Upgraded Domain, DHCP Issues

Similar Messages

• Wireless dhcp issue after upgrading WLC to 7.6.100

  Hi All,
  We have upgraded our controllers to version 7.6.100. After upgrading, the access points also upgraded their version to 15.2(4)JB3. But, the problem is that after this process the APs do not get IP. It stays on this state:
  *Sep 26 03:55:36.334: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
  Not in Bound state.
  The DCHP configuration is OK, since it is working in other two controllers we have and that we are not upgrading untill this issue is solved.
  If we connect the APs via console and configure a static IP and controller's IP, the AP registers and works fine. But, the access points are located in 20 remote sites, so we would like to avoid going site by site.
  Has anyone suffered this issue and knows how to "recover" those access points?
  Thank you very mucho for your help!

  Hi,
  Thank you for your answer conraddaniel.
  But, our issue was an error on the DHCP. The DHCP server pool for the APs was configured with lease time infinite (on a Cisco 6500). After capturing the packets and debugging on the AP we realized that the AP were receiving wrong values:
  DHCP: Scan: Renewal time: 2147483647
  DHCP: Scan: Rebind time: 536870911
  So, on the AP debugging we saw:
  DHCP: Scan: Renewal time larger than Rebind time
  On Cisco documentation:
  T1 Timer(Renewal) After a certain portion of the lease time has expired, you attempt to contact the server that initially granted the lease in order to renew the lease so its IP address can still be used.
  T2 Timer(Rebinding) If renewal with the original leasing server fails, because, for example, the server was taken offline, then you ideally try to rebind to any active DHCP server and try to extend its current lease with any server that allows it to do so.
  These T1 and T2 timers can be any values, but must be less than the IP address lease duration. T1 Timer must be less than T2. Generally T1 is set to 50 percent of the lease duration and T2 is set to 87.5 percent of the lease duration. Use this rule to set T1 and T2 timers.
  On the previous version of the WLC, the DHCP was configured in the same way and we confirmed that the APs received same times, but they ignored those wrong values.
  The workaround was to modify the lease time of the DHCP pool (1 day). This way, both timers had valid values and the APs accepted the DHCP OFFER. We still do not know why with lease infinite these timers have wrong values (a bug?).

• Upgrading domain from 9.2.2 to 10.3.2

  Hi All,
  I want to upgrade a domain which is created in weblogic 9.2.2 to 10.3.2. This domain contains inventory application and below custom configurations like
  i.Create File Store
  ii.Create JMS Server
  iii.Create JMS Module
  iv.Create JMS Queue
  v.Create Connection Factory
  vi.Create Data Source
  vii.Set the JTA time out setting
  viii.Create Work Manager
  I shutdown the 9.2.2 server and try to upgrade domain from Start---> Programs ---> BEA Products --->Tools ---> Domain Upgrade Wizard from 10.3.2. But I am getting error in Inspect Domain page.
  Link to screen short of the error: http://i40.tinypic.com/1pgdqv.jpg (Didn't find any other way to share the screenshot)
  I also checked with java 1.5.0_10(need for weblogic 9.2.2) and 1.6.0_18(need for weblogic 10.3.2). There are no other Managed Servers.
  Location of Weblogic 9.2.2:D:\bea
  Location of Weblogic 10.3.2:C:\fmw\bea
  Location of Domain:D:\bea\user_projects\domains\PreSuiteDomain
  Can anyone tell me if I need to remove any configurations in config.xml ? Am I doning anything wrong ? Is there any preupgrade steps for 9.2.2 to 10.3.2 domain upgrade?
  I am following below links for upgrading my domain.
  http://download.oracle.com/docs/cd/E13179_01/common/docs100/upgrade/upgrade_dom.html
  http://download.oracle.com/docs/cd/E13179_01/common/docs100/upgrade/roadmap.html#wp1068378

