ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier)

    Scheduled Pinned Locked Moved IT Discussion
    45 Posts 9 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dave247D
      dave247
      last edited by

      So basically, what I should do, is swap as much of my manual static to DHCP reservation that I possibly can. Then I can update DNS in the DHCP scope and all should be well... sounds like a good plan.

      scottalanmillerS 1 Reply Last reply Reply Quote 3
      • scottalanmillerS
        scottalanmiller @dave247
        last edited by

        @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

        So basically, what I should do, is swap as much of my manual static to DHCP reservation that I possibly can. Then I can update DNS in the DHCP scope and all should be well... sounds like a good plan.

        Correct. This will make things easier and easier over time.

        dave247D 1 Reply Last reply Reply Quote 2
        • dave247D
          dave247 @scottalanmiller
          last edited by dave247

          @scottalanmiller

          One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

          JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @dave247
            last edited by

            @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

            @scottalanmiller

            One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

            I assume you have a Windows 2012 R2 or newer AD serve rthat is your DHCP server? If so, you can make a secondary.

            If not, with any version back even to Server 2003, you can export your scope and reimport it on a new server.

            dave247D 1 Reply Last reply Reply Quote 3
            • scottalanmillerS
              scottalanmiller @dave247
              last edited by

              @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

              @scottalanmiller

              One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

              DHCP Reservations are like normal DHCP Leases, so if you have them for, say 48 hours, you will likely have quite some time before things start to lose their leases. You have several choices...

              1. Have failover DHCP so that you are not dependent on a single once.
              2. Recreate everything by hand, for even 100 machines, this is trivial amounts of work as long as you document it.
              3. Take a backup and restore.
              4. Set the reservations programtically like through a script or state system.
              dave247D JaredBuschJ 3 Replies Last reply Reply Quote 1
              • dave247D
                dave247 @JaredBusch
                last edited by

                @jaredbusch said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                @scottalanmiller

                One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

                I assume you have a Windows 2012 R2 or newer AD serve rthat is your DHCP server? If so, you can make a secondary.

                If not, with any version back even to Server 2003, you can export your scope and reimport it on a new server.

                2008 R2. But, what I will probably do is set up the new 2016 DC and then move DHCP role to that and set up the reservations and things. Then, when the time is right, I will point everything from old DC to new DC

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • dave247D
                  dave247 @scottalanmiller
                  last edited by

                  @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                  @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                  @scottalanmiller

                  One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

                  DHCP Reservations are like normal DHCP Leases, so if you have them for, say 48 hours, you will likely have quite some time before things start to lose their leases. You have several choices...

                  1. Have failover DHCP so that you are not dependent on a single once.
                  2. Recreate everything by hand, for even 100 machines, this is trivial amounts of work as long as you document it.
                  3. Take a backup and restore.
                  4. Set the reservations programtically like through a script or state system.

                  nice, thanks!

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @dave247
                    last edited by

                    @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                    @jaredbusch said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                    @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                    @scottalanmiller

                    One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

                    I assume you have a Windows 2012 R2 or newer AD serve rthat is your DHCP server? If so, you can make a secondary.

                    If not, with any version back even to Server 2003, you can export your scope and reimport it on a new server.

                    2008 R2. But, what I will probably do is set up the new 2016 DC and then move DHCP role to that and set up the reservations and things. Then, when the time is right, I will point everything from old DC to new DC

                    Don't forget those 2016 CALs (inside joke for those that saw the guy freak out about having to get CALs when updating Windows today.)

                    dave247D 1 Reply Last reply Reply Quote 1
                    • JaredBuschJ
                      JaredBusch @scottalanmiller
                      last edited by JaredBusch

                      @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                      1. Have failover DHCP so that you are not dependent on a single once.

                      Until he moves to 2016 he cannot have it "automagic" inside Windows Server. But he can manually have a backup made.

                      1 Reply Last reply Reply Quote 1
                      • dave247D
                        dave247 @scottalanmiller
                        last edited by

                        @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                        @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                        @jaredbusch said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                        @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                        @scottalanmiller

                        One last question... and I plan to look into reservation tomorrow.. but what happens with the reservations in the event that the DHCP server goes down and, say, is un-recoverable? I mean, sure it would be trivial to fire up a new server, but you'd still have all the reservations to rebuild, unless they were exported as backup and then you could import or something.. and this is worst-case. DHCP would probably never go down, except for that one time....

