1

On our VMWare ESXi environment is a single domain controller (Windows Server 2008R2) installed. Now I have to upgrade it to a new server (Windows Server 2012R2) which should has the same IP.

Many applications (no reliable list of applications exists) point to the current DC (Windows Server 2008R2) as their sole LDAP source. Not sure if they point to the name or IP address. Also the other server in our ESXi has as the a static DNS IP address of our domain controller.

That is why I have to migrate it without breakdowns.

Have you got any experiences how can I realize that wihtout any issues after the change. Or are there some references from microsoft? Thank you in advance!

MaxMix
  • 189
  • 2
  • 4
  • 11

2 Answers2

3

While knowing how to do this can be useful in certain situations, as EEAA pointed out, you should probably have two DCs instead of one. If for nothing more than a disaster recovery/ backup.

If you are not performing backups of your current DC... START PERFORMING AD BACKUPS BEFORE DOING ANYTHING ELSE.

You should be able to do this without too much headache. After making the change you should definitely make it a priority to document where references to your DCs are in your environment.

This should be done at a time to minimize downtime.

  1. Bring up your new DC using a new static IP address. Have it DCPromo'ed in and make sure it's fully functional before proceeding. (Have the new DC point to the original for DNS)
  2. Give the 2008R2 DC the new static address, and the 2012R2 DC the original IP.
    1. Client side DNS Settings on the DCs here are important, if you are keeping two DCs DNS should point to the opposite DC then itself. If you are only keeping the one, point DNS to itself on both.
  3. Restart AD DS services on both DCs, as well as the netlogon service.
  4. Check DNS to ensure that all the records have been updated appropriately (A, & SRV)
  5. Check AD logs to ensure there are no issues with replication (either FRS or DFSR)

If you were going to remove the original DC, you would then:

  1. Transfer any FSMO roles the DC holds
  2. DCpromo the DC out
  3. Verify it has been demoted properly and all SRV records have been removed from DNS.

If you still need a temporary fix for applications that point to a removed DC by name, you could add a CNAME record to DNS for that DC that points to the new DC.

Again, you should probably have two DCs.

Also, for further insight and information, see this other SF question: Windows 2003 DC to Windows 2008 R2 DC with same name and same IP that takes into account other factors that might be involved (same concepts apply in your situation still).

Community
  • 1
HostBits
  • 11,776
  • 1
  • 24
  • 39
  • Hope my edit is ok and helps. – TheCleaner Mar 04 '14 at 22:23
  • Works for me, every little bit helps :) – HostBits Mar 04 '14 at 22:24
  • @Cheekaleak Hello and thank you very much for your answer! But I have few questions: At the moment I have only 1 DC with DNS. But I will set up a new Server (DCSERVER02) with AD and DNS, after that I will set up DCSERVER01 and swapping the IP of the old one with the DCSERVER01. The servers has momentanly only enter the static IP address of the momentanly server, which will have the same IP after swapping like DCSERVER01. How should the settings of which DNS configured? – MaxMix Mar 05 '14 at 20:37
  • @MaxMix I'm not sure I follow your question. Do you mean you'll be setting up two new DCs, both 2012R2, one of which will be taking the IP of the old DC? – HostBits Mar 06 '14 at 13:00
  • @Cheekaleak Yes, that Im exactly meaning. I hope you have a answer for my question. – MaxMix Mar 06 '14 at 18:52
0

I successfully did this very recently. Here is how you should proceed to have no down-time:

[Prerequisites]

  1. Make sure current DNS system works fine - dcdiag /test:DNS /v/e - all 6 roles (Auth, Basic, FW, Del, Dyn and RReg) should show PASS. If they do not, you have to have them PASS before you continue.

  2. Let's assume that your 2008R2 IP is 192.168.1.10 and your new 2012 IP is 192.168.1.11. You will also require a buffer temporary IP (let's say we use 192.168.1.99).

[Procedure]

  1. Give your new server the IP to be added to DC with: 192.168.1.11

  2. Add your new server to the DC.

  3. Make sure your new IP/server shows under Forward Lookup Zones --> YourDomainName --> Properties --> Name Servers. If it does not, add it there.

  4. Make sure your new IP/server shows under Forest DNS Zones and Domain DNS Zones. If it does not, add it there.

  5. Run again dcdiag /test:DNS /v/eto make sure both servers show PASS in all 6 roles.

  6. Now it's time to swap both IPs as fast as possible. Change the old 192.168.1.10 server IP to temporary one (192.168.1.99).

  7. Run the following on a command prompt on it:

    ipconfig /flushdns

    Net Stop DNS

    Net Start DNS

    Net Stop Netlogon

    Net Start Netlogon

    ipconfig /registerdns

  8. Change the IP of the new server 192.168.1.11 to your original IP (192.168.1.10)

  9. Run the following on a command prompt on it:

    ipconfig /flushdns

    Net Stop DNS

    Net Start DNS

    Net Stop Netlogon

    Net Start Netlogon

    ipconfig /registerdns

    dcdiag /fix

  10. Make sure everything shows as PASS again.

  11. Transfer all FSMO roles to the new server.

  12. Use DCPromo to remove the old server.

Note on the roles: when I made the upgrade I did not have to have downtime at all because roles were on a 3rd server until the upgrade was made.

Overmind
  • 2,970
  • 2
  • 15
  • 24