+ Reply to Thread
Results 1 to 19 of 19
  1. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #1

    Default DC Plan of action

    hey guys here is my plan. I am doing it this saturday.

    1. I have built a 2003 R2 SP2 server
    2. joined the domain
    3. running DCPROMO on it first and making sure DNS is working good
    4. turning off old dying DC
    5. changing the IP Address from old dying DC to new DC
    6. testing
    a. logins from workstation to new DC
    b. emailing from my outside email into our network from outside in
    c. test inside emailing

    7. if this works and test good then I am good to go

    I was worried aboutthe IP address being the same. I want to keep the same IP address because the IP address of old dying DC is hard coded into
    our ASA rules.

    is this good or am I missing something. I just dont want to miss anything.

    8. going to demote old dying DC from my domain once I test everyting with new DC then I will demote the old dying DC.

    is this good guys?

    thanks
    Reply With Quote Quote  

  2. SS -->
  3. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,088

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #2
    don't forget to transfer over your FSMO's after you promote the new domain controller
    IT guy since 12/00

    Recent: 3/22/2017 - Passed Microsoft 70-412; 2/11/2017 - Completed VCP6-DCV (passed 2V0-621)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), more Linux, AWS Solution Architect (Associate)
    Thinking about: VCP6-CMA, MCSA 2016, Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  4. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #3
    thanks blargoe

    i wasnt sure if the ip address mattered or something but
    will change on both DCs so they can work just didnt know if some how
    AD integrated the IPs ahah You never know with MS$$
    my bet was it wouldnt matter but wanted to get some advice from you
    experts. thanks man..will tell you how it turns out
    Reply With Quote Quote  

  5. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #4
    Quote Originally Posted by itdaddy View Post
    5. changing the IP Address from old dying DC to new DC
    ...
    8. going to demote old dying DC from my domain once I test everyting with new DC then I will demote the old dying DC.
    the outcome of these two steps may not match your expectations... my advice is to never change DC's IP address once it has been promoted, and update ASA rules instead.
    Reply With Quote Quote  

  6. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #5
    choose life but serious..well the asa of course has object names that be changed but theyonly correpsond to the ip address of this ldap server.
    the asa is only forward ldap service via IP.

    and in DNS the ip is used. Do you think that the IP tied tothe old Dc matters or is some how integrated in the GUID creation of somthing like that. can you explain. to me it looks textbook to keep same IP since everything including workstation IP addresses are tied to the IP. seems like this is the correct option because you wouuld have to change every workstation and everything on the network that uses this ip address. just to me change the name to correspond to the ip and it should query the new DC for ldap infor??

    can you exlaborate on your opinion. I would like to here it bud thanks for giving me your opinion.
    Reply With Quote Quote  

  7. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #6
    question guys:


    why cant I run the new DC with the old IP address
    and at the same time shut the old DC off so no IP conflict?
    I do not want to demote the old DC until I know the new one works
    with the old IP addresses. Does this sound logical?
    Reply With Quote Quote  

  8. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #7
    i understand replacing the DC and keeping the old IP would make your life easier, but there is a high risk that the AD will break in the process. i tried this in a test lab before and it did not work, even though i did a fair bit of clean up in dns and adsiedit in the process...
    Reply With Quote Quote  

  9. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #8
    Quote Originally Posted by itdaddy View Post
    why cant I run the new DC with the old IP address
    and at the same time shut the old DC off so no IP conflict?
    I do not want to demote the old DC until I know the new one works
    with the old IP addresses. Does this sound logical?
    Because the AD-integrated DNS has records of the old DC with the IP, and so adding DNS records for another DC with the same IP is not kosher... Even though you shut the old one down, unless it's demoted, its information remains in the AD and replication attempts between the two will continue.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,043

    Certifications
    None?
    #9
    Certainly snag those FSMO roles, also of course wait to ensure replication has completed.

    I would place a DNS server on the IP address of the old DC if you are not sure if someone might be using it. Enable logging, come back in a couple days. If it's not been used, then shut it dowm.

    Is Exchange in the envionment? How about your IAS server for that Cisco ASA?
    Reply With Quote Quote  

  11. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #10
    This is my dilemma.
    our network on many workstations are alread configured to that IP of the old DC? it is going to be crazy work to convert over to the new DC due to many things are using this IP address? OMG the work to change everything over to thew new IP address. we have static everything we are afinancial and are suppose to have static IPs
    Reply With Quote Quote  

  12. Bothan Spy crrussell3's Avatar
    Join Date
    Jun 2009
    Location
    Bothawui
    Posts
    560

    Certifications
    MCTS: 620, 640
    #11
    Quote Originally Posted by itdaddy View Post
    This is my dilemma.
    we have static everything we are afinancial and are suppose to have static IPs
    Why do you say that? I know Wells Fargo doesn't use static ip addresses on their workstations. I know plenty of small banks that don't either.
    Reply With Quote Quote  

