We plan to create a new Server 2012 R2 AD Domain Controller also having the DHCP Server role to replace a 32-bit Server 2003 Standard SP2 Domain Controller running DNS Server (AD-Integrated) and DHCP Server. The existing server is a member of the DNSUpdateProxy
domain group and the DHCP service runs under a dedicated user account...also a member of the DNSUpdateProxy domain group. It is one of two preferred bridgehead servers and has several manually-created site links to other DC's at remote sites. It also holds
the Domain Naming Master FSMO role.
Because of the great number of VLAN's on approximately 180 switches in our enterprise all having multiple instances of the DHCP helper address corresponding to the IP address of the existing DC/DHCP server and also because of potential legacy dependencies on its NetBIOS or FQDN names in scores of applications run on our network and in various clouds, we wish to deploy the new server in a way which preserves both the IP address and the name of the existing server. If this is an unrealistic objective, I need to understand why.
What is the simplest way to accomplish this?
I recognize it would involve at least the following:
Transfer the existing server's FSMO role (Domain Naming Master) to another DC;
Provision the new Server 2012 R2 server as a DC and DHCP server;
Add the new server's computer acct to DNSUpdateProxy group;
Which of these alternative sets of guidance are relevant: http://blogs.technet.com/b/canitpro/archive/2014/11/26/step-by-step-migrating-dhcp-from-windows-server-2003-to-2012-r2.aspx or http://windowsitpro.com/windows-server-2003-end-support/migrating-dhcp-server-2003-server-2012-r2 or https://technet.microsoft.com/en-us/library/dn495425.aspx;
Does the following statement in the above technet article rule out that article's use as a guide since the existing server is also a DC and DNS server: ("If the source server is running multiple roles, some migration steps in this guide, such as those for computer name and IP configuration, can cause other roles that are running on the source server to fail.")
After migrating DHCP from old to new server, verify the new server retained the setting to run with DNS Dynamic Update registration user account;
Move the AD Sites & Services Site Links configured to/from existing DC to a different DC;
Demote old DC, then verify that all 'A', 'NS' and 'SRV' records for that server have been deleted and that Name Servers tab on forward lookup zone properties on all DC's no longer shows the old server name/IP and that Sites & Services objects of the old server are deleted;
Delete old demoted DC's computer account;
Run repadmin commands to sync up all AD replication partners (repadmin /syncall AdeP)
Run this command to rename the newly provisioned replacement DC: netdom computername <CurrentComputerName> /add:<NewComputerName>
Follow guidance in these articles to change IP address of replacement DC/DHCP server: https://community.spiceworks.com/topic/576152-change-ip-of-windows-server-2012-r2-domain-controller and
https://technet.microsoft.com/en-us/library/cc794931(WS.10).aspx.
What have I missed in this analysis and are the tasks in the correct order?
How much downtime would you conservatively estimate this would take?
Finally, we plan to run this DC/DHCP server as a VM in a Server 2012 R2 Hyper-V clustered failover mode using Starwind virtual SAN software on two Hyper-V host servers. Any other guidance as to how to make the DHCP service as resilient and highly available as possible?
Thanks,
Scott
Because of the great number of VLAN's on approximately 180 switches in our enterprise all having multiple instances of the DHCP helper address corresponding to the IP address of the existing DC/DHCP server and also because of potential legacy dependencies on its NetBIOS or FQDN names in scores of applications run on our network and in various clouds, we wish to deploy the new server in a way which preserves both the IP address and the name of the existing server. If this is an unrealistic objective, I need to understand why.
What is the simplest way to accomplish this?
I recognize it would involve at least the following:
Transfer the existing server's FSMO role (Domain Naming Master) to another DC;
Provision the new Server 2012 R2 server as a DC and DHCP server;
Add the new server's computer acct to DNSUpdateProxy group;
Which of these alternative sets of guidance are relevant: http://blogs.technet.com/b/canitpro/archive/2014/11/26/step-by-step-migrating-dhcp-from-windows-server-2003-to-2012-r2.aspx or http://windowsitpro.com/windows-server-2003-end-support/migrating-dhcp-server-2003-server-2012-r2 or https://technet.microsoft.com/en-us/library/dn495425.aspx;
Does the following statement in the above technet article rule out that article's use as a guide since the existing server is also a DC and DNS server: ("If the source server is running multiple roles, some migration steps in this guide, such as those for computer name and IP configuration, can cause other roles that are running on the source server to fail.")
After migrating DHCP from old to new server, verify the new server retained the setting to run with DNS Dynamic Update registration user account;
Move the AD Sites & Services Site Links configured to/from existing DC to a different DC;
Demote old DC, then verify that all 'A', 'NS' and 'SRV' records for that server have been deleted and that Name Servers tab on forward lookup zone properties on all DC's no longer shows the old server name/IP and that Sites & Services objects of the old server are deleted;
Delete old demoted DC's computer account;
Run repadmin commands to sync up all AD replication partners (repadmin /syncall AdeP)
Run this command to rename the newly provisioned replacement DC: netdom computername <CurrentComputerName> /add:<NewComputerName>
Follow guidance in these articles to change IP address of replacement DC/DHCP server: https://community.spiceworks.com/topic/576152-change-ip-of-windows-server-2012-r2-domain-controller and
https://technet.microsoft.com/en-us/library/cc794931(WS.10).aspx.
What have I missed in this analysis and are the tasks in the correct order?
How much downtime would you conservatively estimate this would take?
Finally, we plan to run this DC/DHCP server as a VM in a Server 2012 R2 Hyper-V clustered failover mode using Starwind virtual SAN software on two Hyper-V host servers. Any other guidance as to how to make the DHCP service as resilient and highly available as possible?
Thanks,
Scott