Trials and tribulations of a new Admin.

Soldato
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
I've recently taken on the task of managing the network for the company I work for. I've got some experience from working with the exisiting IT manager for a while, and also have a domain based network at home, but have no qualifications, and what experience I do have is very limited. Google is going to be very much my friend...

I'm planning on spending this weekend moving one of our DCs off of an old DL380 G5, into a Hyper-V VM and onto our new DL380 G9. It decided to randomly switch itself off again today for the second time in 2 months - right at the time the other DC wasn't available...

I've done P2Vs before but never on a DC. OS is Server 2008 R2. I know people say to do a new install but that's not really an option at present as there is other software installed that isn't easy to re-install for various reasons.

Will I need to demote it first then promote it afterwards? Any tips?

Thanks :)
 
Last edited:
Soldato
Joined
13 Sep 2003
Posts
8,441
Location
Glocestershire
What else does the sever do?

Part of the joy of virtualisation is you can within reason have as many servers as you want. So there's no reason to have DCs doing anything other then being DCs. Oh and maybe a bit of DNS and DHCP to stop them getting bored.
 
Soldato
OP
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
It's also the second DNS server. I would like to introduce split scope DHCP but would need to up the number of available IPs first as we're always running at about 90% used. I can do it as most of the network uses DHCP instead of static and there are plenty of static ones available. It's just finding the time.

It has hyper-v installed as it used to host an old database server that was P2V'd a couple of years ago. That is now running on the host I want to move this one to. It does however host the NEW version of the database. It's lightly used so doesn't put much load on it. This is the software that isn't easily re-installable.

I'd much prefer to have this as a DC only (plus DNS etc) but haven't got any spare OS licences so will have to stick with shared roles for now.
 
Associate
Joined
3 Oct 2007
Posts
795
I'd echo DiscoDave, don't P2V a DC. It 'might' just work, but if it doesn't you're in a whole world of pain, and trying to revert back to the old one is likely to just make things worse.

I'd get a new Virtualised DC installed with a 180 day trial of Windows Server and get the DC components moved so at least you're limiting the issue of a DC on unreliable hardware.
Then you have 6 months to figure out how to move your Database or sort out buying a new license.

This is gaming the system a bit, but I don't really see any 'safe' way of doing it.
 
Last edited:
Soldato
Joined
18 Oct 2002
Posts
4,521
Dont P2V a Domain Controler

Build a VM, install AD, join to domain and transfer FSMO roles if required.

Demote old DC.

I'd probably go with this.

I've P2V'd countless DCs over the last decade and I've never ever had an issue; however, it's so incredibly simple to replace a DC that I'd say it isn't worth P2Ving an existing one. You'll get a nice clean VM with no legacy drivers / hardware, and no other issues that you may port over.

One thing I would do on a replacement DC is to ensure it has the same FQDN and IP as the old one, so that any other servers / software that reference either of those continue to function without any further changes required.
 
Don
Joined
19 May 2012
Posts
17,057
Location
Spalding, Lincolnshire
Will I need to demote it first then promote it afterwards? Any tips?

Demoting it and the P2V, then promoting is a much better option and has a lot more chance of everything working fine (although I have done it without demoting on a 2K DC and SBS2003 before, you can end up with a few issues that need sorting)


I'm planning on spending this weekend moving one of our DCs off of an old DL380 G5

Another option might be just to pick up another DL380 G5 (~£100 used), and swap the hard drives over. Would give you a bit more time to properly plan your migration, or obtain another license, rather than rushing just for the sake of it.
 
Soldato
OP
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
Thanks All. After reviewing the existing install again - I've gone for the fresh option. I'm not sure what it's been used for in the past but there's signs of all sorts of previous software so what the heck, fresh it is.
 
Soldato
Joined
18 Oct 2002
Posts
6,365
Location
Bedfordshire
With 2012 + it might be ok but certainly anything before that you'd be dealing with USN rollback. The amazing infrastructure engineer I worked with in my old job p2v'd a DC while I was on holiday and I had to deal with the fallout on my return.

That would have been that but he also failed to unplug the physical kit which meant after the next power cut the old dc came up again with the same IP as the replacement DCs. It also started dishing out DHCP leases from the same pool. That was a fun morning.
 
Soldato
OP
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
So I built the VM yesterday (used the new convenience rollup - saved some time!). Decided it prudent to run some checks this morning to make sure all good before running DCPROMO - and discovered that the to-be-retired DC hadn't actually been functioning correctly for some time - amongst several issues, journal wrap errors. The DC was happily replicating AD data but there was no SYSVOL or NETLOGON folders to share...

Think I'm beginning to understand why we were always told to log off when the main server needed a daytime restart - not just so you had to put your password in again when exchange came back up.

So lots of googling, trawling event logs and crossing of fingers we now have 3 fully functioning DCs. Phew :)
 

Deleted member 138126

D

Deleted member 138126

As above, never P2V a domain controller. In fact, avoid P2V wherever possible. It may be more work, but you will end up with a clean system that will cause you far fewer problems in future.

For DHCP, don't bother with split scope, that has always been a horrible hack. With 2012 R2 DHCP you now have full multi-master replication, so simply setup 2 DHCP servers, and tell the 1st one to replicate to the 2nd one, job done. They replicate in real time, so they always have the latest lease information and can always take over from each other. Would usually have one on a delay (200ms?) just so that by default the 1st one is the one that is always responding (just to make troubleshooting simpler).
 

Deleted member 138126

D

Deleted member 138126

Do a dcdiag /e and comb through the whole thing and make sure you're happy with any errors or warnings. Also do a repadmin /replsum * /bysrc /bydest to confirm replication is up to date and no errors.
 
Soldato
OP
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
The first one I had already done, with the only issue being relevant if we were to have RODC which we don't. The other one I hadn't and it came up fine - a bit close to the 1 hr mark but not past it.

I didn't get a chance to demote yet, and I'm not in the office tomorrow, so it can wait.
 
Soldato
OP
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
Still not done it. Wednesday's backup threw a wobbly so not doing anything until a successful backup is in the bag (or safe in this case!).

Getting more and more annoyed with how rubbish the main server is. Had to dismount and re-mount the exchange database to clear the VSS issue that flobbed the backup.
 
Soldato
OP
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
One of the other bits I have started to do is get WSUS onto another sever. It's currently on the PDC (along with just about everything else...).

Installed a new instance, done everything but no downloading of updates. Error log shows BITS issue. Turns out the original WSUS has been configured not to use BITS instead of just asking the MPLS provider to enable the correct support.

Has anything on this poxy network been done right!? I've already had the MPLS supplier (who at present does DHCP for the regional offices) change hte DNS to both internal DNS servers instead of one internal and one external...
Eventually I'll get all DHCP done internally.
 

Deleted member 138126

D

Deleted member 138126

On the bright side, it's a fun challenge to get it all cleaned up.
 
Back
Top Bottom