none
Retiring 2003 DC in a mixed and geographically split environment

    Question

  • Hoping someone can put my mind at rest !

    I have demoted 2003 DCs before but not in quite this environment.  I have started work with a new company and their systems are very organically thrown together as it were.  They have an off site host which holds 2 DCs a and a couple of terminal servers all 2008r2 and on-site we have a single 2003 DC  both sites have their own IP subnets one on 10.1.1.0 and the other on 10.100.1.0 connected by a site to site VPN, the routers at each site do DHCP for their respective sites with DNS obviously handled by AD.  Not the way I would have built it but I'm left to sort it now !

    The thing that troubles me is if I just dcpromo the 2003 box will DNS freak,  the onsite machines will still get DHCP from the router on-site so the site to site VPN translation should make DNS speak quite happily yes ??  the plan is to have no DC on-site and rely on the site to site, eventually just going to azure for AD but not for a while.

    Once the 2003 is gone I will raise the functional level to 2008 and hopefully GPO will start working as it should, it is flaky to say the least.

    Speaking of DNS, would it be good idea to have reverse lookup for both IP ranges in DNS ?? as only one is there right now, the 10.1.1.0 range.

    Thanks for any input n this, I would love to just greenfield and build a new infrastructure but they wont pay for it so I'm left trying to drag it as up to date as I can and get what they have working as it should while applying sticking plasters to the ongoing issues !

    Cheers !

    Duncan

    Friday, February 10, 2017 3:01 PM

All replies

  • Hi

    The thing that troubles me is if I just dcpromo the 2003 box will DNS freak >>> First you can add new server 2012&2016 with new hostname and ip address,then demote old server 2003 dc from domain and change new server DC hostname and ip address as same as old 2003 DC.Then none of config will be affects.

    Speaking of DNS, would it be good idea to have reverse lookup for both IP ranges in DNS ?? >>> Exactly,you should configure reverse lookup for all ranges.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by AlvwanModerator Wednesday, February 15, 2017 1:50 PM
    Friday, February 10, 2017 6:07 PM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 15, 2017 1:50 PM
    Moderator
  • Hi, sorry for the delay !  I have added all ranges to DNS now and they seem to be working.  however we don't want to replace the DC we will basically be using the DC on the remote site for network/user authentication. Is this possible ?? I know it's not ideal but the connection is fairly stable and reliable.

    Thanks

    Duncan


    Lack of proper planning does not constitute an emergency.

    Wednesday, February 15, 2017 3:34 PM
  • Hi Duncan,

    Of cause it is possible, but highly not recommended. You may encounter some delay in login and authentication of all resources since the global catalog will be located at a different site. You will have to deal with DNS, DHCP, all authentication and all requests being sent to the remote site to the DC and back. The speed of your connection will be vital.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 16, 2017 7:52 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 20, 2017 1:54 AM
    Moderator