  Update to this interesting issue, the issue has been solved by just 2 minor updates.
  - Rename the */lib* folder to any other name, which MUST NOT be the same as the lib, lets call it */lic*
  EAR/lib is specified by JEE 5 as the shared library folder. All jars in EAR/lib/ will be loaded by application classloader of WLS,
  - Update the MANIFEST.MF files, change lib/xx.jar to lic/xx.jar
  :-)

• Firmware upgrade encountered an issue

  Right now my Galaxy S3 is sitting at a screen that states "Firmware upgrade encountered an issue.  Please use Software Repair Assistant & try again."  Whenever I power on my phone, I get that message.  I've tried to do an Emergency Recovery in both Kies and Kies 3, but neither are able to recover, and the only way, it seems, to get the SRA is to plug my phone into my PC and get it from Autorun.  Since my phone is not leaving the error screen, I don't get the auto run option to install the SRA.  Is there any way to download it manually to get my phone running, or is it pretty much bricked and I'll have to look at replacement options?

  I found a solution on the XDA forums site, but thanks anyway.  Looks like I just needed to run the Software Repair Assistant, which I'm a little surprised that the Verizon store I went to didn't have it on hand to attempt to fix my phone.  I got my device repaired, and it's working great.  Just really wish my Wiimotes worked in Android 4.3. 

• Hi, we are using mac mini's for our developement purpose. connecting the same through using Real VNC. Mac mini's are late 2009 and 2010. Now we have upgraded them to 10.8.5. after upgrading having display issues after launching the simulators

  hi, we are using mac mini's for our developement purpose. connecting the same through using Real VNC. Mac mini's are late 2009 and 2010. Now we have upgraded them to 10.8.5. after upgrading having display issues after launching the simulators, we are unable to view the icons we need to move the simulator (into different places) to view the icons.
  Also we are having Mac book pro's (Late 2009 & 2010) after upgrading them to 10.8.5. Unable to launch the mac, getting only white screen with apple icon.
  Let me know is there any specific Hardware (Graphic Cards) we need to use for the same.
  Please provide me the early solutions.
  Regards,
  Suresh.

  Hi, try this first...
  Bootup holding CMD+r, or the Option/alt key to boot from the Restore partition & use Disk Utility from there to Repair the Disk, then Repair Permissions.

• All my photos in the iphoto have disappeared, not sure if this related to any iphoto upgrade or other issue, tried to find the photos through the finder (JPG or photo) but failed, can you help me to get back my photos please?

  All my photos in the iphoto have disappeared, not sure if this related to any iphoto upgrade or other issue, tried to find the photos through the finder (JPG or photo) but failed, can you help me to get back my photos please?

  Help us to help you: There are 9 different versions of iPhoto and they run on seven different versions of the Operating System. The tricks and tips for dealing with issues vary from version to version and OS to OS. So before anyone can help, they need information to work with. Basic stuff:
  - What version of iPhoto.
  - What version of the Operating System.
  - Details. What were you doing when the problem arose?
  - Did it ever work properly?
  - Are there error messages?
  - What steps have you tried already to solve the issue.
  Anything else you can think of that might allow someone else to understand your issue.
  With this kind of information somebody can develop a starting point for troubleshooting the issue.
  Posts that consist of "iPhoto doesn't work. Help" or "iPhoto won't print" or "Suddenly I have no photos!!!!!!!!!!" mean that any helper is simply guessing. More information means you get better assistance. (And no, more exclamation marks do not get help faster or make your issue seem urgent. They just make it seem like you have a stuck key )

• Wierd DHCP Issue

  Hello All,
  I facing a very wierd  DHCP issue and would like to know your thoughts on it.
  I have my wired clients on vlan 1 and wireless cleints(eap-peap) on VLAN 2.
  We are facing an issue where multiple wired clients who were on access port vlan 1 are receiving IP address from wireless subnet(vlan2) -their DHCP server was the WLC virtual gateway IP address(1.1.1.1). This is causing an outage to few wired clients.
  The WLC trunk does not have vlan 1 allowed on its ports and all APs are in local mode and all on access vlan.
  I'm not entirely sure whats causing this, but only way I think this is possible is  that 'A Client' laptop has his network connections  bridged - his wired nic on VLAN 1 and wireless NIC on vlan 2, acting like a WGB, which is causing new wired clients(vlan1) DHCP broadcast request forwared through the bidge mode laptop to AP--> WLC. Do you think this is possible??
  Havent been able to identify which client is causing this issue yet.
  Has anyone faced a similar issue and anyway to block this through WLC/ACS policy?
  Thanks
  Jino

