Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP

JaredBusch

And you do not have to use a CNAME. An A record is just fine too. For excample, notmydc can be an A record pointing to the same IP as DC1. Or it can be a CNAME pointing to the DNS name of DC1.

Either way, when DC1 goes to shit, you can simply update the DNS record for notmydc to point to wherever you need at that time.

scottalanmiller

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

If you wanted to round robin between them, yes.

JaredBusch

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

If you wanted to round robin between them, yes.

Which almost no one ever actually needs or wants to do. The LoB application server is generally in one place.

dave247

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

And you do not have to use a CNAME. An A record is just fine too. For excample, notmydc can be an A record pointing to the same IP as DC1. Or it can be a CNAME pointing to the DNS name of DC1.

Got it.

Either way, when DC1 goes to shit

hahaha

dave247

Thanks for all your input guys. This has really helped me.