@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

And you do not have to use a CNAME. An A record is just fine too. For excample, notmydc can be an A record pointing to the same IP as DC1. Or it can be a CNAME pointing to the DNS name of DC1.

Got it.

Either way, when DC1 goes to shit

hahaha

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

You can always use a CNAME. The app can't tell what is an A record or a CNAME record.

And I've just re-learned about this... so essentially I could have a CNAME called "DCGOUP" which would point to DC1, DC2, DC3, etc, and the app would just work?

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

What @scottalanmiller is talking about is inside your applications and programs, they should always use a name value instead of an IP address.

Unless it is really crappy software, it should be able to do that.

You are correct in your devices, you use IP/DNS manually if DHCP is not an option, but that should be extremely rare.

Edit: And Scott replied while I was. (teach me to be on the phone while responding).

oooh ok yes, I got that. I do use a name (not ip) for those. I'll still have to update them to say DC3 instead of DC1.. unless if I can just start using CNAMEs..

One thing that's always fun is when I get a quote from my VAR and a quote form CDW and the price is different.. then it's like pitting against each other to fight for the sale..

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

I don't quite understand this. In the TCP/IPv4 DNS settings, it only accepts an IP address, which are the DNS servers/domain controllers.

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

@mike-davis said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

I'm looking at CDW now. Searched "Windows server 2016" and I get all kinds of results, from $1,312 to $31.99, each one having similar details... What the heck..

This is where a good account rep helps. BTW, on most sites, an account rep can get you better pricing than the web pricing.

I'm not sure how I feel about this - I asked my account rep to get me the iLo license i needed for a server - after 3 different purchases I still didn't have the correct license I needed.
The same can happen with any licensing. This is why I suggested finding exactly what you want before approaching any company for pricing. Sadly, this is extremely difficult at times.

Yeah, and that's where I struggle: trying to figure out exactly what I need, in terms of licensing. I mean, I know what we need as far as products go, but I want to make 100% sure we are compliant with our licenses. My VAR used to help me with this as he's been doing it for a long time.

@jaredbusch said in Where/who should I be buying Microsoft Server licensing from?:

I tend to use only one or two VARs. It is too much work to maintian relationships with many.

My preferred for now is CCB. Softmart used to be good, but Connection bought them.

But my clients all buy in small amounts very sporadically.

I have a personal dislike for CDW, so I never chose them.

Yeah I'm not too impressed with CDW.. I may hit up my old VAR after all. Thanks for your help

@scottalanmiller said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

@scottalanmiller said in Where/who should I be buying Microsoft Server licensing from?:

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

The people already listed are VARs - his old VAR, Dell, CDW.

CDW is only marginally a VAR and only when engaged in very specific ways. Go to their site and buy CALs, no VAR interaction needed.

I'm looking at CDW now. Searched "Windows server 2016" and I get all kinds of results, from $1,312 to $31.99, each one having similar details... What the heck..

Probably a "pack". Got links?

Just what I searched, https://www.cdw.com/shop/search/result.aspx?key=windows server 2016 &ctlgfilter=&searchscope=all&sr=1

I have no idea what I'd pick.. This would be for a virtual install (of course) and I have about 70 users..

@scottalanmiller said in Where/who should I be buying Microsoft Server licensing from?:

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

The people already listed are VARs - his old VAR, Dell, CDW.

CDW is only marginally a VAR and only when engaged in very specific ways. Go to their site and buy CALs, no VAR interaction needed.

I'm looking at CDW now. Searched "Windows server 2016" and I get all kinds of results, from $1,312 to $31.99, each one having similar details... What the heck..

@dashrender said in Where/who should I be buying Microsoft Server licensing from?:

@dave247 said in Where/who should I be buying Microsoft Server licensing from?:

I have been educating myself on how server licensing works, etc, and one of the things I realized is that I'm not exactly clear on who I should be going through to purchase Microsoft licenses from, mainly Windows server.

Previously, we had been going through my company's Dell VAR, who also has his own IT Services LLC. He's sold our company pretty much all it's Dell equipment (servers, switches, SAN, Sonicwall, etc) and thanks to Scott Allen Miller's input and articles, I've realized how we're guilty of "getting advice from the salesman". Please, let's not go into it though.

I've since cut ties with the VAR and am trying to do things better. But now, I'm not exactly sure where I should be going to purchase Windows Server licensing. My boss had suggested CDW but I am assuming that is yet another trap.

Can I get some guidance on the proper channels I should be using for this?

There's nothing wrong with buying from CDW or your last VAR - the part that was done wrong as asking them for advice.
Either will sell you what you ask for.

ok, well I wasn't sure if I should be wary of entities that sell licensing at a higher price than others.

