Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier)
-
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
DHCP Reservations are like normal DHCP Leases, so if you have them for, say 48 hours, you will likely have quite some time before things start to lose their leases. You have several choices...
I typically set my lease time to 8 hours. I want things to break during the business day whenever possible.
Machines should renew ever 4 hours with that setting. So if shit hits the fan, someone should fail to renew before you go home and clue you in to an issue. -
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
I was wondering, is there an easier way to do this, such as to put all the domain controllers behind a name-space or address pool or something?
Nope. Being that you're static everywhere... you're stuck doing it the hard way. Take this as an opportunity to use DHCP + reservations for what you want static.
-
One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.
Starting at Step 2 below, do following steps quickly.
-
Bring up new DC in parallel to the old one.
-
Transfer FSMO roles to new DC.
-
Demote old DC with DCPROMO.
-
Turn off old DC.
-
Set IP on new DC to what the old DC IP was. Possilble reboot new DC.
-
Verify DNS stuff reflects new DC having correct IP.
-
On a test client/user PC, do an
ipconfig /flushdns, maybe even a reboot. -
On a client/user PC, do an NSLOOKUP to domain.com.
-
On a client/user PC, enter
set log, verify it returns the correct DC.
-
-
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.
Starting at Step 2 below, do following steps quickly.
-
Bring up new DC in parallel to the old one.
-
Transfer FSMO roles to new DC.
-
Demote old DC with DCPROMO.
-
Turn off old DC.
-
Set IP on new DC to what the old DC IP was. Possilble reboot new DC.
-
Verify DNS stuff reflects new DC having correct IP.
-
On a test client/user PC, do an
ipconfig /flushdns, maybe even a reboot. -
On a client/user PC, do an NSLOOKUP to domain.com.
-
On a client/user PC, enter
set log, verify it returns the correct DC.
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
-
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
-
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
-
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
Do you remember someone giving some logic or colour as to why they felt that IPs had to be protected in that way?
-
I vaguely recall someone asked no about reusing a name. But I don’t think it was a year ago.
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
There's your problem. I would pass on Reddit as much as possible. While those users do give some good advice there is just as much false information and crap you have to wade through.
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.
Starting at Step 2 below, do following steps quickly.
-
Bring up new DC in parallel to the old one.
-
Transfer FSMO roles to new DC.
-
Demote old DC with DCPROMO.
-
Turn off old DC.
-
Set IP on new DC to what the old DC IP was. Possilble reboot new DC.
-
Verify DNS stuff reflects new DC having correct IP.
-
On a test client/user PC, do an
ipconfig /flushdns, maybe even a reboot. -
On a client/user PC, do an NSLOOKUP to domain.com.
-
On a client/user PC, enter
set log, verify it returns the correct DC.
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Not same IP, what you shouldn’t do is name it the same only. Also even if you have setup DNS statically you can use Group Policy and Powershell to change the DNS server on the servers which is pretty much easy to do.
-
-
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
Do you remember someone giving some logic or colour as to why they felt that IPs had to be protected in that way?
No, I don't.. that's ok though. This thread was a good refresher and I will put the advice down in my notes for when I execute the plan.
Thanks guys.
-
@dbeato said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.
Starting at Step 2 below, do following steps quickly.
-
Bring up new DC in parallel to the old one.
-
Transfer FSMO roles to new DC.
-
Demote old DC with DCPROMO.
-
Turn off old DC.
-
Set IP on new DC to what the old DC IP was. Possilble reboot new DC.
-
Verify DNS stuff reflects new DC having correct IP.
-
On a test client/user PC, do an
ipconfig /flushdns, maybe even a reboot. -
On a client/user PC, do an NSLOOKUP to domain.com.
-
On a client/user PC, enter
set log, verify it returns the correct DC.
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Not same IP, what you shouldn’t do is name it the same only. Also even if you have setup DNS statically you can use Group Policy and Powershell to change the DNS server on the servers which is pretty much easy to do.
New name, same IP works, yeah.
-
-
Reddit for IT stuff, the same site that host r/TheDonald ?
-
@momurda said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
Reddit for IT stuff, the same site that host r/TheDonald ?
LOL, not a great site for IT stuff. You get a few gems but the overall situation is very.... rough.
-
@momurda said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
Reddit for IT stuff, the same site that host r/TheDonald ?
I am not a fan of Reddit
-
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
-
@dashrender said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
The "better" option if you're using Windows and Active Directory is to just setup a DFS namespace. Simple, easy to manage, and scalable.
-
@coliver said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dashrender said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
The "better" option if you're using Windows and Active Directory is to just setup a DFS namespace. Simple, easy to manage, and scalable.
Actually, I find DFS overcomplicated in the SMB space. Many SMB do not need more than a DNS CNAME to handle it.