  Hi,
  Might we consider to make use of network monitor to take a look at the traffics for the 1.1.1.1 address?
  How to use Network Monitor to capture network traffic
  Download link here:
  Microsoft Network Monitor 3.4
  Best regards
  Michael Shao
  TechNet Community Support

• Exchange Server 2013 Service Pack Upgrade - Outlook connectivity issue

  Hi,
  After upgrading to Exchange Server 2013 service pack 1, we are unable to connect via Outlook 2010 or Outlook 2013. Outlook Web Access is working fine though. We have followed all the instructions, and have applied Outlook upgrades, but the issue remain the
  same. Outlook was working fine before the upgrade.
  Have we missed out something. I would highly appreciate if someone can help out? I'm not sure if this is the known issue as I can't seem to find anything on the internet.
  Already applied the transport fix.
  Thanks in advance!

  Hi,
  According to your description, your Outlook 2010 and Outlook 2013 come across the connectivity issue.
  To narrow down the issue, I’d like to recommend the following troubleshooting:
  1. Check if the issue happens on all Outlook users
  2. Check the Outlook Anywhere connectivity by using ExRCA:
  https://testconnectivity.microsoft.com/
  Additionally, MAPI over HTTP is only supported when you use Outlook 2013 sp1 and Exchange 2013 sp1 at the same time. Since the issue also happens on Outlook 2010 client, we can firstly try the above troubleshooting.
  If you have any question , please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Very weird dhcp issue

  We've started 're-vlanning' our main location here, breaking up depts
  into their own vlans.
  All seems ok so far, aside from a real doozy.
  For the IT vlan, we have one address that will not talk to our web
  content mgmt appliance. It's the 2nd address in our assignable pool,
  and it doesn't matter if it's dhcp or statically assigned, that address
  will not talk to that device.
  That is the *only* device that cannot be reached from this particular
  address in our dept vlan, every other one works fine.
  Any ideas on this?
  Stevo

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  > and it doesn't matter if it's dhcp or statically assigned, that
  > address
  So.... the title of this thread should actually be 'Very weird non-DHCP
  issue', since your own testing confirms this has nothing to do with DHCP?
  If you do a LAN trace on this machine as well as your web content
  management appliance do you see packets on either side? Both sides? If
  not on both sides but you do on the source (workstation) side see
  packets going out, then get LAN traces after each network device
  (switch, router, firewall, etc.) to see when the packets disappear.
  Feel free to post the LAN traces somewhere with descriptions of IPs,
  ports, and what you should be seeing, if you want to post them somewhere
  for review.
  Good luck.
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v2.0.18 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  iQIcBAEBAgAGBQJP4jFPAAoJEF+XTK08PnB55aMP/3Rg9u6LX6jFCXGYuex/oXdS
  NZ/liqfCgjyIcykWWeKGgdtm2I7JZOcFiG8YW2le55mcltvCL1VJW +1VGng4kZER
  0f4hjfyQ3CcQ6HIU3RM6VL5U2Pblb80MsEQe0qo0xgtPXipmjs i7Q0xIv9p0wT7A
  7JMkfgM9tfuI5Yro+BDLfSIkFWicKuKs1sKpNugKalPuyyRrzW IiznoalIKFshon
  a40ETLJVZmngBYfqfeZL9nPNsFlveFNXrDkdbl2WbaprsHtNnA NwZfVUIlc5kOCT
  MknY0GXof4/tk149OVCCLgjEzoRtTIZH0BJTHQwW7ANkWUUNYwi49+Mk46V0o awl
  oe1aA+NK9gl2bWXWLCtTro4ERSVMvkcI0OffytrfcBsqdCKg/g3QPMjV3kiVEULI
  xnSTsqFgOl2qO8qGaL6FJtk39ZBnCwqDPtmoNt93OK4hAhWBuA Xihc+kiQHrwkpO
  O04quZu8qQG6A6qwFDr+r+QqarFR3kielfvi7H6o5iLfZn/sDhvijGOAknJVctH8
  j8fezki9PMznkcT+of2Oe4T99K9fChN2WFSgUKdlpkYSjbkmjP fdbWloou+WBjCm
  7hHwnAbKPPgoN8aPPfw9rG9E+K/0YW2kt4wRu79BEDvF6eMv0UdDPE1qPuw1ttmm
  jg2zzMZDkgIG39A0P3u7
  =+fCy
  -----END PGP SIGNATURE-----