                        I assume you have a Windows 2012 R2 or newer AD serve rthat is your DHCP server? If so, you can make a secondary.

                        If not, with any version back even to Server 2003, you can export your scope and reimport it on a new server.

                        2008 R2. But, what I will probably do is set up the new 2016 DC and then move DHCP role to that and set up the reservations and things. Then, when the time is right, I will point everything from old DC to new DC

                        Don't forget those 2016 CALs (inside joke for those that saw the guy freak out about having to get CALs when updating Windows today.)

                        Oh for sure. I already have them set up in our budget (thanks to help I got from you guys on here)

                        1 Reply Last reply Reply Quote 1
                        • JaredBuschJ
                          JaredBusch @scottalanmiller
                          last edited by

                          @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                          DHCP Reservations are like normal DHCP Leases, so if you have them for, say 48 hours, you will likely have quite some time before things start to lose their leases. You have several choices...

                          I typically set my lease time to 8 hours. I want things to break during the business day whenever possible.
                          Machines should renew ever 4 hours with that setting. So if shit hits the fan, someone should fail to renew before you go home and clue you in to an issue.

                          1 Reply Last reply Reply Quote 0
                          • ObsolesceO
                            Obsolesce @dave247
                            last edited by

                            @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                            I was wondering, is there an easier way to do this, such as to put all the domain controllers behind a name-space or address pool or something?

                            Nope. Being that you're static everywhere... you're stuck doing it the hard way. Take this as an opportunity to use DHCP + reservations for what you want static.

                            1 Reply Last reply Reply Quote 0
                            • ObsolesceO
                              Obsolesce
                              last edited by

                              One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.

                              Starting at Step 2 below, do following steps quickly.

                              1. Bring up new DC in parallel to the old one.

                              2. Transfer FSMO roles to new DC.

                              3. Demote old DC with DCPROMO.

                              4. Turn off old DC.

                              5. Set IP on new DC to what the old DC IP was. Possilble reboot new DC.

                              6. Verify DNS stuff reflects new DC having correct IP.

                              7. On a test client/user PC, do an ipconfig /flushdns, maybe even a reboot.

                              8. On a client/user PC, do an NSLOOKUP to domain.com.

                              9. On a client/user PC, enter set log, verify it returns the correct DC.

                              dave247D 1 Reply Last reply Reply Quote 0
                              • dave247D
                                dave247 @Obsolesce
                                last edited by

                                @tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.

                                Starting at Step 2 below, do following steps quickly.

                                1. Bring up new DC in parallel to the old one.

                                2. Transfer FSMO roles to new DC.

                                3. Demote old DC with DCPROMO.

                                4. Turn off old DC.

                                5. Set IP on new DC to what the old DC IP was. Possilble reboot new DC.

                                6. Verify DNS stuff reflects new DC having correct IP.

                                7. On a test client/user PC, do an ipconfig /flushdns, maybe even a reboot.

                                8. On a client/user PC, do an NSLOOKUP to domain.com.

                                9. On a client/user PC, enter set log, verify it returns the correct DC.

                                See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..

                                scottalanmillerS dbeatoD 2 Replies Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @dave247
                                  last edited by

                                  @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                  See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..

                                  Why not? That's more or less how it is meant to be done.

                                  dave247D 1 Reply Last reply Reply Quote 0
                                  • dave247D
                                    dave247 @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                    @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                    See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..

                                    Why not? That's more or less how it is meant to be done.

                                    IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @dave247
                                      last edited by

                                      @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                      @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                      @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                      See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..

                                      Why not? That's more or less how it is meant to be done.

                                      IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol

                                      I don't think that we were, lol.

                                      dave247D 1 Reply Last reply Reply Quote 0
                                      • dave247D
                                        dave247 @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                        @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                        @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                        @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                        See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..

                                        Why not? That's more or less how it is meant to be done.

                                        IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol

                                        I don't think that we were, lol.

                                        I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...

                                        scottalanmillerS coliverC 2 Replies Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @dave247
                                          last edited by

                                          @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                          @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                          @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                          @scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                          @dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):

                                          See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..

                                          Why not? That's more or less how it is meant to be done.

                                          IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol

                                          I don't think that we were, lol.

                                          I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...

                                          Do you remember someone giving some logic or colour as to why they felt that IPs had to be protected in that way?

                                          dave247D 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch
                                            last edited by

                                            I vaguely recall someone asked no about reusing a name. But I don’t think it was a year ago.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post