You can just do a backup on the old, and restore on the new, as well, right?
From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Thursday, November 30, 2017 2:33 PM To: ntsysadm <[email protected]> Subject: Re: [NTSysADM] DHCP role You can quickly import DHCP on a new machine running the same version of Windows using NETSH https://technet.microsoft.com/en-us/library/dd759224(v=ws.11).aspx Regards, ASB On Thu, Nov 30, 2017 at 12:46 PM, David Lum <[email protected]<mailto:[email protected]>> wrote: I've pulled DHCP off all our DC's and it wasn't too tough for the network team to accomodate. Using DHCP failover took a bit more work for us to perfect. Using failover you by definiton copy the confif to the new server....stand up new dhcp server, config as failover, then stand down DHCP on the domain controller and decondigure failover once the new server is confirmed to hand out IP's. (Assuming Win DHCP servers). Totally worth it in our opinion. Dave On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife <[email protected]<mailto:[email protected]>> wrote: Problem with that, is that I’d really like to keep the same IP for the DHCP server. My network team has that in all their switches around the state as ip-helper entries. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Webster Sent: Thursday, November 30, 2017 7:45 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] DHCP role I would migrate DHCP first. Webster From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, November 30, 2017 9:00 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] DHCP role That’s what we’re doing as well. Not sure why, but our service account is member of DNSUpdateProxy, but also a member of DNSAdmins. Anyone have an idea why that group? I didn’t set this up initially, I’m just trying to get things in best practices, and address a current issue I’m working through, of replacing a DC, that happens to be our main DHCP server. My thoughts at the moment, are to add a new DC, with only DC roles. Then, DCpromo the old DC (with DHCP), then migrate DHCP to a new server, that is only a member server, not a DC. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mark Gottschalk Sent: Wednesday, November 29, 2017 6:21 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] DHCP role https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/ https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx This is what we've done with DHCP on DC. Have a user "DHCP_user" in Protected User group, DNSUpdateProxy group. Use this for alternate credentials. Note that first article says: "A common error is to think that the DHCP Server service running in a DC will use its service account security context to register records in DNS if no alternate credentials are configured, and then there is security risk. In fact, this is not the behavior of the DHCP Server in a DC. If the DHCP Server service detects that it is running in a domain controller, and no alternate credentials for DNS registrations have been configured, then it decides to not do any registrations for DHCP clients and logs event DHCP/1056." It also starts with: "One common deployment scenario for the DHCP Server service is to have it installed in domain controllers. When this scenario is used it is necessary to define the alternate credentials to be used by DHCP when doing DNS registrations on behalf of the DHCP clients." If you can separate them with no downside, go for it. However, running DHCP on a DC appears to be accounted for and can be addressed by above. -- Mark From: "Heaton, Joseph@Wildlife" <[email protected]<mailto:[email protected]>> To: 'NT System Admin Issues Discussion list' <[email protected]<mailto:[email protected]>> Date: 11/29/2017 02:49 PM Subject: [NTSysADM] DHCP role Sent by: "[email protected]<mailto:[email protected]>" <listsadmin ________________________________ Is it still best practice to have DHCP NOT on a DC? I’ve been reading a bunch of stuff, but everything I’m reading refers to Server 2003 or older. Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: 916-323-1284<tel:(916)%20323-1284> [https://my-email-signature.link/signature.gif?u=162639&e=14235916&v=ddae8ade681152eb77937b7fea0dc380eba11b7a546fdc5534ec8ca29c7f560b]
