Announcement

Collapse
No announcement yet.

Replace both of our 2 DCs. If only it were that simple.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Replace both of our 2 DCs. If only it were that simple.

    I have a frigginí mess here. Please bear with me. I want to be thorough in describing the problem.

    I have two servers running critical functions that are scheduled to be replaced in short order and Iím struggling to get my miniscule brain around everything that needs to be planned for and how to gracefully execute the replacement.
    These two servers are both DCs for a single domain and forest. Both the servers are running AD-Integrated DNS. The domain functional level is Widows 2000 native. The forest functional level is Windows 2000. Thatís where the similarities end.

    DC1 is running Windows 2003 and holds all the FSMO roles. It is running DNS, is the one and only Enterprise CA for the domain, is our main DHCP server, runs a few internal IIS sites, and also runs IAS for PEAP wireless authentication and authorization. Itís also the one and only Exchange 2003 server for our organization.

    DC2 is running Windows 2000 and as mentioned above is also running DNS for the domain. Thatís all the server does. This is server is scheduled to be replaced first.

    Our plan is to introduce two new identical Server 2008-based DCs. Ultimately we want to run at the 2008 domain and forest functional levels. In addition to AD and AD-integrated DNS, we wish for both servers to run IAS for PEAP wireless authentication and authorization, be enterprise CAs and DHCP servers. Basically, we want both servers to be identical from a services perspective so that should one go down, not a single service is affected from a user perspective.

    The tricky part: if possible, we want to preserve the IP addresses from the old servers to the new. Why? We donít want to have to have all workstations manually renew their DHCP leases to get new DNS server references. We donít want to have to change the DNS servers for all our equipment with static IP configurations. And we especially donít want to do it twice (since both DCs wonít be replaced at the same time). You may call it being lazyóI call it being efficientÖand lazy. We canít just leave DC1 and DC2 online running only AD and DNS foreverówe desperately need the rack space.

    Oh yeah, Exchange 2007 will be deployed on a few VMs to replace the Exchange 2003 services on DC1. We know we need to take care of Exchange first before retiring DC1.

    Still with me? Hello? Is this thing on?

    From a high level, this is my (likely flawed) plan:

    1.Install new 2008 servers (DC3 and DC4) and join to domain. Prepare existing domain and forest for 2008 servers. Demote, change IP and power-down DC2. Change IP on DC3 to old DC2 IP. Promote DC3 to DC, make GC server. Install DNS, integrate with AD. Wait for fallout.

    2.Migrate all Exchange functions to newly installed Exchange 2007 servers. Uninstall Exchange 2003 from DC1. Somehow move CA functions from DC1 to DC3. Move IAS database from DC1 to DC3. Migrate DHCP database from DC1 to DC3. Move IIS sites from DC1 to another server. Demote, change IP, and power-down DC1. Change IP on DC4 to old DC1. Reboot DC4. Promote DC4 to DC, Install DNS on DC4, integrate with AD. Wait for larger fallout. Sign up for unemployment.

    First thing first: are we out of our minds? Is there a better approach to take? I donít profess to have much of a clue as to what Iím doing here, as Iím sure is quickly becoming apparent.

    Secondly: If you were me, other than drinking heavily, what would you do here and in what order? Iím not asking you to do my job. Well I guess I sorta am. Regardless, ANY help would be appreciated and would give me more time to devote to my aforementioned on-the-job drinking habit.

    TIA

  • #2
    Re: Replace both of our 2 DCs. If only it were that simple.

    Originally posted by ErEkoSuave View Post
    The tricky part: if possible, we want to preserve the IP addresses from the old servers to the new. Why? We donít want to have to have all workstations manually renew their DHCP leases to get new DNS server references.
    If they are indeed DHCP clients, then DNS addresses will be configured automatically... or have I missed something here?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Replace both of our 2 DCs. If only it were that simple.

      Most workstations are, yes, but if we change DNS server addresses the clients would have to renew their lease to get the new DNS server entries. This lease renewal likely wouldn't be automagic, so we'd have to have all our users reboot. This shouldn't be a big deal, but keep in mind I work for a bunch of doctors. Frankly I'm more concerned with all our statically assigned IPs.

      Comment


      • #4
        Re: Replace both of our 2 DCs. If only it were that simple.

        Do you have many static equipment with DNS servers configured?
        DHCP won't give you an issue as long as you shorten the lease time in advance.
        Make it an hour or so, and change the DNS server in the DHCP scopes
        Lease renewals are done automatic once the lease expires.

        Anyhow, there are different approaches you can do. Basically in short:
        a) Install W2k8, dcpromo, install rest of the stuff (like dns and so on) and done.
        b) Install w2k8, dcpromo, shutdown one server change IP, re-register DNS and other stuff and done.
        c) shutdown server, give correct ip address, install w2k8 dcpromo and install stuff and done.
        d)Install w2k8, shutdown server, install w2k8 dcpromo and install stuff and done.

        For moving CA please review:
        http://technet.microsoft.com/en-us/l.../cc755153.aspx
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Replace both of our 2 DCs. If only it were that simple.

          I don't claim to be an expert, but some completely random ideas:

          Are all of your DC's also GC's? If not you may want to look into setting up that way. Make sure you gracefully transfer all your FSMO roles before decommissioning DC1. http://support.microsoft.com/kb/223346

          If you're not using the Default-First-Site-Name don't forget to move your new DCs to the correct site.

          When you decommission the old DC's make sure you have this handy:http://support.microsoft.com/kb/216498. I walk through this even if it looks like the demotion was successful just to be sure. Also, make sure you do a DCDIAG on all your DCs before you demote. You don't want to discover a replication problem in the middle of a demotion.

          KB298138 - how to move a CA. If it's enterprise integrated make sure you load up with enterprise server. This KB says that if you want to move a CA that's running W2K to W2K3 you first must do an in-place upgrade before the migration. I wouldn't be at all surprised if this was the case moving from W2K3 to WS08 as well.

          Our DCs are all setup with mirrored arrays for both the OS and directory partitions. If you're setup simularly, you can break the mirror and set one of the drives aside just in case.

          Depending on the virtual infrastructure you have in place I would definately consider putting DHCP and the CA on VM's. I don't think either of these (especially the CA) are well suited for side by side installations and having them as VMs may open up some disaster recovery options for you.

          I know nothing about Exchange, and that ignorance is definitely bliss.

          Good Luck!

          Comment

          Working...
          X