DHCP failover from 2003 to 2012?
I know 2012 has some new DHCP failover features built in but our DC's are still 2003. :(
I'm looking for suggestions / options on how to handle this scenario. Upgrading all of the DC's isn't an option at the moment.
Hi,
The question is a little broad. How many 2012 servers are you planning to introduce and are all your DCs also DHCP servers? Are you upgrading in place or migrating to new hardware? If some DHCP servers are not also DCs I would focus on these first.
See this topic for some suggestions about how to migrate the configuration once you are ready:
Migrate to DHCP Failover.
If all your DHCP servers are also DCs I suggest adding a 2012 server to the environment and making it only a DHCP server, then add this DHCP server to your existing domain. Keep in mind that adding a 2012 server or 2012 R2 server to a 2003 domain will automatically
update the schema. I don't know if this will have any consequences for your environment - probably not - but I wanted to make you aware that this will happen.
-Greg
Similar Messages
-
How to migrate DNS, DHCP Server from 2003 to 2012
Hi all,
I have one old server running server 2003, and i need to migrate the dns and dhcp server to server 2012.
I found all the articles, there are only migrate from 2003 to 2008 or 2008 to 2012.
Is there anyway to migrate it?
Thanks.Really confused why the "answer" to this thread states it can't be done, when clearly it can. This is the official approach (article dated Oct 2013):
Migrate DHCP Server to Windows Server 2012 R2
Within, you'll see that it says:
This guide provides instructions for migration of a DHCP server from a server that is running Windows Server 2003 or a later operating system to a server running Windows Server 2012 R2. Supported operating systems are listed in the following table.
Mike Crowley | MVP
My Blog --
Planet Technologies -
when migrate from 2003 to 2012 server all user and ou in activedirectiry go to server 2012 or not
can upgrade from 2003 to 2008 to 2012 or notYes, you can add a 2012 server as a domain controller in your 2003 R2 functional level Active Directory. All AD information will replicate to the 2012 DC.
http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
. : | : . : | : . tim -
PKI Migration from 2003 to 2012
Hi,
I need to migrate PKI win 2003 setup to 2012 setup. Currently, I have one Root CA ( w2003) and 2 SubCA (2003) and one Sub CA(2008) and future scenario would be one root (2012) and two Sub CA(2012). PLease let me know how shall we proceed with migration and
key points to look for. I would like to know how to make sure of successful template replication; also how autoenrolled certificates will be migrated. Please suggest.
Also, since there is no enterprise version availabe in 2012, datacentre version will work for me for SUb CA, right ?
ThanksHi
Migrate CA from 2003 to 2012 is almost is the same as to 2012, we can refer the following step by step article first:
How to migrate CA from Server 2003 to Server 2008 R2 – Part III Restore CA on Destination Server
http://blogs.technet.com/b/csstwplatform/archive/2012/04/30/how-to-migrate-ca-from-server-2003-to-server-2008-r2-part-iii-restore-ca-on-destination-server.aspx
More related KB:
AD CS Migration: Preparing to Migrate
http://technet.microsoft.com/en-us/library/ee126102(v=ws.10).aspx
AD CS Migration: Migrating the Certification Authority
http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
Active Directory Certificate Services Migration Guide
http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Windows Migration from 2003 to 2012
Hi,
When I try to complile my vb6 code, it gives me "ActiveX component cannot create object" in half way of compiling. Advice me to get over the error.Hi,
Did you have any migration issue during migration from 2003 to 2012?
There are several causes, for example
The class isn't registered.
A DLL required by the object can't be used, either because it can't be found, or it was found but was corrupted.
For more detail information, you could refer to this article:
http://msdn.microsoft.com/en-us/library/aa231060(v=vs.60).aspx
Meanwhile, the issue is more related to VB6 code issue, so i suggest that you may ask in vb forums for more support:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=vbgeneral
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Credentials needed to raise domain and forest level from 2003 to 2012 R2.
I migrated our environment from a single DC server 2003 to a single DC server 2012 R2. I followed the migration process that is documented by Microsoft and others.
However, I forgot to assign my account Enterprise Admin and Schema Admin before raising the domain and forest levels from 2003 to 2012 R2. My account did have domain admin. The GUI interface did not complain when I raised the level of the domain
and then the forest.
So I am thinking everything is OK.
My question is am I going to have problems down the road with the AD environment?
Thanks for any help or opinions.Using snapshot for a domain controller is not recommended, as usn rollback can occur. Allthough in server 2012 using snapshot for dc's has been improved and made 'safer', but I wouldnt use it as a backup solution.
