none
Migrating AD to Windows Server 2012 R2

    Question

  • Hi,

    I need to migrate the current 2008 R2 DC to a new 2012 R2 DC. I already added the new server to the domain, promoted to a DC and moved the FSMO roles. 

    Now I am doubting a bit about the next steps:

    - On the DHCP server I have changed the scope settings to include the new DC as primary DNS and the old DC as secondary. I don't know how long it will take for the clients to pick this up. Any idea here? 

    - On the other servers I have adjusted the primary DNS server manually (and also set the old DC as secondary). Is this the way to do it?

    - I'm afraid that the IP of the old DC is still hard-coded in some applications or devices. So before I demote it / remove it, I want to try to find out if there are still connections to it. Any idea how to approach this? 

    Please don't hesitate to share if you have any other tips or caveats I need to be aware.

    Many thanks!

    Tuesday, March 28, 2017 9:13 AM

Answers

  • Just my 2 cents, if you need to force the client to pick up immediately.

    Then do, ipconfig /renew

    Changing manually the DHCP scope settings is okay, the clients or the computers should pick it up once it communicates with the DHCP server.

    To double check, login to any computer and type: ipconfig /all -check the result and the DNS settings

    On your servers, since they are static IP. Yes, you need to change it manually.

    If you're afraid that some application still points to the old DC, I would disconnect the lan cable from the old DC check if something will go haywire.

    I think if you have the list of applications in your network, then check whether the need the old dc.

     -edit

    I'm not sure whether this will be a good idea.

    If you are not sure which applications uses the old DC. And the applications just uses IP Address and hostname to connect to the server.

    Then I guess, you can create a hostname and point to the new DC.

    The IP Address of the old DC, I think you can configure NIC teaming on the new DC and set the IP of the old DC.

    Good luck!!


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.


    • Edited by cguan Wednesday, March 29, 2017 1:16 AM edit
    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:17 AM
    Tuesday, March 28, 2017 9:57 AM
  • Hi Josef,

    - On the DHCP server I have changed the scope settings to include the new DC as primary DNS and the old DC as secondary. I don't know how long it will take for the clients to pick this up. Any idea here? 

    at most, the length of time of DHCP lease (likely sooner) - assuming that all your computers are configured as DHCP clients.

    - On the other servers I have adjusted the primary DNS server manually (and also set the old DC as secondary). Is this the way to do it?

    Correct

    - I'm afraid that the IP of the old DC is still hard-coded in some applications or devices. So before I demote it / remove it, I want to try to find out if there are still connections to it. Any idea how to approach this? 

    pls refer to https://social.technet.microsoft.com/Forums/windowsserver/en-US/a299529b-9d82-4fbc-94c9-bc52fd8fa80b/detailed-steps-to-demoting-a-win2008r2-dc?forum=winserverDS

    Alternatively, you might consider simply reassigning the same IP address to the new DC once you decommission the old one

    hth
    Marcin

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:17 AM
    Tuesday, March 28, 2017 10:40 AM
  • Hi

    -  first communication with dhcp,as mentioned manually run "ipconfig /renew" or reboot computer.

    - It can be,but do not forget change alternate dns config after demote second dc.

    - You can monitor communication to old with Microsoft Network Monitor tool then find the applications,etc which use old dc.

    https://www.microsoft.com/en-us/download/details.aspx?id=4865


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:18 AM
    Tuesday, March 28, 2017 10:43 AM
  • You could use the command "netstat -ano" on your DC to know which clients are connecting to your DC and what is the service (TCP/UDP port) they are requesting.

    Using netmon / wireshark is also an option.

    If your DC is in another subnet, it's not a big deal, just be sure that if you have any firewall between your subnets, open the required ports for Active Directory

    https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

    Just be sure to update your DHCP scope options at least half the lease time before doing your DCPromo to give a chance to all clients to update their IP configuration settings.


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:18 AM
    Wednesday, March 29, 2017 3:13 PM
  • Maybe this helps;

    https://blogs.technet.microsoft.com/askpfeplat/2013/12/15/domain-and-dc-migrations-how-to-monitor-ldap-kerberos-and-ntlm-traffic-to-your-domain-controllers/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:18 AM
    Thursday, March 30, 2017 9:07 AM

All replies

  • Just my 2 cents, if you need to force the client to pick up immediately.

    Then do, ipconfig /renew

    Changing manually the DHCP scope settings is okay, the clients or the computers should pick it up once it communicates with the DHCP server.

    To double check, login to any computer and type: ipconfig /all -check the result and the DNS settings

    On your servers, since they are static IP. Yes, you need to change it manually.

    If you're afraid that some application still points to the old DC, I would disconnect the lan cable from the old DC check if something will go haywire.

    I think if you have the list of applications in your network, then check whether the need the old dc.

     -edit

    I'm not sure whether this will be a good idea.

    If you are not sure which applications uses the old DC. And the applications just uses IP Address and hostname to connect to the server.

    Then I guess, you can create a hostname and point to the new DC.

    The IP Address of the old DC, I think you can configure NIC teaming on the new DC and set the IP of the old DC.

    Good luck!!


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.


    • Edited by cguan Wednesday, March 29, 2017 1:16 AM edit
    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:17 AM
    Tuesday, March 28, 2017 9:57 AM
  • Hi Josef,

    - On the DHCP server I have changed the scope settings to include the new DC as primary DNS and the old DC as secondary. I don't know how long it will take for the clients to pick this up. Any idea here? 

    at most, the length of time of DHCP lease (likely sooner) - assuming that all your computers are configured as DHCP clients.