And yes, I've already been slapped on the hand for asking for advice. I was totally new to the IT world at the time, so cut me some slack

I have been educating myself on how server licensing works, etc, and one of the things I realized is that I'm not exactly clear on who I should be going through to purchase Microsoft licenses from, mainly Windows server.

Previously, we had been going through my company's Dell VAR, who also has his own IT Services LLC. He's sold our company pretty much all it's Dell equipment (servers, switches, SAN, Sonicwall, etc) and thanks to Scott Allen Miller's input and articles, I've realized how we're guilty of "getting advice from the salesman". Please, let's not go into it though.

I've since cut ties with the VAR and am trying to do things better. But now, I'm not exactly sure where I should be going to purchase Windows Server licensing. My boss had suggested CDW but I am assuming that is yet another trap.

Can I get some guidance on the proper channels I should be using for this?

@tim_g said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.

It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.

Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

One thing to note, is that the Hypervisor that is hosting your DHCP server, should also be static, as well as iDRAC on that server!! Especially if you don't have console access to the hardware.

So to recap myself and Jared:

Static the following:

1. Router
2. DC
3. DHCP Hypervisor
4. DHCP Hypervisor's iDRAC

Yes, all my ESXi hosts and their iDRAC's are static.

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

Systems should never be pointed to a DC. They shoudl be pointed to an alias for their service.

What? Can you elaborate?

@dashrender said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

To expedite your endpoints getting the new information, change the DHCP renewal time to something like 8 hours or even less, depending on your needs. Beats waiting the normal 8 days ( really the half life - 4 days).

Sounds like another good idea. I currently have it set to 3 days, but I'll change that to every 24 hours as JB mentioned.

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

The above is the correct way to handle it. You can export your DHCP and import it on the new DC. The same goes for the print server settings, they can be exported and imported. DNS self replicates.

It is also why you never use static IP addressing in a Windows AD network, IMO. I mean I never use it on any type of network, but in the AD world, this makes shit a pain in the ass.

Everything, except the DC and router get DHCP reservations. When Exchange was on site, I would give that a static IP also, just because Microsoft.

This means you only need to modify your DHCP scope to hand out the new info and you are done once everything renews.

omg yes, that makes total sense!! That would make updating the DNS entries SO MUCH EASIER... I'm actually pissed I didn't realize this earlier. We currently have all our static addresses set on the host side, not via reservation. This was done by previous administrators. When I came on board I suggested reservations (as I had been reading up on DHCP stuff). We never implemented it and I just forgot about it, but I'm going to now that I see what you're saying makes total sense.

Thanks JB

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

How I'd handle it....

Well, I'd not do it if possible and fix things pointing to something that they shouldn't here. That's the root level fix.

To go after a proximate fix...

1. Set up the new DC. Do NOT use the old IP or hostname.
2. Get it all working with the old machines in place.
3. Create a CNAME to point the old name to the new server's A record. Remove the old machine.
4. If you must, change the new IP to the old IP.

Ok, let's scratch everything I mentioned. If I were to do this the best practice way, would I simply:

1. Set up the new 3rd domain controller new name (DC3) and IP address
2. Pass the roles from DC1 to DC3
3. Finally, go through and point all "primary DNS" entries on Exchange and EVERYTHING else to the new DC3

If I perform the above steps, I am assuming no systems will have issues authenticating since they will all be reaching out to one of the three DCs, right? Therefore, I can gradually point systems to the new DC as needed.

Otherwise, please help me understand what I should do. I am going to spend my day tomorrow researching this stuff so I'm better educated on what I'm doing and can come up with an action plan.

Thank you

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

Keeping the same name and IP is a recipe for disaster.

I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?

It's bad to do, but can be done.

And what about if I were to completely de-commission DC1, then remove it from the domain the right way, then set up the new 2016 to be the same as DC1 was. In that way, wouldn't it be like setting up a new DC since there wouldn't be a trace of the old one?

Except, you know, the keys

What do you mean the keys? Registry keys?? Wouldn't they be cleaned up during proper decommission?

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@dave247 said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

Keeping the same name and IP is a recipe for disaster.

I've asked around numerous times in the past and have had mixed input. Some say it's bad to do and others say it's fine. Can you give me the reasons why you're saying it's a recipe for disaster?

It's bad to do, but can be done.

And what about if I were to completely de-commission DC1, then remove it from the domain the right way, then set up the new 2016 to be the same as DC1 was. In that way, wouldn't it be like setting up a new DC since there wouldn't be a trace of the old one?

@scottalanmiller said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

@jaredbusch said in Need some guidance - replacing physical 2008 R2 DC with a virtual 2016 DC - keeping same name and IP:

Keeping the same name and IP is a recipe for disaster.

Agreed, take this as a time to fix this rather than doing extra work now to maintain it. Clean up two things at once.

How would you go about fixing it?