ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    question about setting up a new domain controller

    Scheduled Pinned Locked Moved IT Discussion
    347 Posts 10 Posters 65.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dave247D
      dave247 @scottalanmiller
      last edited by

      @scottalanmiller said in question about setting up a new domain controller:

      @dave247 said in question about setting up a new domain controller:

      @scottalanmiller said in question about setting up a new domain controller:

      @dave247 said in question about setting up a new domain controller:

      The main thing I'm wondering about is if I can simply set up the new 2012 R2 server, promote it to domain controller, and then one by one point my servers and all the other statically mapped systems to it, without experiencing any disruptions.

      You can have all three, or more, running at once, you disruptions. The only thing that gets repointed, static or dynamic, is the DNS settings, not the AD ones. DNS handles AD transparently.

      I don't understand..

      AD DCs run in clusters. You can have as many as you like, they are one single pool. So you can add as many as you want, and they all get used, live.

      You never point to AD. There is no setting for that on Windows. The clients request AD information from DNS, DNS points them to the AD DC that is best for them at the time (or just round robin.)

      ok. Let me explain my reasoning a bit better since I am clearly not doing a good job.

      DC1: 10.0.0.9
      DC2: 10.0.0.10
      New DC: 10.0.0.11

      Right now, ALL my static mapped servers, printers and appliances point to 10.0.0.9 as primary DNS and 10.0.0.10 as secondary. If I am introducing a new DC that will eventually REPLACE DC1, then I need to REPLACE all entries that look at 10.0.0.9. Does that make sense? That's what I'm worried about, that I don't miss anything or mess something up during the span of time that I am making the change.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • dave247D
        dave247 @travisdh1
        last edited by

        @travisdh1 said in question about setting up a new domain controller:

        @scottalanmiller said in question about setting up a new domain controller:

        @scottalanmiller said in question about setting up a new domain controller:

        @dave247 said in question about setting up a new domain controller:

        As I explained in the OP, Exchange 2010 SP3 will not work with a 2016 DC.

        That can't be right. What's the documentation on that?

        https://blogs.technet.microsoft.com/rmilne/2016/05/16/exchange-support-for-windows-server-2016/

        So it does say it there, how is this possible? How can 2016 be working properly yet break something like this?

        image_thumb378.png

        Just be glad YOU haven't had to deal with Exchange's silly requirements lately!

        What's that?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          Hey, Microsoft support disagrees with the matrix and says that it DOES work.

          https://partnersupport.microsoft.com/en-us/par_servplat/forum/par_exchserv/add-another-dc-which-is-on-windows-server-2016/86020fd0-5dc1-4fd1-bb97-cdb89f06bd6b

          travisdh1T dave247D 2 Replies Last reply Reply Quote 1
          • ObsolesceO
            Obsolesce @scottalanmiller
            last edited by

            @scottalanmiller said in question about setting up a new domain controller:

            @dave247 said in question about setting up a new domain controller:

            @scottalanmiller said in question about setting up a new domain controller:

            @tim_g said in question about setting up a new domain controller:

            @scottalanmiller said in question about setting up a new domain controller:

            @dave247 said in question about setting up a new domain controller:

            I would like to set up a 2012 R2 domain..

            What is driving you to do a fresh install of an old OS?

            Exchange 2010 SP3 he said.

            How does that affect the DC, though? That affects the Exchange server.

            Yeah, if Exchange won't work, then I don't want to use 2016 for now.

            Which begs the question.... how is 2016 doing 2012 or earlier domain levels, if it isn't fully compatible with them? How and why did MS break that in that way. That's very concerning.

            Exchange 2013 was the big change, that works with everything except Server 2003.

            Exchange 2010 is the old style Exchange, so it makes perfect sense it wouldn't work with Server 2016.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @dave247
              last edited by

              @dave247 said in question about setting up a new domain controller:

              @travisdh1 said in question about setting up a new domain controller:

              @scottalanmiller said in question about setting up a new domain controller:

              @scottalanmiller said in question about setting up a new domain controller:

              @dave247 said in question about setting up a new domain controller:

              As I explained in the OP, Exchange 2010 SP3 will not work with a 2016 DC.

