Hey Sys Admins,
I'm in the process of demoting two Domain Controllers (DCs) running Windows Server 2019 that currently handle Active Directory and DNS. One of these DCs holds all the FSMO roles, and we only have two DCs in the domain.
We're upgrading to two new servers with Windows Server 2025 and we would like to reuse the original IP addresses of our current DCs.
Here's my planned approach, but I'd love your feedback:
1. **Method Options**:
- **Option 1**: IP swapping
- **Option 2**: Directly demote the old DCs.
2. Are my DNS assignments correct? Here's my setup:
- Current DCs:
- DC01 (IP: .10, DNS: Primary: .11, Secondary: .10)
- DC02 (IP: .11, DNS: Primary: .10, Secondary: .11)
- New DCs:
- DC04 (IP: .12, DNS: Primary: .10, Secondary: .12)
- DC05 (IP: .13, DNS: Primary: .11, Secondary: .13)
- For IP swapping:
- DC02 will take DC04's IP and wait a week before DC01 swaps IP with DC05.
- Then I'll demote the original DCs to Member Servers, shut them down and clean up DNS and Active Directory.
Alternatively, I could also create new servers with different IPs and demote the old ones before finally promoting the new DCs and assigning the old IPs.
What do you think? I'm looking for the best method from your experiences and want to confirm if my DNS assignments are on point.
3 Answers
I usually prefer to reuse the old DC's IP to keep DNS and LDAP static assignments sharp. After setting up your new servers and ensuring they're fully functioning, you can change the old DC’s IP to a temporary one and reboot. Update DNS records accordingly, then switch back to the new DC's IP. Just do it during off-hours to avoid any disruptions!
I've done a lot of DC migrations and here's my go-to method: Bring up your new DC, let it use DHCP temporarily (ignore the setup warning). Then, demote your old DC and shut it down. Once that's done, assign the new DC the old DC's IP address. Don't stress about waiting a week; DNS updates quickly! Finally, run an NSlookup to verify everything is working correctly in Active Directory.
Your method seems fine to me, but if I'm being honest, I follow a different approach. I create new VMs for the incoming DCs, demote the old ones, then rename those old ones. Change the IP on the shut down old DCs to something else, power them off, and finally, promote the new server to take on the old DC name and IP. It's a bit lengthy but it ensures everything's tidy!
Thanks for the insights! Sounds like a solid plan.