• 6500 DHCP ISSUE

  Hello All,
  I am having an issue do DHCP from the 6500, and was hoping someone cant help. So, I tried to setup DHCP from the FWSM to the clients and this worked fine with giving out the IP, however the gateway for devices on the inside is supposed to be the 6500, not the FWSM, which is why the clinets wouldn't get out to the internet. Do I need to set up DHCP relay on the FWSM or does anyone know the way I can setup DHCP on the 6500 to give out IP's to the clients. Again just to reiterate, when I setup DHCP on the FWSM the clinets get the IP's but do not get out to the internet and when I setup DHCP on the 6500 the clients do not get an IP. Also I know tghis is a dhcp issue becasue when I assign a static address on the network the clients get out fine. Thanks in advance for the help!
  6500 Config
  ip dhcp pool TEST
     network 1.1.1.0 255.255.255.0
     default-router 1.1.1.1
     dns-server x.x.x.x y.y.y.y
  FWSM Config
  FWSM/TEST# show run
  interface Vlan3
  nameif outside9
  bridge-group 1
  security-level 0
  interface Vlan203
  nameif inside9
  bridge-group 1
  security-level 100
  interface BVI1
  ip address 1.1.1.4 255.255.255.0
  passwd 2KFQnbNIdI.2KYOU encrypted
  access-list INSIDE1_IN extended permit ip any any
  global (outside1) 1 x.x.x.x
  nat (inside1) 1 1.1.1.0 255.255.255.0
  access-group INSIDE1_IN in interface inside1
  route outside1 0.0.0.0 0.0.0.0 1.1.1.1 1
  FWSM/TEST#

  Hello Alain,
  Thanks for your quick response. I attached a Diagram of the layout. Just to let you know this is an FWSM with many virtual contexts and most including this one that are Transparent. I understand that I need an access-list on both ends to specifiy so the FWSM opens it, I am just having issue because the FWSM sees this as unsual traffic and the access-list needs to be on-point to work. Thank you for the response and I'll look forward to hearing back from you.

• VRF and DHCP issue

  VRF and DHCP issue
  We have a 6500 ( 12.2 (33) SXH5 ) that has a VRF running for our guest network. On this 6500 resides the DHCP pool with a range defined for our guest network. We have a stack of 3750's (12.2 (46) SE) connected to the 6500 with a L3 connection. The 3750's have a local guest VLAN with its gateway defined in a VLAN interface. This VLAN on the 3750 has an IP helper address pointing to an IP within the VRF on the 6500. When debugging DHCP on the 6500, a request is received and sent back out. The client never receives this request.
  If a static IP is applied, the client is able to communicate anywhere within the VRF successfully (including pinging the IP within the helper-address. As many posts have pointed out - there is no VRF <name> under the ip dhcp pool <name> within the 6500. I am just wondering if anyone else has run into this and what their solution was.
  Thanks.

  Hi,
  I have tested the dhcp server and vrf on Cisco 3640 and it is working without VRF under the ip dhcp pool. Please ensure that you have configured routing for the dhcp-relay agent(VLAN facing dhcp client on 3750 in your case).

