Hello Muhammad,

Active Directory and Exchange are not reliable methods for snapshot. It may work, but it's too risky.
Clone is a more reliable way of snapshot

Regards
MaheshArchitect
Distinguished Expert 2018

Commented:
The answer you selected only talks about exchange...
No points given to Murat. Since his answers helped you as you stated in your comments...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial