Migration to Server 2008 and naming schemes?

[mlc9]

We currently have a simple Windows 2003 network of one domain, with two physical domain controllers (primary and secondary). We are going migrate to a Windows 2008 environment and virtualize with the same two domain controller setup (two virtual servers are to replace the current two physical ones).

My question is a best practice recommendation on naming and IP addressing of the two new servers. I am not looking to just "copy" over the physical servers into a virtual environment. My plan was to just bring up the two new servers, promote them as DC's, let replication of AD, DHCP, DNS, etc take place, and then promote new/demote old servers. By doing that, I'd theoretically need to give the new servers different domain names and IPs. In order for domain continuity, should I somehow just rename these new servers the same as the old, with eventually the same IP addresses? Again, it is a small domain with only about 8 others servers (file server, Exchange email server, etc).

I think, in order to avoid some pitfalls, it seems like keeping the same domain names and IPs would be good idea. Any recommendations or similar experiences? Thanks

 

[kmcferrin]

Do not keep the same name and IP addresses, that's basically a "worst practices" move. Just build your new DCs, promote them, ensure transfer the FSMO roles, ensure that all replication has completed successfully and then demote the old DCs. All DC names and addresses are published in DNS, so there should be no issues with clients finding them new DCs.

This assumes that your clients are not using your old DCs as DNS servers. If they are then you will need to change the DNS server addresses that are being handed out by DHCP (or are hard-coded, if that's the case).

Also, be sure to follow best practices for virtualizing DCs. I generally recommend that you always keep one physical DC "just in case". This is especially critical if your VMs are stored in a Hyper-V clustered environment, as the cluster is dependent upon AD and the DCs will be dependent on the cluster, ergo once you take them down they won't come back up without a lot of effort.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

 

[mlc9]

Hmmm. A little bummed, because my fear was that clients, domain-related services, other servers, etc looked to those current DC names and IP addresses, and that eventually re-naming the new ones the same thing could alleviate some headaches. Someone had even mentioned to me that Microsoft recommends keeping the same name/IP in such a scenario, but I can't find that anywhere. Thus, the reason I am reaching out on this forum.

As far as DNS is concerned, yes, my current primary DC does act as our corporate DNS server. So, is the concern that if clients are still looking to that server after the promotion/demotion, or is it an issue that I am using my primary DC as DNS server right now?

 

[kmcferrin]

A little bummed, because my fear was that clients, domain-related services, other servers, etc looked to those current DC names and IP addresses, and that eventually re-naming the new ones the same thing could alleviate some headaches.

Unless you have hard-coded something (including additional services like file/print, etc), nobody is looking at those names/addresses for anything. They are hitting DNS and saying "give me a domain controller", and DNS gives them a DC to connect to. That's the whole point of Active Directory, it doesn't matter if a single server is available or not because it gets the information that it needs from any available DC.

I've probably gone a bit too far towards the "don't re-use names and IP addresses" camp. You could do so, but you could potentially run into problems if the old servers aren't completely cleaned up and removed properly. On top of that, it can be confusing to people when the old servers have gone away but appear to remain intact.

To do the migration this way requires you to build new DCs, do FSMO migration and ensure replication is done, then decomm the old DCs, then rename and re-IP the new DCs. There's no really no point in doing that final step because AD will already be working properly before you get there.



________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

 

[NortonES2]

Keep the name of the new DCs different to the original but you can change the IP address to the original after shutting the old DCs down. We do this because it saves us have to change our firewall rules allowing external time \ dns lookups etc.

-------------------------------

If it doesn't leak oil it must be empty!!

 

[58sniper]

Here are some steps to keep in mind:
faq1674-7371

Also, as far as virtualizing your DC, make sure that the virtual host is not trying to server as the time sync to the DC holding the PDCe role, as that can cause some issues.

Stop by the new Tek-Tips group at LinkedIn. Come say hi, look for a job, have some fun.

http://www.linkedin.com/groups/Networking-TekTipscom-forums-members-3952395

Pat Richard MVP

http://www.exchangeblogs.com/

 

[58sniper]

Oh - and I'll add - don't put both virtual DCs on the same virtual host.

Stop by the new Tek-Tips group at LinkedIn. Come say hi, look for a job, have some fun.

http://www.linkedin.com/groups/Networking-TekTipscom-forums-members-3952395

Pat Richard MVP

http://www.exchangeblogs.com/