  13. Member
    Join Date
    Jan 2007
    Posts
    73

    Certifications
    CCNA, CCNA Security
    #12
    Quote Originally Posted by crrussell3 View Post
    Why do you say that? I know Wells Fargo doesn't use static ip addresses on their workstations. I know plenty of small banks that don't either.
    Even if it's for auditing purposes, I'd rather reserve IP's in DHCP for ease of management than configure statically
    Reply With Quote Quote  

  14. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #13
    okay my bad our Unix system needs or was setup with IP addresses in its host file and that each machine has to have a static IP because the terminal number jives with the ip address. it is weird but I have heard many have DHCP but I know each IP jives with a terminal on the host system.....

    I would love to talk to financials with DHCP nonetheless I will have to change each one by hand
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Nov 2005
    Location
    Birmingham, AL
    Posts
    1,088
    #14
    Quote Originally Posted by ChooseLife View Post
    i understand replacing the DC and keeping the old IP would make your life easier, but there is a high risk that the AD will break in the process. i tried this in a test lab before and it did not work, even though i did a fair bit of clean up in dns and adsiedit in the process...
    No there's not. As long as DNS is updated accordingly, you can change the IP address without worry.

    http://technet.microsoft.com/en-us/l...8WS.10%29.aspx

    As long as you remove the old DC (dcpromo, remove from DNS, etc.) then you have nothing to worry about. I've done this very same thing multiple times. Since you have more than one DC, it makes it even easier.

    The DHCP thing is another discussion. I'd rather use DHCP reservations over static IP addresses.
    Last edited by RTmarc; 05-06-2011 at 06:12 PM.
    Reply With Quote Quote  

  16. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #15
    sweet..I am going to image it 2x both c and d drive before I attempt this.
    I plan to make sure to demote it and then wait and then check the other DCs to make sure all meta data cleaned up..

    then I will promote new cd with same ip...

    and if it funks out; haha I will restore and call in some help..but I have done before just along time ago..seems straight forward...

    thanks guys for all your guidance you are so cool!
    beers on me
    Reply With Quote Quote  

  17. Certification Junkie Budzy's Avatar
    Join Date
    Mar 2009
    Location
    UK
    Posts
    117

    Certifications
    MCSE x1, MCSA x4, MCITP x3, MCTS x6, MCP x2
    #16
    Hi ITdaddy,

    You mention about your old DC ‘dying’. Just a quick question; is this due to unreliable/old hardware?

    It’s just you mentioned in your last post about imaging the disk volumes just as a backup. So if this is the case, was thinking you could perhaps try simply restoring this image onto the new hardware (providing the imaging software has some sort of universal restore facility like Acronis does). In this case you would only need to install the hardware drivers, configure the NIC and give the box a once over etc.

    I know this isn’t the cleanest way of doing things, but I’ve successfully performed this operation in the past as a quick-fix solution for when a DC has gone down in the middle of a working day or if it’s randomly generating a hardware related BSOD.

    If you have other software related issues with the current DC, or if you’re wanting to learn from this experience for Microsoft server exams then please ignore my post.

    Best regards,

    Budzy.
    Reply With Quote Quote  

  18. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #17

    Default GOOD NEWS P to V a smashing hit

    YO dudes...

    we did a vmware convert on this DC and 100% perfect no active directory issues none!

    WORKED AWESOME. saved my butt! hahah
    thanks guys for all your help....

    Budzy

    the reason I am imaging or did image was because in case of the conversion to vm would corrupt the dc I have heard of this happening. and if the convert failed but corupted the dc i could restore and try again with something else.
    Last edited by itdaddy; 05-12-2011 at 03:19 AM.
    Reply With Quote Quote  

  19. Certification Junkie Budzy's Avatar
    Join Date
    Mar 2009
    Location
    UK
    Posts
    117

    Certifications
    MCSE x1, MCSA x4, MCITP x3, MCTS x6, MCP x2
    #18
    Glad you found a good working solution for this.
    Reply With Quote Quote  

  20. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,056

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #19
    OMG it was sick 35 minutes and hold my breath and bam converted it right to the data store HOT and bam turn on added vmware tools reboot bam! done. I couldnt believe it I was jumping up and down.hahhah really I was..
    This DC was interwoven with the firewall and proxy offsite server ect..uses the certifcation services and everything wasnt sure what else but it was the first dc in the network and now is converted to vm perfect.

    next is a mail exhange 2003 server will do that one COLD booting to vmware convert CD and do it that way..heard many good things about that. I will report back. I do use shadow protect software first to image then i play and pray! HAHAH
    doing 8 conversion s this year voice server included
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks