Active Directory 2008 R2 Decommissioning (Shutdown as observation period)

Anonymous
2020-08-24T02:12:19.36+00:00

Hi Experts!

We are planning to decommission an Active Directory 2008 Domain controller, we have already promoted a new Domain controller 2016 within same domain.
As part of our pre requisites or preparation before decommission, we decided to shutdown first the AD 2008 and monitor the behavior and it will be affecting the production . Unfortunately, upon observation while the AD 2008 is currently shutdown and AD 2016 is up and running, we encountered some issues. We have some issue in Mapping with the file server if AD 2008 is shutdown.

Issues :

  1. File Server is not accessible with or using IP address itself and it is accessible only using FQDN / computer name.
    Ex.
    Access both \172.22.100.100 and \fileserver.domain.com.ph is ok
  2. . If AD 2008 is up and running, both accessible using IP address itself and FQDN name.
  3. . Workstation computer don't have any ip address received if AD 2008 is shutdown.

We have ensured the following prior with AD 2008 Decommission :

  1. Ensure that there's no other Application server /servers are relaying on AD 2008.
    2 . All servers has been pointed to AD 2016 as their DNS server
  2. DHCP server has been migrated already from 2008 to 2016.
  3. FSMO ROLES has been transferred
  4. Replication is currently on going within AD 2008 and 2016.
  5. Make sure that any system (server or workstation) are no longer authenticating to this server as the DNS server. (check Bridgehead server)
  6. No other AD integrated to application server and ensure there is no dependency remains for this server.
  7. Ensured the Certificate services is uninstall/ removed before decommissioning.
    9 . Double check the DNS

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,525 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2020-08-24T02:24:18.707+00:00

    I'd check the DHCP server is handing out the correct ip addresses for active healthy domain controllers, then on problem members try doing ipconfig /renew. Also check the new DHCP server is authorized.
    https://video2.skills-academy.com/en-us/powershell/module/dhcpserver/get-dhcpserverindc?view=win10-ps

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  2. Stephanie Yu 396 Reputation points
    2020-08-24T08:09:53.28+00:00

    Hello HomerSibayan-2720,

    Thank you for posting here.

    Here are the answers for your references.

    From the issue you provided, I want to confirm the following questions:

    Q: File Server is not accessible with or using IP address itself and it is accessible only using FQDN / computer name.

    1. If we access file server with or using IP address, what error message do you receive?
    2. Please check the preferred DNS of this file server.
    If you can provide us with a screenshot of the inspection process and the error report, we would be very grateful and we can better troubleshoot the problem for you.

    Q: Workstation computer don't have any ip address received if AD 2008 is shutdown.

    We can run ipconfig /renew to see if the new DHCP server can assign IP addresses for workstation computers, if no, maybe the DHCP server is not migrated successfully from old 2008 R2 to 2016.

    For migrating DHCP or reconfigure DHCP on this new 2016 DC, we can check if we have migrated DHCP server successfully based on the following two links.

    How to Migrate DHCP from Windows Server 2008 to 2012/2016
    https://brycematheson.io/how-to-migrate-dhcp-from-windows-server-2008-to-2012-2016/

    How to Migrate DHCP from Windows Server 2012 R2 to Server 2016
    https://www.faqforge.com/windows-server-2016/migrate-dhcp-windows-server-2012-r2-server-2016/

    Meanwhile, in order to better troubleshoot the problem, please confirm the following information:

    1. Is there only one domain (single forest, single domain)?
    2. There is only this 2008 (2008 R2) DC before adding 2016 DC in this domain?
    3. What are the forest functional level and domain functional level?
    4. Check if AD environment is healthy. Check whether all DCs in this domain is working fine by running Dcdiag /v on both DCs.
    5. Check fsmo by running netdom query fsmo on any one DC.
    6. Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum on both DCs.
    7. Please running gpupdate /force on both DCs check GPO update status..

    If anything is unclear, please feel free to let us know.

    Best Regards,
    Stephanie Yu

    0 comments
  3. Thameur-BOURBITA 32,981 Reputation points
    2020-08-25T00:22:02.593+00:00

    Hi,

    When you shutdown a DC before demote it , the clients continue trying contact it , because a client get the list of available DC from DNS. If the DNS record have not been removed before the shutdown , it can generate a authenticate issue.

    I suggest to you to try remove all DNS record related to old DC just after the shutdown and clear the client DNS cache ipconfig /flushdns.

    * Please don't forget to mark this reply as answer if it help you *

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.