              That can't be right. What's the documentation on that?

              https://blogs.technet.microsoft.com/rmilne/2016/05/16/exchange-support-for-windows-server-2016/

              So it does say it there, how is this possible? How can 2016 be working properly yet break something like this?

              image_thumb378.png

              Just be glad YOU haven't had to deal with Exchange's silly requirements lately!

              What's that?

              He was talking to me, I think.

              1 Reply Last reply Reply Quote 0
              • travisdh1T
                travisdh1 @scottalanmiller
                last edited by

                @scottalanmiller said in question about setting up a new domain controller:

                Hey, Microsoft support disagrees with the matrix and says that it DOES work.

                https://partnersupport.microsoft.com/en-us/par_servplat/forum/par_exchserv/add-another-dc-which-is-on-windows-server-2016/86020fd0-5dc1-4fd1-bb97-cdb89f06bd6b

                Why am I not surprised that Microsoft's own documentation can't make up it's mind?

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @Obsolesce
                  last edited by

                  @tim_g said in question about setting up a new domain controller:

                  Exchange 2010 is the old style Exchange, so it makes perfect sense it wouldn't work with Server 2016.

                  It doesn't make any sense at all as the AD is supposed to be absolutely identical regardless of the OS version it is running on. If the OS version changes anything as far as support, AD isn't stable and their versioning is broken.

                  1 Reply Last reply Reply Quote 2
                  • dave247D
                    dave247 @scottalanmiller
                    last edited by

                    @scottalanmiller said in question about setting up a new domain controller:

                    Hey, Microsoft support disagrees with the matrix and says that it DOES work.

                    https://partnersupport.microsoft.com/en-us/par_servplat/forum/par_exchserv/add-another-dc-which-is-on-windows-server-2016/86020fd0-5dc1-4fd1-bb97-cdb89f06bd6b

                    Yeah, I can have Exchange 2016 with 2008 R2 domain controllers, but I can NOT have 2016 domain controllers with a Exchange 2010 SP3 server

                    1 Reply Last reply Reply Quote 0
                    • ObsolesceO
                      Obsolesce
                      last edited by

                      I see, having Server 2016 is fine, however, Domain functional level can't be.

                      scottalanmillerS 1 Reply Last reply Reply Quote 2
                      • scottalanmillerS
                        scottalanmiller @dave247
                        last edited by

                        @dave247 said in question about setting up a new domain controller:

                        @scottalanmiller said in question about setting up a new domain controller:

                        @dave247 said in question about setting up a new domain controller:

                        @scottalanmiller said in question about setting up a new domain controller:

                        @dave247 said in question about setting up a new domain controller:

                        The main thing I'm wondering about is if I can simply set up the new 2012 R2 server, promote it to domain controller, and then one by one point my servers and all the other statically mapped systems to it, without experiencing any disruptions.

                        You can have all three, or more, running at once, you disruptions. The only thing that gets repointed, static or dynamic, is the DNS settings, not the AD ones. DNS handles AD transparently.

                        I don't understand..

                        AD DCs run in clusters. You can have as many as you like, they are one single pool. So you can add as many as you want, and they all get used, live.

                        You never point to AD. There is no setting for that on Windows. The clients request AD information from DNS, DNS points them to the AD DC that is best for them at the time (or just round robin.)

                        ok. Let me explain my reasoning a bit better since I am clearly not doing a good job.

                        DC1: 10.0.0.9
                        DC2: 10.0.0.10
                        New DC: 10.0.0.11

                        Right now, ALL my static mapped servers, printers and appliances point to 10.0.0.9 as primary DNS and 10.0.0.10 as secondary. If I am introducing a new DC that will eventually REPLACE DC1, then I need to REPLACE all entries that look at 10.0.0.9. Does that make sense? That's what I'm worried about, that I don't miss anything or mess something up during the span of time that I am making the change.

                        That agrees with what I said. It's the DNS entries that you are changing. That the DNS runs on the same servers as AD DC is coincidental. It's normal and the right thing to do, but it's not a requirement nor actually relevant here. It feels like it's tightly connected, but it just feels that way because of the coincidental deployment.

                        You don't actually need to replace the 10.0.0.9 entries for things to work. You'll lose DNS round robin redundancy, but things will still work. If you added 10.0.0.11 and didn't remove 10.0.0.9 things would work, and have redundancy. You should remove 10.0.0.9, but it would work if you didn't.

