none
Domain Controllers Changes

    Question

  • Hello,
    I'm writing to ask for your opinion about this.

    SCENARIO

    I have domain.local (forest and domain tree root) with these domain controllers:

    DC1 | SO: Windows Server 2008 R2 | Roles: Schema, DomainNaming, PDC, RID, Infrastructure, DNS Server

    • IP1: 172.16.1.10 
    • IP2: 172.16.1.11
    • IP3: 172.16.1.12

    DC2 | SO: Windows Server 2008 R2 | Role: DNS Server

    • IP1: 172.16.1.20
    • IP2: 172.16.1.21
    • IP3: 172.16.1.22

    DC3 | SO: Windows Server 2012 R2 | Role: DNS Server, DHCP Failover Hot-Standby Mode

    • IP: 172.16.1.30

    DC4 | SO: Windows Server 2012 R2 | Role: DNS Server, DHCP Failover Hot-Standby Mode

    • IP: 172.16.1.40

    Notes: 

    • They are all Global Catalog.
    • DHCP is configured to assign DC1-IP1 and DC2-IP1 as primary and secondary DNS respectively to clients.
    • DC1-IP1 and DC2-IP1 are used as primary and secondary DNS (static) on servers and related applications

    OBJECTIVES

    1. Assign DC1-IP1 to DC3
    2. Assign DC2-IP1 to DC4
    3. DC3 and DC4 will have only one IP Address: 172.16.1.10 and 172.16.1.20 respectively.
    4. Dismiss DC1 and DC2

    TASKS

    These are steps I intend to follow:

    1. Move all roles from DC1 to DC3 and wait for AD replication
    2. DC1 - Remove IP1
    3. DC1 - Run ipconfig /flushdns, ipconfig /registerdns and dcdiag /fix 
    4. Wait for AD replication
    5. DC3 - Add DC1-IP1 and remove its IP (172.16.1.30)
    6. DC3 - Run ipconfig /flushdns, ipconfig /registerdns and dcdiag /fix
    7. DC1 - Demote and remove

    Then apply the steps above (from 2 to 7) for DC2 and DC4.

    What is your opinion ? Do you suggest to switch between steps ? Or do I forgot something ?

    Thank you a lot.

    Regards,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

    Thursday, April 6, 2017 11:55 AM

All replies

  • Hi

     I guess you mean transfer roles to other Server 2012 DC and demote old PDC and second,Also change new PDC as the old one.

    So,

    -Transfer Fsmo roles to DC3,

    - Demote DC1 from domain

    - Change ip of DC3 as old DC1

    - Run "ipconfig /flushdns","ipconfig /registerdns" then check dns records update correctly.

    - Same steps for DC2 to DC4

    But keep in mind you should also migrate Dhcp failover cluster on 2 member server.That's not recommended configure failover cluster role on a Domain Controller,even any other roles except DS,DNS,GC..

    Also you can find dhcp migration steps on this article;

    https://blogs.technet.microsoft.com/teamdhcp/2012/09/10/migrating-existing-dhcp-server-deployment-to-windows-server-2012-dhcp-failover/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, April 6, 2017 9:16 PM
  • Hello Burak,
    basically you suggest to change IP address only after DC demotion..?

    About DHCP, I can agree with you but I cannot find any official Microsoft recommendations (Server Fault - Install DHCP failover on domain controllers vs member servers ?).

    Why, technically, it is not recommended ?

    Thank you again for your answer.

    Bye,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

    Friday, April 7, 2017 9:10 AM
  • Hi

     Yes,recommend that change ip after demote the old dc.

    For failover cluster ms recommendation,you can check the article;

    https://support.microsoft.com/en-us/help/2795523/you-cannot-add-a-domain-controller-as-a-node-in-a-windows-server-2012-failover-cluster-environment


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, April 7, 2017 10:45 AM
  • Hello Burak,
    the article you post regards Windows Server 2012 and it speaks about "cluster".

    Here I have two Windows Server 2012 R2 with no cluster feature installed but "DHCP Failover Hot-Standby Mode" only (I wrote "DHCP Failover Load Balance Mode" wrongly. Corrected on my first post). Taken from this TechNet Blogs article DHCP Failover Hot-Standby Mode.

    Does this change your point of view about DHCP standing on Domain Controller ? I mean, I agree with your to have DHCP out from DC for best practice, but what problems can I encounter having it on DC ?

    Thank you.

    Bye,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

    Friday, April 7, 2017 12:11 PM
  • Hi

     Yes,it is explains cluster,so dhcp failover works on cluster service also,that's why it is not recommended on DC.But that not mean you can't.You can configure dhcp failover cluster on DC's,but not recommended :)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, April 7, 2017 6:32 PM