But back to your problem, Beaulieu, is it a single domain/single forest design? And the issue is that you have no membership in schema- and enterprise admins, but you do have an domain admin?
Best Regards,
Jesper Vindum, Denmark
Systems Administrator
Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem. -
DHCP Mirgation from 2008 to 2012
Hi,
I am migrating DHCP server 2008 to 2012
Environment. Please let me know the Best practice of migration.
I have configured DHCP failover in Windows 2008 R2
Environment.
Any help would be very grateful.
Thankx & Regards,
DD6Hi,
This type of question is already running in technet portal.
http://social.technet.microsoft.com/Forums/en-US/fed16caa-fb53-4037-a578-5f8dfc61e4e3/dhcp-failover-migrate-dhcp-server-to-another-machine?forum=winservergen
Process of Migration DHCP Server 2008R2 to Windows 2012
• Firstly, you can disable the DHCP role in Windows Server 2008 R2. However, if the Windows Server 2012 is down, the clients cannot renew their IP lease duration and obtain IP address.
Therefore, it is recommended to leave the DHCP role in Windows Server 2008 R2 and deploy high availability. Windows Server 2012 brings the new feature: DHCP failover. However it requires both DHCP Servers are Windows Server 2012. Consider another Server
is Windows Server 2008 R2, we have to choose one of the following:
>> DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses a single
shared storage. This makes the storage a single point of failure, and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.
>> Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server.
If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of
address space, which is very common with Internet Protocol version 4 (IPv4).
More references:
Step-by-Step: Configure DHCP for Failover (Windows
Server 2012)
How
to configure split-scope using wizard
DHCP
Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab
DHCP
Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab
If you need snap shot of migration then follow these links.
http://blogs.technet.com/b/canitpro/archive/2013/04/29/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012.aspx
http://www.mehrban.net/migrating-dhcp-from-windows-2008-to-windows-2012
Deepak Kotian. MCP, MCTS, MCITP Exchange 2010 Ent. Administrator Disclaimer: Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognizes useful
contributions. Thanks! All the opinions expressed here is mine. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. -
DNS EventID 4015 on PDC since Domain Migration from 2003 R2 = 2012
Hi,
following problem here:
2 Domain Controllers with AD Integrated DNS Zone, migrated from 2003 R2 to 2012. One Single Root Forest.
The Primary Domain Controller shows every 2, 3 or 4 hours the DNS EventID 4015. No further error is available: (which is may emty) "".
Only on the Details pane you can find this Information:
======================================
- System
- Provider
[ Name] Microsoft-Windows-DNS-Server-Service
[ Guid] {71A551F5-C893-4849-886B-B5EC8502641E}
[ EventSourceName] DNS
- EventID 4015
[ Qualifiers] 49152
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2013-12-10T19:48:17.000000000Z
EventRecordID 2456
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
======================================
The Migration was made by the following steps:
Bring Up the first 2012 MigrationDC as 3rd DC to the Domain.
Move the FSMO Roles to the 2012 MigrationDC
DHCP Data migrated with Server Migration Tools, IAS Data with iasmigrader.exe exported
DCPromo DC1 (2003 R2) and Format C:
Install a fresh 2012 Installation on old DC1 an rename it again with the original Name DC1
DHCP Data migrated with Server Migration Tools, IAS Data with iasmigrader.exe exported
DCPromo DC2 (2003 R2) and Format C:
Install a fresh 2012 Installation on old DC2 an rename it again with the original Name DC2
Move Back the FSMO Roles to DC1
DCPromo the first 2012 MigrationDC
Metadata Cleanup for MigrationDC
DCDIAG /V /C Shows no Errors, all works good, the funny Thing is, that only DC1 Shows the DNS EventId 4015 in production evironment. The only exception is, that if you reboot DC1 (i.e. for maintenance, upates etc) than the error appears on DC2. Exactly on
that time, if DC1 is temporarily not availble and DC2 is under "load". If DC1 is back again, the Event 4015 Ends on DC2 and Comes back to DC1!!!
I backupped and restored DC1 and DC2 in an lab Environment, the funny Thing is that the EventID 4015 doesnt appear in lab Environment. The difference between prod and lab is: prod is bare metal with 2 teamed nics, lab is hyper-v vm's with 2 virtual teamed
nics. same IP's etc... DNS NIC Settings are the same.
It Looks like you can only produce the error in the production lab if you have the DC under "load".
