Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP

dave247

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

What? Can you elaborate?

Obsolesce

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.

It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.

Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.

So to recap myself and Jared:

Static the following:

1. Router
2. DC
3. DHCP Hypervisor
4. DHCP Hypervisor's iDRAC

JaredBusch

@tim_g said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.

It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.

Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.

So to recap myself and Jared:

Static the following:

1. Router
2. DC
3. DHCP Hypervisor
4. DHCP Hypervisor's iDRAC

Yeah, missed those. Those two also need to be static.

dave247

@tim_g said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.

It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.

Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.

So to recap myself and Jared:

Static the following:

1. Router
2. DC
3. DHCP Hypervisor
4. DHCP Hypervisor's iDRAC

Yes, all my ESXi hosts and their iDRAC's are static.

dave247

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

scottalanmiller

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

We are talking about app settings, not DNS. You are talking about IP settings that point to your DNS servers. But we were discussing things pointed to your AD or app servers.

JaredBusch

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

EddieJennings

@jaredbusch

Unless it is really crappy software, it should be able to do that.

Even Sage supports name resolution.

dave247

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

scottalanmiller

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

dave247

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

JaredBusch

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

Not exactly. Use a CNAME instead of a specific DC name so you can update whenever. But a CNAME still points to a single record.

JaredBusch

And you do not have to use a CNAME. An A record is just fine too. For excample, notmydc can be an A record pointing to the same IP as DC1. Or it can be a CNAME pointing to the DNS name of DC1.

Either way, when DC1 goes to shit, you can simply update the DNS record for notmydc to point to wherever you need at that time.

scottalanmiller

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

If you wanted to round robin between them, yes.

JaredBusch

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

If you wanted to round robin between them, yes.

Which almost no one ever actually needs or wants to do. The LoB application server is generally in one place.

dave247

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

And you do not have to use a CNAME. An A record is just fine too. For excample, notmydc can be an A record pointing to the same IP as DC1. Or it can be a CNAME pointing to the DNS name of DC1.

Got it.

Either way, when DC1 goes to shit

hahaha

dave247

Thanks for all your input guys. This has really helped me.