DC Plan of action

itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
hey guys here is my plan. I am doing it this saturday.

1. I have built a 2003 R2 SP2 server
2. joined the domain
3. running DCPROMO on it first and making sure DNS is working good
4. turning off old dying DC
5. changing the IP Address from old dying DC to new DC
6. testing
a. logins from workstation to new DC
b. emailing from my outside email into our network from outside in
c. test inside emailing

7. if this works and test good then I am good to go

I was worried aboutthe IP address being the same. I want to keep the same IP address because the IP address of old dying DC is hard coded into
our ASA rules.

is this good or am I missing something. I just dont want to miss anything.

8. going to demote old dying DC from my domain once I test everyting with new DC then I will demote the old dying DC.

is this good guys?

thanks

Comments

  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    don't forget to transfer over your FSMO's after you promote the new domain controller
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    thanks blargoe

    i wasnt sure if the ip address mattered or something but
    will change on both DCs so they can work just didnt know if some how
    AD integrated the IPs ahah You never know with MS$$
    my bet was it wouldnt matter but wanted to get some advice from you
    experts. thanks man..will tell you how it turns out icon_cheers.gif
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    itdaddy wrote: »
    5. changing the IP Address from old dying DC to new DC
    ...
    8. going to demote old dying DC from my domain once I test everyting with new DC then I will demote the old dying DC.
    the outcome of these two steps may not match your expectations... my advice is to never change DC's IP address once it has been promoted, and update ASA rules instead.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    choose life but serious..well the asa of course has object names that be changed but theyonly correpsond to the ip address of this ldap server.
    the asa is only forward ldap service via IP.

    and in DNS the ip is used. Do you think that the IP tied tothe old Dc matters or is some how integrated in the GUID creation of somthing like that. can you explain. to me it looks textbook to keep same IP since everything including workstation IP addresses are tied to the IP. seems like this is the correct option because you wouuld have to change every workstation and everything on the network that uses this ip address. just to me change the name to correspond to the ip and it should query the new DC for ldap infor??

    can you exlaborate on your opinion. I would like to here it bud thanks for giving me your opinion.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    question guys:


    why cant I run the new DC with the old IP address
    and at the same time shut the old DC off so no IP conflict?
    I do not want to demote the old DC until I know the new one works
    with the old IP addresses. Does this sound logical?
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    i understand replacing the DC and keeping the old IP would make your life easier, but there is a high risk that the AD will break in the process. i tried this in a test lab before and it did not work, even though i did a fair bit of clean up in dns and adsiedit in the process...
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    itdaddy wrote: »
    why cant I run the new DC with the old IP address
    and at the same time shut the old DC off so no IP conflict?
    I do not want to demote the old DC until I know the new one works
    with the old IP addresses. Does this sound logical?
    Because the AD-integrated DNS has records of the old DC with the IP, and so adding DNS records for another DC with the same IP is not kosher... Even though you shut the old one down, unless it's demoted, its information remains in the AD and replication attempts between the two will continue.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    Certainly snag those FSMO roles, also of course wait to ensure replication has completed.

    I would place a DNS server on the IP address of the old DC if you are not sure if someone might be using it. Enable logging, come back in a couple days. If it's not been used, then shut it dowm.

    Is Exchange in the envionment? How about your IAS server for that Cisco ASA?
    -Daniel
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    This is my dilemma.
    our network on many workstations are alread configured to that IP of the old DC? it is going to be crazy work to convert over to the new DC due to many things are using this IP address? OMG the work to change everything over to thew new IP address. we have static everything we are afinancial and are suppose to have static IPs
  • crrussell3crrussell3 Member Posts: 561
    itdaddy wrote: »
    This is my dilemma.
    we have static everything we are afinancial and are suppose to have static IPs

    Why do you say that? I know Wells Fargo doesn't use static ip addresses on their workstations. I know plenty of small banks that don't either.
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
  • BrizoHBrizoH Member Posts: 73 ■■■□□□□□□□
    crrussell3 wrote: »
    Why do you say that? I know Wells Fargo doesn't use static ip addresses on their workstations. I know plenty of small banks that don't either.

    Even if it's for auditing purposes, I'd rather reserve IP's in DHCP for ease of management than configure statically
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    okay my bad our Unix system needs or was setup with IP addresses in its host file and that each machine has to have a static IP because the terminal number jives with the ip address. it is weird but I have heard many have DHCP but I know each IP jives with a terminal on the host system.....

    I would love to talk to financials with DHCP nonetheless I will have to change each one by hand
  • RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    ChooseLife wrote: »
    i understand replacing the DC and keeping the old IP would make your life easier, but there is a high risk that the AD will break in the process. i tried this in a test lab before and it did not work, even though i did a fair bit of clean up in dns and adsiedit in the process...
    No there's not. As long as DNS is updated accordingly, you can change the IP address without worry.

    http://technet.microsoft.com/en-us/library/cc758579%28WS.10%29.aspx

    As long as you remove the old DC (dcpromo, remove from DNS, etc.) then you have nothing to worry about. I've done this very same thing multiple times. Since you have more than one DC, it makes it even easier.

    The DHCP thing is another discussion. I'd rather use DHCP reservations over static IP addresses.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    sweet..I am going to image it 2x both c and d drive before I attempt this.
    I plan to make sure to demote it and then wait and then check the other DCs to make sure all meta data cleaned up..

    then I will promote new cd with same ip...

    and if it funks out; haha I will restore and call in some help..but I have done before just along time ago..seems straight forward...

    thanks guys for all your guidance you are so cool!
    beers on me :)
  • BudzyBudzy Member Posts: 117
    Hi ITdaddy,

    You mention about your old DC ‘dying’. Just a quick question; is this due to unreliable/old hardware?

    It’s just you mentioned in your last post about imaging the disk volumes just as a backup. So if this is the case, was thinking you could perhaps try simply restoring this image onto the new hardware (providing the imaging software has some sort of universal restore facility like Acronis does). In this case you would only need to install the hardware drivers, configure the NIC and give the box a once over etc.

    I know this isn’t the cleanest way of doing things, but I’ve successfully performed this operation in the past as a quick-fix solution for when a DC has gone down in the middle of a working day or if it’s randomly generating a hardware related BSOD.

    If you have other software related issues with the current DC, or if you’re wanting to learn from this experience for Microsoft server exams then please ignore my post.

    Best regards,

    Budzy.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    YO dudes...

    we did a vmware convert on this DC and 100% perfect no active directory issues none!

    WORKED AWESOME. saved my butt! hahah
    thanks guys for all your help....

    Budzy

    the reason I am imaging or did image was because in case of the conversion to vm would corrupt the dc I have heard of this happening. and if the convert failed but corupted the dc i could restore and try again with something else.
  • BudzyBudzy Member Posts: 117
    Glad you found a good working solution for this.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    OMG it was sick 35 minutes and hold my breath and bam converted it right to the data store HOT and bam turn on added vmware tools reboot bam! done. I couldnt believe it I was jumping up and down.hahhah really I was..
    This DC was interwoven with the firewall and proxy offsite server ect..uses the certifcation services and everything wasnt sure what else but it was the first dc in the network and now is converted to vm perfect.

    next is a mail exhange 2003 server will do that one COLD booting to vmware convert CD and do it that way..heard many good things about that. I will report back. I do use shadow protect software first to image then i play ;) and pray! HAHAH
    doing 8 conversion s this year voice server included icon_cheers.gif
Sign In or Register to comment.