Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP
-
This post is deleted! -
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.
It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.
Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
-
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).
-
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).
That is a different issue. I also never leave that at such a stupid default value. Production LAN networks are set to 24 hours.
Guest networks are set to 4 or 8 hours. -
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.
It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.
Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
omg yes, that makes total sense!! That would make updating the DNS entries SO MUCH EASIER... I'm actually pissed I didn't realize this earlier. We currently have all our static addresses set on the host side, not via reservation. This was done by previous administrators. When I came on board I suggested reservations (as I had been reading up on DHCP stuff). We never implemented it and I just forgot about it, but I'm going to now that I see what you're saying makes total sense.
Thanks JB
-
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).
Sounds like another good idea. I currently have it set to 3 days, but I'll change that to every 24 hours as JB mentioned.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).
Sounds like another good idea. I currently have it set to 3 days, but I'll change that to every 24 hours as JB mentioned.
I chose 24 hours intentionally.
If a user reboots their machine at 8am, it will not request a renew until 8pm. So nothing should impact a normal work day.
For the same reason, I chose to force weekly reboots of user computers at 4am on Mondays. Their DHCP renew should be at 4pm and very unlikely to impact their workday, but still an hour before end of business just in case. That way I get trouble reports at the end of the day and can work on it instead of en mass the next morning when everyone comes in.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
What? Can you elaborate?
-
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.
It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.
Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.
So to recap myself and Jared:
Static the following:
- Router
- DC
- DHCP Hypervisor
- DHCP Hypervisor's iDRAC
-
@tim_g said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.
It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.
Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.
So to recap myself and Jared:
Static the following:
- Router
- DC
- DHCP Hypervisor
- DHCP Hypervisor's iDRAC
Yeah, missed those. Those two also need to be static.
-
@tim_g said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.
It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.
Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.
This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.
One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.
So to recap myself and Jared:
Static the following:
- Router
- DC
- DHCP Hypervisor
- DHCP Hypervisor's iDRAC
Yes, all my ESXi hosts and their iDRAC's are static.
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
We are talking about app settings, not DNS. You are talking about IP settings that point to your DNS servers. But we were discussing things pointed to your AD or app servers.
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.
Unless it is really crappy software, it should be able to do that.
You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.
Edit: And Scott replied while I was. (teach me to be on the phone while responding).
-
Unless it is really crappy software, it should be able to do that.
Even Sage supports name resolution.
-
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.
Unless it is really crappy software, it should be able to do that.
You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.
Edit: And Scott replied while I was. (teach me to be on the phone while responding).
oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.
Unless it is really crappy software, it should be able to do that.
You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.
Edit: And Scott replied while I was. (teach me to be on the phone while responding).
oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..
You can always use a CNAME. The app can't tell what is an A record or a CNAME record.
-
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.
Unless it is really crappy software, it should be able to do that.
You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.
Edit: And Scott replied while I was. (teach me to be on the phone while responding).
oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..
You can always use a CNAME. The app can't tell what is an A record or a CNAME record.
And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?
-
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:
How I'd handle it....
Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.
To go after a proximate fix...
- Set up the new DC. Do NOT use the old IP or hostname.
- Get it all working with the old machines in place.
- Create a CNAME to point the old name to the new server's A record. Remove the old machine.
- If you must, change the new IP to the old IP.
Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:
- Set up the new 3rd domain controller new name (DC3) and IP address
- Pass the roles from DC1 to DC3
- Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3
If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.
Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.
Thank you
Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.
I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.
What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.
Unless it is really crappy software, it should be able to do that.
You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.
Edit: And Scott replied while I was. (teach me to be on the phone while responding).
oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..
You can always use a CNAME. The app can't tell what is an A record or a CNAME record.
And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?
Not exactly. Use a CNAME instead of a specific DC name so you can update whenever. But a CNAME still points to a single record.
