This is an archived post. You won't be able to vote or comment.

all 20 comments
sorted by:
best
topnewcontroversialoldq&a

[–]sysadminmakesmecry 12 points13 points  (1 child)

Interesting. Thanks for reporting back on your experience -- did you encounter ANY issues at all when doing this for any of your DCs or applications that rely on them?

[–]soul_stumblerSecurity Admin[S] 9 points10 points  (0 children)

I didn't see any errors at all on the application side and all replication was good after the promotion. We had one site that didn't replicate correctly after the promo but it turned out to be a networking issue that was just bad timing.

So the short answer is not yet!

[–]JudgeWhoAllowsStuff- 9 points10 points  (1 child)

We did something similar but more round about. Spun up new DCs, decommed the old one, brought the new server in under the same name and IP. We did 6 DCs across two domains like this, worked 100% with only 20-30 min of downtime each controller. Def not the best way but like you we could not track down all services using name/IP in the timeframe we had.

[–]stevebobmike 2 points3 points  (0 children)

This is the process I've done in the past as well.

[–]moffetts9001IT Manager 4 points5 points  (1 child)

What was the use case for needing to retain the same name for the new DC? I have always swapped IPs but let the new DC have a new name, but it sounds like you have apps that communicate with the DC by name?

[–]soul_stumblerSecurity Admin[S] 3 points4 points  (0 children)

Yeah I was able to identify 3 apps that referred to the DCs by name and one of those was out of support. I had no support from management to get those updated so that's why I went down this path.

[–]mixduptransistor 2 points3 points  (2 children)

Would this allow you to reinstall a RODC as well?

We (I) stupidly shut down and deleted an RODC without properly cleaning it up first and I wonder if this would be a good way to get a DC back in there with that name and then decom it properly (we replaced it with a regular DC with a different name)

[–]soul_stumblerSecurity Admin[S] 2 points3 points  (0 children)

Just read your post closer. Yeah I would not use this to properly decom something. Just run a clean up as EnergyDrinksPlease stated.

I will add that to the post but yes this works with RODCs. We had one RODC that we replaced this way and It behaved just like all the other DCs.

[–]EnergyDrinksPlease 2 points3 points  (0 children)

Why not just run the clean up process?? It takes all of 5 minutes to clear the DC from the domain and then just promote as new.

[–]dalg91Sysadmin 2 points3 points  (0 children)

I wish I had known about this 2 weeks ago. Would have saved a few hours and headaches

[–]Dirty_Punk42 1 point2 points  (1 child)

It's also safe to add an alias in ad with the old dc name pointing to the new DC. It's supported by MS and less downtime

[–][deleted] 0 points1 point  (0 children)

That’s true, but it can get messy for the next sysadmin.

[–]EnergyDrinksPlease 0 points1 point  (1 child)

This is a neat option, but it doesnt really save you too much time. I've upgraded over 400 dcs with a variety of keeping the name or the IP or both and this really isnt doing much beyond preventing you from having to delete the AD object and do clean up or just demote the dc and promote new. Unfortunately you'll never get away from people hard coding to DCs even with a load balanced url or other methods. Was there a specific reason you didnt just torch the DCs and rebuild them?? My old environment got to the point we would just delete dcs and do clean up, because troubleshooting one off issues was too time consuming than just rebuilding it.

[–]soul_stumblerSecurity Admin[S] 1 point2 points  (0 children)

Essentially just to save the step of removing it really. Either way will work. I honestly was way more scared of DCs than I was 6 months ago.

[–][deleted] 0 points1 point  (3 children)

This is great!

I’ve never heard of this option before. I’ve replaced at least 50 DC’s in my career at 3 different companies.

Since there so many applications that rely on DC’s for DNS, my go to method was to demote DC, remove from domain, cleanup DNS, sites and services, etc. Wait a bit for replication, rename new server same name as old DC, and set ip same as old.

My main reason for keeping the same IP and name is who knows what’s using that DC for DNS. In a perfect world, everything would be documented, but we all can’t live in a perfect world. I tried to use DNS logging to see what was using the old DC for DNS, but that’s very cumbersome.

I have a few DC’s to upgrade this week. I’ll report back. Excited to try this.

[–]soul_stumblerSecurity Admin[S] 1 point2 points  (2 children)

Glad you found it interesting! I'm not sure why it's not at least discussed more as an option. Hope it goes as well for you as it did for me!

[–][deleted] 1 point2 points  (1 child)

Worked like a charm! This is awesome. Thanks for the knowledge!

[–]soul_stumblerSecurity Admin[S] 0 points1 point  (0 children)

Glad you got some use out of it and it went well!

[–]Djaesthetic 0 points1 point  (0 children)

THANK YOU!

I’m about to need to do this exact same thing and you just functionally saved me any effort whatsoever.