none
Migrating DNS and DHCP services from router to Windows Server RRS feed

  • Question

  • Hi,

    We are a small business with around 30 employees. We currently have no AD DC and our DNS and DHCP servers managed by our FortiGate router. and all the clients connected as a WorkGroup.

    I'm interested in creating a server to serve as AD DC alongside DNS and DHCP services and later on to join all the clients to the domain.

    My question is what is the right order in doing things and how will disabling DNS and DHCP in the router and migrating it to the windows server will affect our FortiGate VPN and other clients (guests that will connect to our network wirelessly).

    I'll be happy to get as much help as possible and links that can be helpful to me will be much appreciated.

    Thanks in advance.
    Danny.

    Monday, April 23, 2018 7:53 AM

All replies

  • Hi Danny,

    I think one approach can be to :

    1. Extract static record on your existing DNS server --> Let's name it "DNS A" (Dynamic record will be created on the new DNS server)
    2. Install AD DS first (You will have to choose the name for the domain), the installation of AD DS will require DNS --> Let's name it "DNS B"
    3. Configure the "DNS B" zone to accept update "Secure and Non Secure"
    4. Create the exported static records on "DNS B"
    5. Configure the DHCP server to provide "DNS B" to client (Depending on your lease it will take some times for all your client to have the right DNS server)
    6. Check if dynamic records are created
    7. Stop the service on "DNS A"
    8. Install DHCP service on the server
    9. Configure the DHCP scope and lease
    10. Configure DHCP relay if you have any to point to the new DHCP server (This has to be done during non business hour)
    11. Stop the DHCP service on the Fortinet (Non business hour)
    12. Authorize the new DHCP server in Active Directory (Non business hour)
    13. Check if leases are delivered by the new DHCP server and that record are created (Non business hour)
    14. Stop the DHCP service on the Fortinet

    Note : A best practice is to not install DHCP on the same server as the DC, so will need to create 2 VMs --> One for DC and one for DHCP

    Below some documentation regarding the migration guide :

    https://docs.microsoft.com/en-us/windows-server/get-started/migrate-roles-and-features

    Best Regards,

    Monday, April 23, 2018 9:58 AM
  • Thanks a lot for a detailed and well-organized answer.

    I still have two question unanswered regarding the FortiGate VPN and the clients that will connect to our network wirelessly (Temporary guests), how will they gonna to be affected?

    Thanks,
    Danny.

    Tuesday, April 24, 2018 10:31 AM
  • Normally they should not be affected but to minimize the risk what you can is disable the VPN service temporary in order for you to change the DHCP configuration regarding your VPN (Your Fortigate VPN should not deliver DHCP lease but your new DHCP server).

    For the wireless client it's the same you will have to do it during non business hour and point to your new DHCP server

    Best Regards,

    Tuesday, April 24, 2018 2:34 PM