Transitioning to new Server 2008 R2 Domain from Server 2003 -> Do I move DHCP or DNS first?
Solution 1
There's no problem with both DC's being GC's in a single domain forest, so go ahead and make the new server a GC as a first step. If your AD DNS is AD integrated then no "transfer" of DNS is required, the AD DNS zones will be replicated to the new server as part of the AD replication process. The only thing you'll need to manually transfer is DHCP. You can do this beforehand and authorize the new DHCP server but leave the scope deactivated until you're ready to make the switch. I would recommend that you not give the new server the same ip address as the old server as that's likely to make things flaky because of the DNS records tied to the old ip address of the W2K3 DC. Update your DHCP scope to assign the new server as the primary DNS server for the DHCP clients and manually set it for statically assigned hosts. Once you've done that you can turn off DHCP on the old server and activate the DHCP scope on the new server. After verifying that everything works you can DCPROMO the old server to demote it.
Solution 2
Migrate DNS first and DHCP second. When you move DHCP you will have to authorize your new 2008 box as well. Be careful when migrating DNS, nearly every service relies on it so before moving on to DHCP make sure dns is 100%.
Make the 2008 box a GC as well.
Make sure to run DCDIAG, and if you are running exchange wont hurt to run a BPA as well.
BPA is Microsoft Exchange Best Practices Analyzer, currently at version 2.8
Related videos on Youtube
ItsPronounced
Constantly learning web application development. Self taught ASP.NET and php since 2003.
Updated on September 17, 2022Comments
-
ItsPronounced almost 2 years
My old Svr2003 domain controller is also my DNS and DHCP server (small domain, < 50 users)
Here's what I've done thus far:
- Added new Svr2008 to the domain.
- Prepped domain with adprep (forest and domain)
- Promoted Svr2008 to Domain Controller and installed AD DS.
- Transferred all FSMO roles to new Svr2008 and made Svr2008 a Global Catalog Server as well.
- Confirmed Replication between two domain controllers.
I want to transfer DHCP and DNS to my new Svr2008, decommission Svr2003, and switch the IP address of Svr2008 to match decommissioned Svr2003 (so I don't have to reassign DNS via DHCP). I've also already exported my DHCP to a txt file using
netsh dhcp server export _filename_
command and it is ready to be imported when the new DHCP server role is running on the new Svr2008.My questions is should I do DNS or DHCP first?
I want to make sure I do this in the right order and properly.
Thanks!
-
ItsPronounced over 13 yearsI AM Running Exchange 2007 on the domain. Should I run BPA on the new Svr2008 or the Exchange server (or both)? THANKS! I was about to do DHCP first when I thought I should get a second opinion on the steps.
-
pablo over 13 yearsRun BPA from your admin workstation against the exchange server and new domain controller.
-
pablo over 13 yearsi should note that leaving DNS active on the old server wont hurt and you can decommission this when you decom the server.
-
MDMarra over 13 yearsIf you transfer the DHCP database beforehand, the lease information will be out of date by the time the scope is activated. If the OP is intent on a cut-over instead of a split-scope migration, you should do the export and import right before the cut over.
-
ItsPronounced over 13 years@joequerty - thanks for this info. I went to add the new Svr2008 as a global catalog server along with the old Svr2003 and I got the warning that:
This Active Directory Domain Controller is serving as the infrastructure master role for this domain. The infrastructure master role should not be placed on an AD DC that is also a global catalog server unless all AD DCs in the domain are global... Are you Sure you want to make this AD DC a Global catalog?
I'm assuming this is fine since Svr2003 is also global catalog, but what will happen when I decommission Svr2003? Should be fine right? -
joeqwerty over 13 yearsYes, you'll be fine. That warning is meant for a DC that is in a multi domain forest but isn't applicable in a single domain forest. Both DC's can be GC's with no problem. In addition, you don't need to manually transfer the FSMO roles before demoting the old server, the DCPROMO process will transfer those roles as part of the demotion.
-
ItsPronounced over 13 years@joequery, one last question regarding the DNS transfer. It is AD integrated, but the DNS role is not setup on the new Svr2008 yet. Do I just setup the role and wait for replication? THANKS AGAIN!
-
joeqwerty over 13 yearsPretty much. Add the DNS role and the DNS zones should be replicated to the new server as part of the AD replication process. Just make sure that on the W2K3 server that the DNS zones are configured to replicate to all DC's in the domain.
-
ItsPronounced over 13 yearsDNS is now running on new server. Instead of exporting/importing the old DHCP database I just recreated the scope (only 1 scope). What is the best way to tell clients with a lease (from the old DHCP server) to refresh the lease from the NEW DHCP that includes the new DNS server address? Do I just turn off the DHCP scope on the old Svr2003 and activate the new scope on the Svr2007? THANKS
-
ItsPronounced over 13 yearsDNS isn't working on my new server. Anytime I point a client to the new dns server it can't resolve. BPA is telling me all of this: http://i.imgur.com/4GPZf.jpg. The
192.168.200.13
address is my Old Windows Server2003 ip address. ThePDC
host is my New server 2007 hostname. I think something happened (or was already wrong) with the _msdcs zone. It already existed as a subzone in my main zone, but I read thats not where it is suppose to be. -
ItsPronounced over 13 yearsOk following some instructions, I restarted the NETLOGON service and it seemed to have recreated the _msdcs zone but as a subzone of the main domain zone. But I also got event id 4010 one after another in the DNS event log and the best practices is saying i need to
The Active Directory integrated DNS zone _msdcs.domain.com was not found.
The resolution is toRestore the Active Directory integrated DNS zone _msdcs.domain.com.
but I'm not sure how to do that.