Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier)
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
Do you remember someone giving some logic or colour as to why they felt that IPs had to be protected in that way?
-
I vaguely recall someone asked no about reusing a name. But I don’t think it was a year ago.
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
There's your problem. I would pass on Reddit as much as possible. While those users do give some good advice there is just as much false information and crap you have to wade through.
-
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.
Starting at Step 2 below, do following steps quickly.
-
Bring up new DC in parallel to the old one.
-
Transfer FSMO roles to new DC.
-
Demote old DC with DCPROMO.
-
Turn off old DC.
-
Set IP on new DC to what the old DC IP was. Possilble reboot new DC.
-
Verify DNS stuff reflects new DC having correct IP.
-
On a test client/user PC, do an
ipconfig /flushdns
, maybe even a reboot. -
On a client/user PC, do an NSLOOKUP to domain.com.
-
On a client/user PC, enter
set log
, verify it returns the correct DC.
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Not same IP, what you shouldn’t do is name it the same only. Also even if you have setup DNS statically you can use Group Policy and Powershell to change the DNS server on the servers which is pretty much easy to do.
-
-
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Why not? That's more or less how it is meant to be done.
IDK, that's just what a lot of people advised against.. I thought you guys were some of those people... lol
I don't think that we were, lol.
I bounce around between reddit, mangolassi and sometimes SW so it's hard to remember...
Do you remember someone giving some logic or colour as to why they felt that IPs had to be protected in that way?
No, I don't.. that's ok though. This thread was a good refresher and I will put the advice down in my notes for when I execute the plan.
Thanks guys.
-
@dbeato said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dave247 said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
One thing to note, is that once you demote the old DC, you can easily change the IP of the new Server 2016 DC. It changes everything automatically these days.
Starting at Step 2 below, do following steps quickly.
-
Bring up new DC in parallel to the old one.
-
Transfer FSMO roles to new DC.
-
Demote old DC with DCPROMO.
-
Turn off old DC.
-
Set IP on new DC to what the old DC IP was. Possilble reboot new DC.
-
Verify DNS stuff reflects new DC having correct IP.
-
On a test client/user PC, do an
ipconfig /flushdns
, maybe even a reboot. -
On a client/user PC, do an NSLOOKUP to domain.com.
-
On a client/user PC, enter
set log
, verify it returns the correct DC.
See now this was my original plan like a year ago... almost everyone strongly advised against using the same IP for the new DC..
Not same IP, what you shouldn’t do is name it the same only. Also even if you have setup DNS statically you can use Group Policy and Powershell to change the DNS server on the servers which is pretty much easy to do.
New name, same IP works, yeah.
-
-
Reddit for IT stuff, the same site that host r/TheDonald ?
-
@momurda said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
Reddit for IT stuff, the same site that host r/TheDonald ?
LOL, not a great site for IT stuff. You get a few gems but the overall situation is very.... rough.
-
@momurda said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
Reddit for IT stuff, the same site that host r/TheDonald ?
I am not a fan of Reddit
-
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
-
@dashrender said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
The "better" option if you're using Windows and Active Directory is to just setup a DFS namespace. Simple, easy to manage, and scalable.
-
@coliver said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dashrender said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
The "better" option if you're using Windows and Active Directory is to just setup a DFS namespace. Simple, easy to manage, and scalable.
Actually, I find DFS overcomplicated in the SMB space. Many SMB do not need more than a DNS CNAME to handle it.
-
@jaredbusch said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@coliver said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
@dashrender said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
A lesson I picked up around here is make your network shares using a cname, not the name of the server. This enables you to move a share to another server by just updating DNS, the mappings will all stay the same.
The "better" option if you're using Windows and Active Directory is to just setup a DFS namespace. Simple, easy to manage, and scalable.
Actually, I find DFS overcomplicated in the SMB space. Many SMB do not need more than a DNS CNAME to handle it.
I agree, I almost always avoid it. Lots of complication, easy to break. Pretty rare to find an SMB that will really benefit from it. Even SMB in general, I see in use less and less.
-
DFS is very simple, did you mean DFS-R?
I mean I get why a SMB wouldn't need it... single file server with a few shares, not a huge benefit to use DFS.
But the benefits of it are nice when it fits the environment.
-
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
DFS is very simple, did you mean DFS-R?
I mean I get why a SMB wouldn't need it... single file server with a few shares, not a huge benefit to use DFS.
But the benefits of it are nice when it fits the environment.
DFS-R is needed for Replication from Server 2012 R2 and up.
-
Yeah but many people only implement DFS for the replication. You don't need to replicate to use DFS. DFS by itself is great for the benefits if it's worth using in the first place i mean.
-
@tim_g said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
Yeah but many people only implement DFS for the replication. You don't need to replicate to use DFS. DFS by itself is great for the benefits if it's worth using in the first place i mean.
Yeah, that is totally fine.
-
@dave247 you might have a look at this thread. I think it could be useful for you.