This Event was discussed here more than one time in the Forum, but the issues doesnt match 100% to my Problem. No RODC is available in my prod Environment, the EventID 4015 has no further Errors "" in the Eventlog like in other Posts.
Ace Fekays blog :" Using ADSI Edit to resolve conflicting or duplicate AD Integrated Zones" was helpful for metadata cleanup, but it could not fix the EventId 4015 away. Because we had no Problems with disappearing zones...
Maybe Enabling NTDS Verbose Logging in the registry is helpful, but i dont know for what i have to Keep an eye out?
The thread
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c0d3adb4-67d2-470c-97fc-a0a364b1f854/dns-server-error-event-id-4015-after-replacing-domain-controller-with-another-using-same-name?forum=winserverDS seems to match to my Problem, but also no
soulution available...
Any ideas what causes this "ugly" Event without noticable consequences?Zonenname
Typ
Speicher
Eigens
chaf
ten
Cache
AD-Domain
_msdcs.our-domain-name.com
Primary
AD-Forest
Secure
0.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.1.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
1.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
10.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
10.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
11.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
128.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
13.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
130.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
15.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
16.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
17.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
19.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
196.169.193.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
2.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
20.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
20.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
200.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
21.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
23.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
239.24.217.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
25.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
252.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.26.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
253.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
254.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
255.10.10.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
27.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
29.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
29.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.26.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
3.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
31.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
31.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
32.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
33.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
35.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
37.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
39.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
41.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
43.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
45.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
47.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
49.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.19.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
5.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
50.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
51.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
52.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
53.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
54.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
55.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
60.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
62.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
64.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
7.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
70.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
80.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
88.168.192.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.18.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.21.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.22.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.23.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.24.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.25.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.29.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
9.30.172.in-addr.arpa
Primary
AD-Domain
Secure
Rev
Aging
our-domain-name.com
Primary
AD-Domain
Secure
Agi
ng
TrustAnchors
Primary
AD-Forest -
DHCP Failover feature in Windows 2012
I am planning to configure DHCP on windows 2012 failover (Load balanced)mode.Just want to confirm two things:
1.How will the DCHP address be assigned to clients incase the DHCP Servers loose communication between them.
2.Regarding IP helpers that i need to put onto my network switches would it be Ips for both the server or does configuration of failover feature uses single IP (as is used in cluster config)Hi,
Sorry for the delay. I think we need to get more people monitoring this forum :)
Your questions are answered in documentation here:
http://technet.microsoft.com/en-us/library/dn338978.aspx.
From DHCP Failover Modes:
In load balancing mode, when a DHCP server loses contact with its failover partner it will begin granting leases to all DHCP clients. If it receives a lease renewal request from a DHCP client that is assigned to its failover partner, it will temporarily
renew the same IP address lease for the duration of the MCLT. If it receives a request from a client that was not previously assigned a lease, it will grant a new lease from its free IP address pool until this is exhausted, and then it will begin using the
free IP address pool of its failover partner. If the DHCP server enters a partner down state, it will wait for the MCLT duration and then assume responsibility for 100% of the IP address pool.
From DHCP Failover Architecture:
When you deploy DHCP failover, a single DHCP relay address might not be sufficient, since DHCP clients must always be able to communicate with both the primary DHCP server and the failover partner server. If both DHCP servers are located on a different subnet
than DHCP clients, this requires at least two DHCP relay agents. For example:
ip helper-address 10.0.1.1
ip helper-address 10.0.1.2
In this example, both DHCP servers are on the same subnet (10.0.1.0/24). The primary DHCP server’s IP address is 10.0.1.1 and 10.0.1.2 is the IP address for the failover partner server. If both DHCP servers are located on the same subnet, you can also configure
the subnet broadcast address (ex: 10.0.1.255) as a single DHCP relay. The use of a subnet broadcast address as a single DHCP relay is not possible if DHCP servers are located on separate subnets.
-Greg -
External DNS server not replicating records to secondary after migration from 2003 to 2012
Hi
I have a query relating to 2012 Server and DNS.
Last week we de-commissioned our primary external DNS server (Windows 2003 Server) and moved the role over to a new Windows 2012 server.
Since this point replication to our secondary server (3rd party hosted) does not seem to occur and our DNS records seem to have expired on the secondary server as we cannot look these up via nslookup.
I cannot see any failures in the event log of the server; I have checked our external firewall logs and nothing is being blocked inbound/ outbound as far as I can see. And the server’s local firewall has been disabled.
