I have three domain controllers (DCs) currently in operation. Two of them are running Windows Server 2016, serving as the primary and secondary controllers, handling DNS and DHCP—although I've learned it's not ideal to have Azure Sync on a DC, and that's currently running on the primary. The third DC is on Windows Server 2019 and does not manage DHCP, so I plan to leave that as is for now. I'm concerned that there might be a lot of hardcoded configurations tied to the IP addresses of the existing DCs, but I intend to reuse those IPs, although the names will change. I've set up a new server with Windows Server 2025 and am planning to start with replacing DC2, followed by DC1. Any advice on the order or process I should follow for this?
5 Answers
Definitely track down any hardcoded IPs before you start replacing anything. If you don’t, you might have to disable strict naming conventions in your environment, which could lead to more issues down the line.
When replacing your DCs, here's what I've done: first, build the new DC and promote it. Then, migrate over any roles that don't depend on IP addresses. Once you're ready to tackle the IP-dependent roles, migrate those over too, then demote the old DC. Make sure to update the IPs and verify that DNS records are accurate after the switch. Some folks might suggest starting fresh entirely, but since you mentioned hardcoded IPs, this approach might save you some headaches. Also, keep an eye out for potential issues with Windows Server 2025; I've seen some concerns popping up about it.
If your environment uses DNS, you’ll probably need to hardcode the DNS server IPs throughout. If DHCP is set up correctly, it should distribute those DNS IPs. When you do change the IP, make sure to handle all static IPs manually or with a script. Alternatively, consider replacing them one at a time: demote the old one, change its IP, then promote the new one with the same IP. There’s tons of documentation available for this process, just be sure to clean up AD records afterwards.
It's generally recommended to keep Azure Sync on a separate member server, as well as the DHCP service. Moving those off your DCs should be your first step. That way, you minimize the risk when replacing your DCs.
Absolutely! Removing DHCP from your DCs and using a network device for that is the way to go.
It sounds pretty straightforward, but you might want to check that your DHCP servers are set up as network helper IPs before proceeding with the upgrade. If possible, consider going for a core installation to keep things efficient.
Thanks for the tip! I was hoping they would have sorted out any bugs with 2025 by now. I’d rather not take a leap from 2016 to 2022.