Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP
-
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Is renaming a DC allowed? I didn’t think windows allowed this.
My thinking is a staged approach.
Install and configure 2016 DC, unless you are ok running temp with second DC only.
Migrate roles and make sure all checks are clean.
Use MS tool to make backup of printers.
Demote old DC, then remove from domain and turn off.
Build second VM with name and IP of old DC1, add AD.
Restore printers
Decom temp 2016 DC.This whole thing is a bit unclear, and then you completely lost me at "Decom temp 2016 DC"
-
The first 2016 DC would be named like DC-temp. It is only there so you always have Two DCs online.
If you are OK with only your second DC being online, then you start by the sporting printer settings, the decom current DC1, then build new VM as DC1 promo to AD, restore printers and go.
-
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
The first 2016 DC would be named like DC-temp. It is only there so you always have Two DCs online.
If you are OK with only your second DC being online, then you start by the sporting printer settings, the decom current DC1, then build new VM as DC1 promo to AD, restore printers and go.
ooh, I see. Basically, move the FSMO roles to BDC1 and make it the only DC, then completely decomission DC1 and remove it from the domain and everything. Then set up the new 2016 server completely as DC1 used to be and the send the FSMO roles back? That seems a bit safer.
I think only a handful of things only point to DC1 for DNS because their settings only allowed for a single DNS entry instead of the usual multiple fields options..
-
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
Agreed, take this as a time to fix this rather than doing extra work now to maintain it. Clean up two things at once.
-
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Is renaming a DC allowed? I didn’t think windows allowed this.
It really does not like it, that's for sure.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?
It's bad to do, but can be done.
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
Agreed, take this as a time to fix this rather than doing extra work now to maintain it. Clean up two things at once.
How would you go about fixing it?
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?
It's bad to do, but can be done.
And what about if I were to completely de-commission DC1, then remove it from the domain the right way, then set up the new 2016 to be the same as DC1 was. In that way, wouldn't it be like setting up a new DC since there wouldn't be a trace of the old one?
-
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?
It's bad to do, but can be done.
And what about if I were to completely de-commission DC1, then remove it from the domain the right way, then set up the new 2016 to be the same as DC1 was. In that way, wouldn't it be like setting up a new DC since there wouldn't be a trace of the old one?
Except, you know, the keys
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?
It's bad to do, but can be done.
And what about if I were to completely de-commission DC1, then remove it from the domain the right way, then set up the new 2016 to be the same as DC1 was. In that way, wouldn't it be like setting up a new DC since there wouldn't be a trace of the old one?
Except, you know, the keys
What do you mean the keys? Registry keys?? Wouldn't they be cleaned up during proper decommission?
-
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
Exactly. Never do that. Just add a new one, demote the old.
-
Changing the IP on a DC as the very last step is fine. It'll change everything automagically, such as the DNS records and such.
It's always better not to do it, but if you MUST, then it should be fine.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
Keeping the same name and IP is a recipe for disaster.
I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?
It's bad to do, but can be done.
And what about if I were to completely de-commission DC1, then remove it from the domain the right way, then set up the new 2016 to be the same as DC1 was. In that way, wouldn't it be like setting up a new DC since there wouldn't be a trace of the old one?
Except, you know, the keys
What do you mean the keys? Registry keys?? Wouldn't they be cleaned up during proper decommission?
Identity keys. And no, it's not the same machine. The issue here is that you are trying to have one key masquerade as if it is another when it is not.
-
What do you have that's relying upon AD? other than windows logon and Exchange? You can change Exchange to use another GC as it's catalog.
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
-
This post is deleted! -
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.
It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.
Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
-
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).
-
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).
That is a different issue. I also never leave that at such a stupid default value. Production LAN networks are set to 24 hours.
Guest networks are set to 4 or 8 hours.