The server is a standalone server in a workgroup with a standard filebased primary zone, with no AD integration and recursion disabled.
When I created the zone I copied the .dns file from the old server and selected this in the interface during the creation of the zone on the new server. The new server has the same internal and external IP as the old server and the old server is off-line.
I have also manually increased the serial number of the zone and still no joy.
One thing that I have noticed is when I open the zones properties/Name Servers and click edit on the external nameserver I get the infamous "The server with this IP address is not authoritative for the required zone" error.
Any help Would be appreciated, thanks in advanceNice to hear that you are close in finding the problem. So in short:
You have enabled Zone transfers in DNS management console for the applicable zone
You have verified that your DNS is listening to the correct interfaces
You have enabled firewall rules to accept TCP and UDP traffic to port 53
You have checked if "BIND secondaries" option is applicable to your case
You have initiated a zone transfer from the secondary server
Lefteris Karafilis
MCSE, MCTS, SEC+
LinkedIn: http://www.linkedin.com/in/lkarafilis
Mail: [email protected]
Blog: http://www.karafilis.net -
Upgrading AD from 2003 to 2012 R2
Hi All, I am hoping that someone could perhaps provide some insight on this topic as I apparently can't seem to google the best answer.
I have recently acquired an AD domain that is running on a 2003 domain controller. I have been tasked with upgrading our existing domain structure with 2012 R2 domain controllers for our main office and remote offices.
The domain name is company.mynetwork.com, and it is the default first site name. We have multiple offices throughout the US with their own domain controllers (i.e. FL.mynetwork.com, NY.mynetwork.com, DC.mynetwork.com, etc.).
Our main office, and default first site has one domain controller (mynetdc1) running Server 2003 R2. It is also our only DNS server for the main office. It also has an additional domain controller called mynetmaster3 which is running Server 2003.
Both mynetdc1 & mynetmaster3 NTDS settings show them as global catalogs under AD Sites & Services. Both servers are also in the AD Domain Controllers OU, along with all of the other satellite office domain controllers.
Additionally, our main office is running Exchange 2010 with the latest service pack. My questions are:
Can we demote and retire mynetmaster3, then replace mynetdc1 with a newly promoted 2012 R2 global catalog domain controller without harming anything in the domain tree and interrupting connectivity to the other offices (this of course goes without
saying after a 4 hour maintenance window to get the task completed has passed)?
Should we upgrade the satellite offices first after raising the functional level for mynetdc1, or should we do the opposite (upgrade main office, then satellite offices)?
Exchange 2010 is heavily dependent on AD, what effect will this entire project have on our email server? What steps should we take beforehand to ensure email continuity?
Finally, is there any shame for a Net Admin to suggest that we hire an implementation specialist for this task? :)
Any advice would be greatly appreciated!Hello,
for upgrading to Windows Server 2012 R2 directly see
http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/
There are known issues with Windows Server 2003 DCs and Windows Server 2012 R2 so please see
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx#pi145002=5 to be up to date with required patches.
I would also recommend that you first install new DCs into the existing domain and assure they work complete correct with the support tools, dcdiag, repadmin, ADREPLSTATUS and dnslint. All of them MUST be error free BEFORE you install new OS DCs and
also after every new DC is added to the domain. Do NOT start or go on if errors are listed!
I would always start on the main office machines and then go on with branch offices.
For Exchange it should work as AD is already prepared for it BUT you should also ask the experts in
http://social.technet.microsoft.com/Forums/exchange/en-US/home?forum=exchange2010
And for your last question, there is of course NO SHAME to tell your boss that an expert is required as this steps with all detailed requirement may crash the complete forest and at least this should be also a reason for your boss to think about. If you
don't talk about this and it fails is much more worse then saying that you have concerns because this is the first time you have to manage this.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Active Directory Migration from 2003 to 2012 Process Flow
We are planning to migrate from Windows Server 2003 AD to Windows server 2012 Server for 6000 Users,
Can any one suggest on Following .
1)What is the Best and Safe Way to do Migration
2) What are the Precautions should take,
3) How much downtime it will take,
4) If migration Failed how we can revert to Earlier
5) How to do Migration Step by Step
Current Environment:
Domain Having One PDC(server 2003 R2) and 8 ADC(Server 2003 R2) in Different Locations
PDC having All FSMO Roles and Global Catalog
Exchange server 2007 was integrated to Active Directory
And some Application are integrated to Active Directory1) I would recommend you first run a test of the steps in test before you do this in production. Otherwise your production becomes test.
