Migrating DNS and DHCP off Windows 2003 to 3rd party DNS and DHCP appliances - rollback plan

TechUser2020-6505 251 Reputation points
2022-09-01T13:11:13.273+00:00

Hi,
I'm planning on migrating DNS and DHCP off 2 2003 Domain Controllers. Part of my plan involves deleting the DHCP and DNS scopes, for the domain. At a high level, the plan is:

  1. Backup DNS zones and DHCP scopes from 2003 Active Directory.
  2. Import the configuration into the new DDI appliance (QIP).
  3. Make QIP authoritative for the 2003 domain (contoso.local)
  4. Delete the forward lookup contoso.local DNS zones from the 2003 DCs.
  5. Point all clients at QIP.

If I need to rollback to the 2003 DCs for DNS, I was planning on doing the following:

  1. Run "dnscmd /zoneadd contoso.local /primary /file contoso-local-backup.dns /load "
  2. Convert the above zone into an AD integrated zone with secure dynamic updates.
  3. Ensure replication between DCs works as expected

For a rollback plan, can anyone see problems with this approach? I've tested in a small lab environment and it worked fine, but I'm still nervous about doing it on a production site with around 30 clients for a business critical unit.

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,819 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
Accepted answer
  1. Karlie Weng 13,951 Reputation points Microsoft Vendor
    2022-09-07T02:38:56.947+00:00

    Hi @TechUser2020-6505

    I don’t see any problems in your rollback process.

    The backup command will be:
    dnscmd [<ServerName>] /zoneexport <ZoneName> <ZoneExportFile>

    Open the backup dns file in notepad, make sure all the records are there.

    The zone file has to be in C:\Windows\System32\dns folder(which is the default working directory for dnscmd)

    You may also restore zone On UI screen:
    https://msftwebcast.com/2019/11/backup-restore-ad-integrated-dns-zone-server-2019.html

    I wish you success.

    Best regards
    Karlie

    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426K Reputation points MVP
    2022-09-01T15:55:05.437+00:00

    For a rollback plan, can anyone see problems with this approach?

    I'd suggest a full backup to full back on.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. TechUser2020-6505 251 Reputation points
    2022-09-04T20:25:32.683+00:00

    Hi Patrick,
    Sorry for the late reply.
    A full backup and restore isn't an easy option as we don't have a test lab to replicate a full backup using our backup technology (Netbackup). We've never tested our 2003 backup, in addition, I need engagement from another team and additional resources to test it.

    Can you specifically see anything wrong with the plan I've proposed?

    Thanks,
    Dan

  3. Karlie Weng 13,951 Reputation points Microsoft Vendor
    2022-09-05T03:52:38.68+00:00

    Hello @TechUser2020-6505

    For migrating process, I would suggest to consult your vender.

    If you use Active Directory-integrated DNS, then the zone data is backed up as part of the Active Directory database. You can back up the system disk along with the system state , it will also backup information about zones.

    If you do not use Active Directory-integrated DNS, you can explicitly back up the zone files.

    Usage of dnscmd /zoneadd

    Reference article:

    How to back and restore AD integrated DNS with example and images
    DNS Manual Backup
    How To Backup/Restore An Active Directory Integrated DNS Zone

    Best regards
    Karlie

    0 comments
  4. TechUser2020-6505 251 Reputation points
    2022-09-06T08:49:07.443+00:00

    Karlie,
    Can you see an issue with my approach of restoring the DNS data and then simply changing the zone to AD integrated afterwards with secure updates?

    As mentioned, backup and restore with vendor support is a challenging option.

    Thanks

    0 comments