• DNS / DHCP Issues in Server 2008R2 Domain

  Hi folks,
  We’ve been having an ongoing issue for a while now in that some PCs and laptops (Win 7) in our company can’t be contacted by hostname i.e. if we try and RDP from one Windows 7 PC to another the RDP session fails as if the PC isn’t turned on, but it
  is indeed turned on and connected to the network. 
  Even if we ping the host name of a particular computer that is on it fails to reply but if I go into DHCP I can find the hostname bit it has a different IP address assigned to it other than what is listed in DNS for that host name.
  So for some reason when some computers get switched on and be allocated a new dynamic IP address through DHCP the corresponding record in DNS doesn’t seem to get updated meaning we need to go into DNS and manually amend the Host A record with the new
  IP address that it has been given so we can RDP onto that computer using the hostname.
  At present aging and scavenging isn’t enabled in our environment as we are afraid to in case it removes live DNS entries that just haven’t been turned on in a wee while.  Does aging and scavenging just ignore static DNS entires and does aging and
  scavenging work in DHCP as well?
  One other thing I noticed is that if I delete an incorrect DNS Host A record and create it manually and assign the hostname and the correct IP address it says static rather than having a timestamp on it. When I create the new record I always click on our
  domain in the Forward Lookup Zone and on creation I always select Create the associated pointer (PTR) record so not sure why the manual record doesn’t get a time stand.
  So any help/advice or suggestions would be greatly appreciated.
  Thanks,
  Bonemister

  Hi David,
  Thanks for your reply and for clarifying those things for me.  Unfortunately in my workplace when I add a manual DNS Host A record it does become a static entry and doesn't have the '0'
  you mention, do you have any idea why that would be as I'm worried about it affecting things if I were to enable aging and scavenging.
  Is it possible to just enable aging and have it remove entries before a time of my choosing or does scavenging need to be enabled also?
  I still can't understand why the relationship between DHCP and DNS isn't working correctly. Sure if DNS has an A record for a computer and the IP address changes via DHCP there is bound to be
  a way to setup DNS to be able to update the records it holds - do you know if my reading of this is correct.
  By the way, I can confirm that my adapters TCP/IP DNS settings are the same on of the PCs that had the DNS fault as in your screenshot the only different is we have the tick in Append parent suffixes... - would that make a difference.
  Thanks also for that other link, it seems very interesting and I'll have a good read through it carefully before doing anything!!
  Thanks again for you reply and I look forward to seeing any responses.
  Regards,
  Bonemister

• Upgrading Domain Controller Questions

  Hello, we currently have 2 domain controllers in our environment, both with Server 2003 R2. We are looking to upgrade them one at a time to 2008 R2 but I have some questions. 
  Here's the environment:
  Server 1 (the one we are going to upgrade first):
  Server 2003 R2
  Domain Controller
  DHCP Server
  DNS Server
  Server 2 (we will be upgrading this in the near future but not just yet):
  Server 2003 R2
  Domain Controller
  DHCP Server
  DNS Server
  File Server with most of the company data
  We also have DNS replication set up between the two servers. 
  My questions:
  Will we run into any issues having two domain controllers with different Operating Systems?
  We would like for the domain controllers to keep the same names and IP's. Any issues with that?
  How will we stop, then re-setup DNS replication between the two servers?
  Any other 'gotcha's' we should be aware of?
  Dan Chandler-Klein

