Windows 10: Servers Continue to Contact Old Site Domain Controllers After Moving to a New Region

We have an Active Directory domain with 8 domain controllers DCs distributed across 4 sites regions. Each site has 2 DCs for redundancy. When transferring virtual machines VMs between regions with their IP addresses updated to the subnet of the new region and DNS settings configured to point to the new site’s DCs in the network interface, we encounter an issue: the VMs continue to contact domain controllers from the old site instead of the new one. For example, after moving a VM to a new region with the subnet 10.10.10.0/24 and setting its DNS servers to the new site’s DCs 10.10.10.10

:)

 

Make Second Domain Controller Primary

I have 2 domain controllers, Primary is Windows Server 2012 and the secondary Domain Controller is Windows Server 2022. Primary successfully replicates to Secondary without issues and visa versa if I make changes in Secondary. I want to decommission the Primary DC, I followed the steps to transfer all 5 FSMO roles to secondary and now secondary is supposed to be Primary.

All servers see the secondary DC and it is listed as a DNS in ipconfig/all. When I shutdown the old 2012 DC, I Could not access any of the servers with domain name only IP. I tried flushing DNS but that did not help. I turned old server back on and was able to access my servers again but some servers had issues with RDP but are okay now.

Did I miss a step to make the 2022 server a Primary DC so old one can be decommissioned? do I have to make any changes on DNS Management?

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

windows server 2016 standard as addtional domain controller

Hi,

I have a primary domain controller running on windows server 2008 R2 & also have a additional domain controller running on same windows server 2008 R2.

Recently I have bought a new server hardware and installed windows server 2016 standard OS. Now the requirement is to promote this new server 2016 as domain controller. I will make this server additional domain controller and still the PDC will be running
on windows server 2008 R2 only. I need to know when the PDC & ADC server version will be different then will it causes any issue in functionality of domain controller.

Group policy will be migrated to the ADC or not. We will check the functionality of ADC by shutting down the PDC server.

Kindly let me know what all difficulties I can face during this setup. Are there any compatibility issue which can occur.

Regards

Ankur

[Moved from: Windows / Windows 10 / Windows update, recovery, & backup]