2012R2 and 2106 Staged Miration with BOTH in place - one domain RRS feed

  • Question

  • All clever people!

    (Not 100% sure this is in the right place, but here goes)

    I hope someone could please help as I can find very little information out there?

    We have a single DirectAccess 2012R2 remote access solution in place and it works great! The plan is to upgrade the clients to Win10 and we thought at the same time we would upgrade the DirectAccess to 2016 to give us ample tech support as these are server that you do not really touch until the OS becomes unsupported and everyone freaks out (no, we do not have any 2003 servers anymore!)

    Anyway, my question is:

    Is it possible to run a 2016 DirectAccess solution completely separate (different public domain name, servers, networks etc.) with the existing 2012 R2 solution while we slowly migrate the users over to the newer version?

    Anyone have any thoughts?

    Monday, December 12, 2016 4:50 PM

All replies

  • Yes, absolutely possible and I do it all the time. Have a look here for more details:


    Tuesday, December 13, 2016 1:49 AM
  • For sure! Just make sure EVERYTHING is independent from one another. GPOs, AD security group, all of it.

    If you are using ISATAP for manage-out then you have an extra consideration as well. I typically disable ISATAP temporarily while you are working on this project by deleting the DNS record or records associated with it, then once you have migrated everyone over, re-create those records but pointed at the internal IPs of the new servers. Otherwise you run the risk of a client computer being migrated to 2016, only to have some servers reversing traffic back through the old DA server where they are no longer connected.

    But if you're not using ISATAP or aren't even sure what that is...then you have nothing to worry about. :)

    When you migrate users from the old to the new, you don't even have to bring those machines into the office if you plan it right. Just have to be careful that you add to the new group, remove from the old group, and then let a group policy update happen (either naturally or force it manually) on the laptop, then have the user reboot. They almost always come back from the reboot connecting to the new site, without having to visit the office. But timing is key to making that work right.

    Good luck!

    Friday, January 6, 2017 9:40 PM