My question is a relatively simple one, but for context I'm going to post my scenario, what I'm trying to do, and the issues I have in doing it. However, feel free to skip to the bottom for the questions I have.
The Setup
We have two forests with their own primary domain, which we'll call DomainA and DomainB. DomainB is in the process of being migrated into DomainA. The ultimate goal is to do away with DomainB's forest entirely. Currently there is a shared trust between them.
Parallel to this project, we're also doing our Server 2008R2 upgrade project. In this scenario, I have a Windows server at all our retail locations which hosts File Share / Printers / DHCP. My issue in particular is with DHCP.
For these migrations, the old 2008R2 server is on DomainB, and we're replacing it with a 2019 server in DomainA. Note that all workstations and nodes at the location are still on DomainB.
The Process
On the old server (which is on DomainB), I run netsh dhcp server export [filename] all to export settings to a text file, and copy that to the new server. I then rename the old server from Servername to Servername-old and change it's IP to something different. I then disable DHCP Server.
On the new server (which is on DomainA), I change it's IP to the original one that the old server had, so that way I don't have to change the helper addresses. I import the settings file using netsh dhcp server import [file] all, and now I have all the scope settings and leases from the old server. I authorize the new dhcp server. I add an A record on DomainB's DNS that point's the old server's original (without the -old) to the IP address that's now inhabited by the new server. Finally, I plug in credentials from DomainB onto the new DHCP server to allow it to write DNS records in DomainB.
The Problem
In some cases (~30% of the time) the new DHCP server will have an issue where devices aren't getting DHCP, which either results in having to reboot the DHCP service or roll back the changes entirely. This issue usually isn't discovered until days later, which likely ties into the expiration date for the leases. Oddly enough, even though we're following the same process for every server, this issue hasn't affected every server.
So with all that, finally
The Questions
There's some basic principles about DHCP that I'm not super clear on. Any guidance would be helpful.
-
I want to change the expiration times for leases to an hour as a troubleshooting step, so I can observe that leases are getting renewed correctly. Is this a good idea? How would changing the expirations on the server affect the leases that are already assigned? Would those expirations be updated, or would the leases have to be refreshed first?
-
What affects would it have if I migrated DHCP without migrating the leases? What affect would that have on machines that already have a lease when this migration occurs? Should I or should I not migrated the leases with them?
-
Is there a reason to not have IP conflict detection turned on? All these servers have no conflict detection. I would to bump that to check a couple times before leasing. Any considerations I should have before making a change?
-
Finally, what would a good test method be to confirm that DHCP is working properly? I'm remote, so usually what I do is run a bat script on a workstation via RDP that releases and renews it's IP address. I can monitor the DHCP server and see that the device picks up a new lease. However, it may still have an issue with the natural expiration comes up and it needs to refresh.
Thank you all in advance! Sorry for the wall of text. I just wanted to make sure that I provided all the context I could in case that changes things.
No comments:
Post a Comment