Hi Sys Admins! I'm in the process of upgrading our Domain Controllers. We have two Windows Server 2019 DCs that are managing Active Directory and DNS, and one of them holds all the FSMO roles. We're introducing two new Windows Server 2022 servers for this transition, and we want to keep the same IP address for the new DC. My main concern is about possible downtime for applications and devices, especially those that only list one DNS server. What strategies would you recommend for a smooth transition without any hiccups?
5 Answers
A method I've had success with is to build the new DC with its own new IP and install DNS. Then, transfer all the roles to the new server. Once the old DC is demoted to a member server, you can change its IP to the one used by the old server. Don’t forget to run IPCONFIG commands to clear cache and ensure proper registration in the DNS.
If your devices are set up to only recognize one DNS server, you'll definitely face some downtime when you demote the old DC. It's a good idea to find those devices and add a secondary DNS to their configuration if possible. Otherwise, prepare for some interruptions in service during the switch. One approach we've used is to build the new DC with a temporary IP, get everything configured, and then quickly switch the IPs after demoting the old one. This can minimize issues.
The process I imagine could go something like this: First, demote your secondary DC and set up the new one as secondary. Once that’s done, retire the old one, assign its IP to the new server, and promote the new secondary to DC. When you're ready, you demote the original primary and promote the new one. Just be prepared for some downtime on devices that only use a single DNS. Scheduling the migration after hours could help avoid disruptions.
Honestly, I prefer configuring the new DCs with new IPs initially. This way, you can update all references before retiring the old ones. Keep an eye on traffic to the old DCs and gradually phase them out until clients are fully migrated. This might lead to some amount of downtime, but it will be more manageable.
You can definitely do a direct IP swap, but I've learned renaming can be tricky. Build the new DC, set it to the old IP, and then remove the old records from DNS. Just ensure the new DC is fully promoted before doing that. It's all about timing!
That sounds like a solid plan! Be sure to test everything after each step, especially AD health and replication.