  I don't see any reason why not keeping old name and IP.
  Before upgrading make sure AD has no issues:
  look at the event viewer, run DCDiag, replication runs clean (repadmin /showrepl) etc.
  OS has no warning/errors.
  Not  must but I would move the FSMO roles to another DC before demote.
  Make sure applications installed on the new DC's (AV\Backup agents etc.)  support Windows 2008 R2 OS.
  Make sure all your network applications in your environment support working with Windows 2008 R2 DC - I recommend test it in lab first.
  Make sure that the DC you are about to demote not holding CA role. 
  Most important:
  Make sure you successfully demote the old DC and no records left in DNS.
  I'm not agree with evrimicelli about DC's naming and I wouldn't go for CNAME record - this can get you in many troubles in the future. 
  after demote the old DC, I would rename it or remove it from the domain, than you can rename the new server with old Dc name and promote it to DC with old DCs' IP address. 
  I didn't understand the question about DNS replication.
  What kind of DNS zone do host?  if its AD integrated (and thats what you should have), you don't need to configure any replication, AD integrated DNS zone replicate as part of AD replication between your two DC's.
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Upgrading domain from 2008 R2 to 2012 R2

  I am looking to upgrade my domain from server 2008 R2 to 2012 R2.  We have 10 remote sites, each with a single physical ESXi host hosting 2 vms, 1 2008 R2 vm with the ADDS/DHCP/DNS/File Services (user home drives) roles and the second 2008 R2 vm
  runs WDS/MDT and a couple applications.  At our main site we have a physical 2008 R2 DC which holds all the FSMO roles, a vm with the ADDS/DHCP/DNS/File Services roles, and another vm running WDS/MDT.
  I've gathered from my research that Microsoft recommends clean installs when upgrading DCs but since our DCs are also file servers that's not an ideal course of action for us, it'd be a lot of additional steps.  My plan at this point
  is to bring up a new physical 2012 R2 server, make it a DC, transfer the FSMO roles to it, then demote and retire the current physical 2008 R2 server.  For the virtual DCs, since they are also file servers, I'm leaning towards in-place upgrades
  on them, unless anyone would advise against.
  The other thing I'm considering is creating a 2012 R2 DC at each remote site, then demoting the current 2008 R2 DC, leaving some combination of DHCP/File Services on it, then run an in-place on it to 2012 R2.  This would requre another Windows license
  though since our physical hosts are not on Hyper-v.
  For the virtual servers running WDS/MDT, I personally prefer an in-place so I don't have to move the MDT deployment share, but I'm open to suggestions. 
  What are your recommendations?  Which server should I upgrade first?  How much time should I allow between each DC upgrade?  I appreciate the help.

  As per recommendations, A DC should be solely utilized for AD/DNS/GC & if environment is small for DHCP. The problem in using DC for other purpose arise during upgrade scenario, when you have to demote the DC or performance. Demoting the DC is very simple,
  but if its running with additional role, it becomes challenging, if demotion has to be performed forcefully.
  Secondly, from the security point, its not a great idea to run DC with other roles esp file servers, if there is any infected file then the whole domain can be compromised or infected.
  What is more relevant in upgrade is testing the applications before you perform or upgrade the schema. If there is no issues then you can perform the upgrade based on your convenience. But necessary documentation & testing prior & post has to be
  followed.
  My personal recommendation would be upgrade the schema(surely test the schema upgrade in lab before you do in production), create a new server either VM or physical, configure it as an DC & transfer all FSMO role & slowly try to segregation between
  DC & non DC servers.
  Yes, i know it will cost additional licensing burden, but from the environment point of view it will provide you an ease of administration & troubleshooting.
  http://blogs.technet.com/b/chrisavis/archive/2013/10/01/performing-an-in-place-upgrade-of-server-2008-r2-to-server-2012-r2.aspx
  http://blogs.technet.com/b/canitpro/archive/2013/06/18/step-by-step-active-directory-migration-from-windows-server-2008-r2-to-windows-server-2012.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• How to upgrade Domain - 2003 to 2012 R2 - task sequence

