Questions regarding replacing 2008r2 DCs?

EST_IT 21 Reputation points
2020-09-28T18:12:49.727+00:00

I 'm working with a company now that had the IT person leave unexpectedly. I have looked over the system and there are a number of updates I need to make. One such update is to replace their 2008r2 DCs with 2012r2. They have one piece of software that does badly with DCs beyond that and until that changes we need to stick to 2012r2. They have 3 sites - siteA has 2 DCs, siteB and siteC each have one. They have nearly 200 PCs in siteA with static IPs and DNS config. I have added a 2012 DC in each site. I intend to move FSMO to the new DC in siteA. The plan right now:
Because of the static IPs/DNS, the pcs in siteA have the two 2008r2 servers for dns. I think I need to

  1. demote and then remove one of the current 2008r2 servers from the domain.
  2. add a new server to the domain with the same ip as the recently removed server and promote it
  3. do the same for the other 2008r2 DC.

My questions:
A. Does that sound correct?
B. How long should I wait between demoting the server, removing from the domain and then reintroducing the new serfver with the same IP?
C. The other offices are small so we will just visit the PCs to switch DNS. One problem I found was that if the WAN was down, people in those sites could not hit the internet. This makes me think the DCs there can't function without forwarding all requests to the main office. What should I add to the new DCs make that not happen?

Thanks for your help!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,881 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,022 questions
0 comments
Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2020-09-28T18:30:48.65+00:00

    A. yes, sounds correct
    B. you wouldn't need to wait but you can check if cleanup is needed prior to adding new one https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup. Some general steps

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2012, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2020-09-28T21:05:29.833+00:00

    It only needs to have server's own static address (192.168.55.10) plus loopback (127.0.0.1) The site internet issue would likely be either routing or a forwarders issue.

    1 person found this answer helpful.
    0 comments
  2. Dave Patrick 426.1K Reputation points MVP
    2020-09-28T18:37:24.247+00:00

    C. The other offices are small so we will just visit the PCs to switch DNS. One problem I found was that if the WAN was down, people in those sites could > not hit the internet. This makes me think the DCs there can't function without forwarding all requests to the main office. What should I add to the new
    DCs make that not happen?

    By default internet queries are passed on to the 13 default root hint servers in a top-level down fashion or optionally to any configured forwarders.

    28818-roothints.jpg

    28756-forwarders.jpg

    --please don't forget to Accept as answer if the reply is helpful--

  3. Dave Patrick 426.1K Reputation points MVP
    2020-09-28T20:32:17.913+00:00

    On connection properties it should be server's own static address plus loopback (127.0.0.1) I'd check the root hints and forwarders. Also if WAN is down is there a route to internet? then it should work.