2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues. The easiest way to test is to build a virtual fence from production and clone the DC's and member
servers that you want to test against (This is assuming you are running in a virtual environment). Ensure that you production environment is error free.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
4) Before you do the schema extension you should take 2 backups on two different DC's. Taking two gives you less of a chance of a problem if one of the backups fails.
5)
Take a backup
Extend the schema
Join the 2012 R2 servers to the domain
Add the ADDS role to the 2012 R2 member servers
Promote the 2012 R2 DC's
Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Hi,
I'm looking migrate an AD from windows server 2003 to windows server 2012 but i can't find all the requirement to do it.
I find that my Domain and Forest level have to be at least 2003 but anything else.
I will thanks any information to make successfully the migration.Hello,
First of all, you have to upgrade to AD DS 2012: http://www.windowsitpro.com/article/scripting-tools-and-products/windows-server-2012-simplifies-active-directory-upgrades-deployments-143654
Once upgraded, you will be able to introduce new DCs running Windows Server 2012.
You have to promote your new DCs as DNS and GC servers and transfer all FSMO roles to them: http://support.microsoft.com/kb/255504
Once done, you will be able to demote all DCs. Of course, do the needed checks using
dcdiag and repadmin before proceeding.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
ADMT 3.2 migration from 2003 to 2012 R2
Hello,
The latest update of ADMT supports AD 2012 (and R2), and I succeed the following migration with ADMT 3.2 :
2003 -> 2008 R2
then
2008 R2 -> 2012 R2
I would like to know if the migration from an AD 2003 to AD 2012 R2 is possible in one step and if someone did that (that means without the 2008 R2 transition's step).
ThanksMigration from an AD 2003 to AD 2012 R2 is possible:
http://technet.microsoft.com/en-us/library/active-directory-migration-tool-versions-and-supported-environments(v=ws.10).aspx
##EDIT###
By the way, as mention in the link above, the updated tool is available to download
here or
here.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
Migrating root CA from 2003 to 2012 R2
Hi all, I have a couple of questions about migrating a root certificate authority from Server 2003 to Server 2012 R2. I've been reading the following link which is pretty comprehensive except for a couple of small things....
technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
1) I would like to use a different server name, which seems fairly straight forward with some changes to the registry on the destination server. I understand though, and can see, that all certificates currently issued by the CA have a CRL Distribution
Point of ldap:// CN=<<name of CA>>,CN=<<name-of-current-server>>,DN=CDP,CN=Public Key.
It's the CN=<<name of current server>> part that bothers me. Will revocation checks still work if the name of the CA server changes - ie. will it still work on account of the <<name of CA>> part remaining the same?
2) I read something about issues going from a 32bit platform to a 64bit platform - is that applicable for in place upgrades only, or something I should be considering during the migration process?
ThanksHi,
The computer name, (hostname or NetBIOS name), does not have to match that of the original CA. However, the destination CA name must match that of the source CA. Further, the destination CA name must not be identical to the destination computer name.
Please go through the below article to do CA migration:
Active Directory Certificate Services Migration Guide for Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn486797.aspx
Hope this helps.
Regards,
Yan Li
Regards, Yan Li
Maybe you are looking for
-
App installed halfway - now can't get rid of it
My wire got disconnected halfway installing an app. Now it's forever stuck at the 'waiting' status. I'd like to get rid of the app and put it on again, but I can't. There's no X for me to click on, when I'm on the iPhone to uninstall. iTunes uninstal
-
Why does Quicktime not play this mp4 correctly
I can create an mp4 file (recording) from Belkin's @TV app but that file will not play correctly in Quicktime (or RealPlayer or iMovie, etc.). While the video playback seems fine, the audio plays a couple of seconds, at "chipmonk" speed, and then th
-
Any doc. available on India loz (RG Reg) period close for Inventory and PO?
Can any body help to send a document for the india loz document for inv and po modules. Any process steps for expecailly RG registers. Edited by: user8694571 on Aug 4, 2009 12:12 AM
-
hello, im using gnome but my gnome menu doesnt update itself. after i install firefox i dont find it in the gnome menu. i have to add it myself. is there a solution to fix this ? thx:) ogu
-
Missing sidecar - remove missing file status
I have raw files that had metadata written to XMP sidecar files, the XMP are now missing, and I don't want to have LR create new sidecar files. The files show up as missing in the catalog. How can I get rid of the missing status and the little "metad