  Could someone please sanity check this task sequence?  I need to upgrade a 2003 domain to 2012 R2 and would appreciate a second set of eyes.  thx.
  Goal:
  1. standup two new 2012 R2 DCs
  2. decomm three old DCs
  3. raise DFL/FFL to 2012 R2
  Current DFL/FFL = 2003 (one site, one domain, 3 DCs, 400 users)
  3 Existing DCs (all to be decommed):
    OldDC1 = Svr2003 Std Ed SP2 x64 (holds all FSMO roles, GC=yes)
    OldDC2 = Svr2003 Ent Ed SP1 x86 (holds no FSMO roles, GC=yes)
    OldDC3 = Svr2003 Std Ed SP2 x64 (holds no FSMO roles, GC=no)
  New DCs to be added:
    NewDC1 Svr2012 R2
    NewDC2 Svr2012 R2
  Proposed task Sequence:
  * build and patch OS, then add ADDS role to NewDC1 and NewDC2 (do not yet add servers to existing domain)
  * in the network config of new DCs, set the DNS server IP to the IP of OldDC1
  * when installing ADDS, I will be prompted to run Adprep.exe - it will be run as part of installing ADDS - this will update existing domain schema as needed.
  * add NewDC1 and NewDC2 to existing domain
  * in the network config of the new DCs, set the DNS server IP to that of the local server
  * make both GCs, make both DNS servers
  * distribute FSMO roles thusly:
  * DC1 = PDCE, RID (more frequently used roles)
  * DC2 = SM, DNM, IM (rarely used roles)
  * run dcdiag.exe commands to verify functionality
  * power off OldDCs one at a time, waiting 24 hours between each shut down
  * raise DFL/FFL to 2012 R2 after all old DCs are decommed

  revised and updated
  Goal
  1. standup two new 2012 R2 DCs
  2. decomm three old DCs
  3. raise DFL/FFL to 2012 R2
  Current DFL/FFL = 2003 (one site, one domain, 3 DCs, 400 users)
  3 Existing DCs (all to be decommed):
    OldDC1 = Svr2003 Std Ed SP2 x64 (holds all FSMO roles, GC=yes)
    OldDC2 = Svr2003 Ent Ed SP1 x86 (holds no FSMO roles, GC=yes)
    OldDC3 = Svr2003 Std Ed SP2 x64 (holds no FSMO roles, GC=no)
  New DCs to be added:
    NewDC1 Svr2012 R2
    NewDC2 Svr2012 R2
  1. Assessment of current AD infrastructure
  * http://technet.microsoft.com/en-us/library/hh994618.aspx
  http://blogs.technet.com/b/askpfeplat/archive/2012/09/03/introducing-the-first-windows-server-2012-domain-controller.aspx
  http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx
  http://msmvps.com/blogs/mweber/archive/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012.aspx
  2. build and patch OS on NewDCs; in the network config of new DCs, set the DNS server IP to the IP of OldDC1
  3. add AD DS role to NewDC1 and NewDC2 (do not yet add servers to existing domain)
  * NOTE: when installing AD DS, you will be prompted to run Adprep.exe.  It will be run as part of installing AD DS.  This will update existing domain schema as needed
  4. add NewDC1 and NewDC2 to existing domain, promote to domain controllers, add to existing domain at 2003 DFL/FFL.
  5. make both DCs GCs, transfer/distribute FSMO roles
  * DC1 = PDCE, RID (more frequently used roles)
  * DC2 = SM, DNM, IM (rarely used roles)
  * http://support.microsoft.com/kb/324801/en-us
  6. verify time service on OldDCs are syncing with current DC1 (PDCE)
  http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx
  7. run dcdiag.exe commands to verify functionality, address any issues
  8. Make new DCs DNS servers
  * in the network config of the new DCs, set the DNS server IP to that of the local server
  9. retest with dcdiag
  10. decomm OldDCs
  * reconfigure clients/servers so they no longer point to the OldDCs/DNS
  * disconnect network cable from old DCs and test with various clients, reboot clients, retest
  * remove GC from old DCs, (also remove DNS role?), then run dcpromo to demote them
  * verify that OldDC machine accounts have automatically moved from the DCs OU to Computers container
  * check DNS management console in NewDCs, verify all entries from the old DCs are no longer present, delete manually if nec'y
  * check AD sites and services and delete the old DCs if nec'y
  11. raise DFL/FFL to 2012 R2 after all old DCs are decommed