                        But the important piece here is that you are only talking about a DNS change, not an AD change, at this point. This is purely "how do I replace one DNS server with another."

                        dave247D 1 Reply Last reply Reply Quote 0
                        • ObsolesceO
                          Obsolesce
                          last edited by Obsolesce

                          At least according to that linked reply.

                          I'd play it safe though, breaking Exchange sucks.

                          Find out 100% first.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • dave247D
                            dave247
                            last edited by

                            I might just open a case with Microsoft and have help with this. I've asked about this about 10 different times over 2017 (just to mull it over) and everytime I get a huge mix of seemingly contradicting information/advice. This is why I haven't done anything yet.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Obsolesce
                              last edited by

                              @tim_g said in question about setting up a new domain controller:

                              I see, having Server 2016 is fine, however, Domain functional level can't be.

                              Right, which is all that we were ever discussing. We were never saying he should raise the functional level, only install the current OS. Since he is going to have a mix of servers for a while, raising the functional level isn't even an option.

                              1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @dave247
                                last edited by

                                @dave247 said in question about setting up a new domain controller:

                                I might just open a case with Microsoft and have help with this. I've asked about this about 10 different times over 2017 (just to mull it over) and everytime I get a huge mix of seemingly contradicting information/advice. This is why I haven't done anything yet.

                                How would that help? MS doesn't know. MS aren't the experts on Windows.

                                dave247D 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Obsolesce
                                  last edited by

                                  @tim_g said in question about setting up a new domain controller:

                                  Find out 100% first.

                                  Only a lab can tell you that.

                                  dave247D 1 Reply Last reply Reply Quote 0
                                  • dave247D
                                    dave247 @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in question about setting up a new domain controller:

                                    @dave247 said in question about setting up a new domain controller:

                                    @scottalanmiller said in question about setting up a new domain controller:

                                    @dave247 said in question about setting up a new domain controller:

                                    @scottalanmiller said in question about setting up a new domain controller:

                                    @dave247 said in question about setting up a new domain controller:

                                    The main thing I'm wondering about is if I can simply set up the new 2012 R2 server, promote it to domain controller, and then one by one point my servers and all the other statically mapped systems to it, without experiencing any disruptions.

                                    You can have all three, or more, running at once, you disruptions. The only thing that gets repointed, static or dynamic, is the DNS settings, not the AD ones. DNS handles AD transparently.

                                    I don't understand..

                                    AD DCs run in clusters. You can have as many as you like, they are one single pool. So you can add as many as you want, and they all get used, live.

                                    You never point to AD. There is no setting for that on Windows. The clients request AD information from DNS, DNS points them to the AD DC that is best for them at the time (or just round robin.)

                                    ok. Let me explain my reasoning a bit better since I am clearly not doing a good job.

                                    DC1: 10.0.0.9
                                    DC2: 10.0.0.10
                                    New DC: 10.0.0.11

                                    Right now, ALL my static mapped servers, printers and appliances point to 10.0.0.9 as primary DNS and 10.0.0.10 as secondary. If I am introducing a new DC that will eventually REPLACE DC1, then I need to REPLACE all entries that look at 10.0.0.9. Does that make sense? That's what I'm worried about, that I don't miss anything or mess something up during the span of time that I am making the change.

                                    That agrees with what I said. It's the DNS entries that you are changing. That the DNS runs on the same servers as AD DC is coincidental. It's normal and the right thing to do, but it's not a requirement nor actually relevant here. It feels like it's tightly connected, but it just feels that way because of the coincidental deployment.

                                    You don't actually need to replace the 10.0.0.9 entries for things to work. You'll lose DNS round robin redundancy, but things will still work. If you added 10.0.0.11 and didn't remove 10.0.0.9 things would work, and have redundancy. You should remove 10.0.0.9, but it would work if you didn't.

                                    But the important piece here is that you are only talking about a DNS change, not an AD change, at this point. This is purely "how do I replace one DNS server with another."

                                    but... when 10.0.0.9 goes away, it will stop working.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • dave247D
                                      dave247 @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in question about setting up a new domain controller:

                                      @dave247 said in question about setting up a new domain controller:

                                      I might just open a case with Microsoft and have help with this. I've asked about this about 10 different times over 2017 (just to mull it over) and everytime I get a huge mix of seemingly contradicting information/advice. This is why I haven't done anything yet.