    - On the other servers I have adjusted the primary DNS server manually (and also set the old DC as secondary). Is this the way to do it?

    Correct

    - I'm afraid that the IP of the old DC is still hard-coded in some applications or devices. So before I demote it / remove it, I want to try to find out if there are still connections to it. Any idea how to approach this? 

    pls refer to https://social.technet.microsoft.com/Forums/windowsserver/en-US/a299529b-9d82-4fbc-94c9-bc52fd8fa80b/detailed-steps-to-demoting-a-win2008r2-dc?forum=winserverDS

    Alternatively, you might consider simply reassigning the same IP address to the new DC once you decommission the old one

    hth
    Marcin

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:17 AM
    Tuesday, March 28, 2017 10:40 AM
  • Hi

    -  first communication with dhcp,as mentioned manually run "ipconfig /renew" or reboot computer.

    - It can be,but do not forget change alternate dns config after demote second dc.

    - You can monitor communication to old with Microsoft Network Monitor tool then find the applications,etc which use old dc.

    https://www.microsoft.com/en-us/download/details.aspx?id=4865


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:18 AM
    Tuesday, March 28, 2017 10:43 AM
  • DHCP clients contact and tryto update the lease when it reach half of the lease duration.  So suppose you have a lease of 4 days, after2 days, the clients will contact the DHCP server and will update the lease duration for another4 days.

    At this time, the clients should receive the new DHCP configurations from the Scope Options.

    For the other servers, yes, it's a good solution.

    If some applications has the IP address of the old DNS Server hard-coded (and suppose it's really difficult to change it) , you could keep the old IP by switching with the new DC.  This will require to update DNS records as well as the DHCP scope options and all other servers that you have manually change DNS order.
    https://technet.microsoft.com/en-us/library/cc794931(v=ws.10).aspx


    This posting is provided AS IS without warranty of any kind

    Tuesday, March 28, 2017 1:07 PM
  • Hi, thanks for the reply. The link you provided is dead. It says "We are sorry, the page you requested cannot be found." I found Network Monitor but I have no clue what I am doing with it actually ;-)
    • Edited by Jozef Woo Wednesday, March 29, 2017 3:02 PM
    Wednesday, March 29, 2017 2:59 PM
  • Hi, thanks for your reply. I am not able to use the same IP unfortunately. I am told by someone that I can use wireshark to see which stuff is still connecting to my DC. I'm not familiar with Wireshark and also a noob in networking so I wouldn't know which things to look for. 

    Apart from that there is useful information in your link (even though the part about LDAP queries is also a dead link) so thanks!

    Kind regards.

    Wednesday, March 29, 2017 3:01 PM
  • On my side, all links provided in this thread are working.  which one is not working?


    This posting is provided AS IS without warranty of any kind

    Wednesday, March 29, 2017 3:01 PM
  • Hi, thanks for your reply. I don't have the option to keep the same IP unfortunately. The new DC is in a new subnet. That reminds me, should my clients also preferably be in the same subnet? 
    Wednesday, March 29, 2017 3:03 PM
  • The link that doesn't work is

    https://www.microsoft.com/en-us/download/details.aspx?id=4865

    in the reply of Burak UğurI

    • Edited by Jozef Woo Wednesday, March 29, 2017 3:10 PM
    Wednesday, March 29, 2017 3:10 PM
  • You could use the command "netstat -ano" on your DC to know which clients are connecting to your DC and what is the service (TCP/UDP port) they are requesting.

    Using netmon / wireshark is also an option.

    If your DC is in another subnet, it's not a big deal, just be sure that if you have any firewall between your subnets, open the required ports for Active Directory

    https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

    Just be sure to update your DHCP scope options at least half the lease time before doing your DCPromo to give a chance to all clients to update their IP configuration settings.


    This posting is provided AS IS without warranty of any kind

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:18 AM
    Wednesday, March 29, 2017 3:13 PM
  • The link that doesn't work is

    https://www.microsoft.com/en-us/download/details.aspx?id=4865

    in the reply of Burak UğurI

    Hi

     I check the link and it is up and working,please try with a different browser.

    And also you can check the article for usage of the tool;

    https://blogs.technet.microsoft.com/msindiasupp/2011/08/10/how-to-setup-and-collect-network-capture-using-network-monitor-tool/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Wednesday, March 29, 2017 8:04 PM
  • Or just make a google search for "Network Monitor 3.4".  You should get a result called "Download Microsoft Network Monitor 3.4 (archive) from Official ..."


    This posting is provided AS IS without warranty of any kind

    Thursday, March 30, 2017 1:29 AM
  • Thanks for your help again.

    Bizarly, the link works now. For some reason it didn't yesterday. Thank you for the link to the usage explanation.

    However, it doesn't really explain what to check for when demoting an old domain controller.

    My only goal is that I can safely demote/remove this domain controller without affecting any services/applications/devices.

    In order to do that, I need to find out which services/applications/devices are still making connections to this DC.

    I was guessing this is a fairly standard thing to do for any AD administrator but it seems there are no ready-made procedures for that.

    Kind regards

    Thursday, March 30, 2017 7:09 AM
  • Maybe this helps;

    https://blogs.technet.microsoft.com/askpfeplat/2013/12/15/domain-and-dc-migrations-how-to-monitor-ldap-kerberos-and-ntlm-traffic-to-your-domain-controllers/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Jozef Woo Thursday, March 30, 2017 9:18 AM
    Thursday, March 30, 2017 9:07 AM