1

Our organization has an on-premise, Windows, domain controller that we'd like eliminate in favor of a local DHCP/DNS server on either our Unify switch (first choice) or FortiGate VPN appliance (second choice).

As we've moved most of our infrastructure to Azure, there is little need for an on-premise, Windows domain controller.

What are the steps involved in this transition? What issues will we likely encounter?

craibuc
  • 457
  • 2
  • 5
  • 14
  • **As we've moved most of our infrastructure to Azure, there is little need for an on-premise, Windows domain controller** - How will your domain joined clients authenticate to the domain? – joeqwerty Oct 27 '20 at 01:44
  • We use Office 365 for "office" app, WVD for application hosting, OneDrive for profiles, SharePoint for collaboration, Azure VM for DB hosting. Not sure what benefit a local, AD domain offers. Intune may be enough for us to manage the local network. I'm certainly interested to hear your thoughts. – craibuc Oct 27 '20 at 02:19

1 Answers1

1

When migrating DHCP I like to gradually shorten the lease time until I get all devices renewing their lease daily. Then on Friday night I turn off the old DHCP server and turn on the new one. Monday morning they should all be using the new DHCP server so I gradually turn the lease time back up. Options in DHCP should be pre-configured with the new DNS server, along with reservations and the like when it goes live. The moment you flip the switch, grab a laptop and do a release/renew to make sure it pulls the proper settings from the new server.

For DNS, if the devices can import from AD, then away you go, if not then you may have to enter everything manaully. All hard coded devices(static IP) will have to have the new DNS entries modified, including the edge router, switches, etc... Now would also be a good time to look around for anything using the local hosts files, and straighten that out to.

How complidcated this can get will depend on your particular network, and what kind of shape it is currently in. Good luck .

Larryc
  • 305
  • 1
  • 5
  • I just remembered something, if you have windows clients, joined to a windows domain, then you must have a domain controller running DNS. If you don't then they won't boot up, At boot time, they will look for an AD DNS server. – Larryc Oct 26 '20 at 22:19
  • does a DHCP server need to have a particular address for it to be found, like `X.Y.Z.1`? – craibuc Oct 26 '20 at 23:40
  • @craibuc no. Unless you’re using DCHP relaying. – Greg W Oct 27 '20 at 02:46
  • The client will do a broadcast looking for a DHCP server, it doesn't care about its actual address. – Larryc Oct 28 '20 at 12:57