                                      How would that help? MS doesn't know. MS aren't the experts on Windows.

                                      What? ?

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • dave247D
                                        dave247 @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in question about setting up a new domain controller:

                                        @tim_g said in question about setting up a new domain controller:

                                        Find out 100% first.

                                        Only a lab can tell you that.

                                        yeah I do have a lab that I wanted to try all this in first.. I guess I will go ahead and do that.

                                        1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @dave247
                                          last edited by

                                          @dave247 said in question about setting up a new domain controller:

                                          @scottalanmiller said in question about setting up a new domain controller:

                                          @dave247 said in question about setting up a new domain controller:

                                          I might just open a case with Microsoft and have help with this. I've asked about this about 10 different times over 2017 (just to mull it over) and everytime I get a huge mix of seemingly contradicting information/advice. This is why I haven't done anything yet.

                                          How would that help? MS doesn't know. MS aren't the experts on Windows.

                                          What? ?

                                          Bottom line, MS isn't an IT company, they are a software company. They can't even document this issue internally - they literally don't know the answer here. MS Support is famously incompetent - but they give you your money back if they can't do anything. But that's their mode of operation, charge you when the work was easy, refund your money so you don't sue them if they can't support their own stuff (which is really common.) MS is famous for not having a good ability to provide support for their own products, that's why internal MS support teams in companies are so important. That's your only line of reliable support.

                                          This is one of the reasons that MS products have such a poor reputation at enterprise level; there is no reliable vendor support behind them. Their products are decent, but their support is somewhere between a joke and "doesn't exist."

                                          dave247D 1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @dave247
                                            last edited by

                                            @dave247 said in question about setting up a new domain controller:

                                            @scottalanmiller said in question about setting up a new domain controller:

                                            @dave247 said in question about setting up a new domain controller:

                                            @scottalanmiller said in question about setting up a new domain controller:

                                            @dave247 said in question about setting up a new domain controller:

                                            @scottalanmiller said in question about setting up a new domain controller:

                                            @dave247 said in question about setting up a new domain controller:

                                            The main thing I'm wondering about is if I can simply set up the new 2012 R2 server, promote it to domain controller, and then one by one point my servers and all the other statically mapped systems to it, without experiencing any disruptions.

                                            You can have all three, or more, running at once, you disruptions. The only thing that gets repointed, static or dynamic, is the DNS settings, not the AD ones. DNS handles AD transparently.

                                            I don't understand..

                                            AD DCs run in clusters. You can have as many as you like, they are one single pool. So you can add as many as you want, and they all get used, live.

                                            You never point to AD. There is no setting for that on Windows. The clients request AD information from DNS, DNS points them to the AD DC that is best for them at the time (or just round robin.)

                                            ok. Let me explain my reasoning a bit better since I am clearly not doing a good job.

                                            DC1: 10.0.0.9
                                            DC2: 10.0.0.10
                                            New DC: 10.0.0.11

                                            Right now, ALL my static mapped servers, printers and appliances point to 10.0.0.9 as primary DNS and 10.0.0.10 as secondary. If I am introducing a new DC that will eventually REPLACE DC1, then I need to REPLACE all entries that look at 10.0.0.9. Does that make sense? That's what I'm worried about, that I don't miss anything or mess something up during the span of time that I am making the change.

                                            That agrees with what I said. It's the DNS entries that you are changing. That the DNS runs on the same servers as AD DC is coincidental. It's normal and the right thing to do, but it's not a requirement nor actually relevant here. It feels like it's tightly connected, but it just feels that way because of the coincidental deployment.

                                            You don't actually need to replace the 10.0.0.9 entries for things to work. You'll lose DNS round robin redundancy, but things will still work. If you added 10.0.0.11 and didn't remove 10.0.0.9 things would work, and have redundancy. You should remove 10.0.0.9, but it would work if you didn't.

                                            But the important piece here is that you are only talking about a DNS change, not an AD change, at this point. This is purely "how do I replace one DNS server with another."

                                            but... when 10.0.0.9 goes away, it will stop working.

                                            No, it won't. That was my point, it would keep working. DNS has protections from that. If 10.0.0.10 went away as well, only then would it stop working.

                                            dave247D 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 17
                                            • 18
                                            • 2 / 18
                                            • First post
                                              Last post