Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Retiring Domain Controllers and DNS
Retiring Domain Controllers and DNS [message #156258] Fri, 12 June 2009 14:47 Go to next message
joe[1]  is currently offline joe[1]
Messages: 120
Registered: September 2009
Senior Member
Greetings all,

We are in the process of refreshing our servers, which six of these servers
happen to be the first domain controllers and domain name servers (DNS). So
of course every member server is pointing to one the six domain
controller/DNS.

We sent out a mass email to all application owners and server owners letting
them know that these domain controllers are being retired. We told them that
they would need to change their TCP/IP dns settings to point to a new domain
controller/DNS.

My question, is there a tool out there to determine if the domain controller
/ DNS is still being utilized by the domain?

Thank you in advance
Joe
Re: Retiring Domain Controllers and DNS [message #156260 is a reply to message #156258] Fri, 12 June 2009 14:54 Go to previous messageGo to next message
Marcin  is currently offline Marcin
Messages: 273
Registered: July 2009
Senior Member
Joe,
you would either need to enable logging on the DNS server or use a network
capture utility (WireShark, NetMon, etc.). In either case, this is rather
challenging task considering the amount of data you'll need to analyze.
You might be better off collecting IP configuration from your member servers
to determine their settings. Another possibility is using staged approach
and reusing the IP addresses of existing DNS servers.
Btw. having six entries in the DNS server list on your member servers seem
to be a bit excessive...
In the future, consider using Group Policies to assign DNS Server
configuration to domain member computers...

hth
Marcin

"Joe" <Joe@discussions.microsoft.com> wrote in message
news:490C845F-673C-4440-8323-BA49685B9832@microsoft.com...
> Greetings all,
>
> We are in the process of refreshing our servers, which six of these
> servers
> happen to be the first domain controllers and domain name servers (DNS).
> So
> of course every member server is pointing to one the six domain
> controller/DNS.
>
> We sent out a mass email to all application owners and server owners
> letting
> them know that these domain controllers are being retired. We told them
> that
> they would need to change their TCP/IP dns settings to point to a new
> domain
> controller/DNS.
>
> My question, is there a tool out there to determine if the domain
> controller
> / DNS is still being utilized by the domain?
>
> Thank you in advance
> Joe
Re: Retiring Domain Controllers and DNS [message #156261 is a reply to message #156260] Fri, 12 June 2009 15:05 Go to previous messageGo to next message
joe[1]  is currently offline joe[1]
Messages: 120
Registered: September 2009
Senior Member
Unfortunately, I can't reuse the old IP addresses. Also, there aren't six
entries in the DNS server list. We have approximately 900 member servers and
28 domain controllers. The six DC's in question are the ones that cannot use
the IP addresses of the old domain controller.

Thanks
Joe

"Marcin" wrote:

> Joe,
> you would either need to enable logging on the DNS server or use a network
> capture utility (WireShark, NetMon, etc.). In either case, this is rather
> challenging task considering the amount of data you'll need to analyze.
> You might be better off collecting IP configuration from your member servers
> to determine their settings. Another possibility is using staged approach
> and reusing the IP addresses of existing DNS servers.
> Btw. having six entries in the DNS server list on your member servers seem
> to be a bit excessive...
> In the future, consider using Group Policies to assign DNS Server
> configuration to domain member computers...
>
> hth
> Marcin
>
> "Joe" <Joe@discussions.microsoft.com> wrote in message
> news:490C845F-673C-4440-8323-BA49685B9832@microsoft.com...
> > Greetings all,
> >
> > We are in the process of refreshing our servers, which six of these
> > servers
> > happen to be the first domain controllers and domain name servers (DNS).
> > So
> > of course every member server is pointing to one the six domain
> > controller/DNS.
> >
> > We sent out a mass email to all application owners and server owners
> > letting
> > them know that these domain controllers are being retired. We told them
> > that
> > they would need to change their TCP/IP dns settings to point to a new
> > domain
> > controller/DNS.
> >
> > My question, is there a tool out there to determine if the domain
> > controller
> > / DNS is still being utilized by the domain?
> >
> > Thank you in advance
> > Joe
>
Re: Retiring Domain Controllers and DNS [message #156273 is a reply to message #156258] Fri, 12 June 2009 18:46 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Joe" <Joe@discussions.microsoft.com> wrote in message
news:490C845F-673C-4440-8323-BA49685B9832@microsoft.com...
> Greetings all,
>
> We are in the process of refreshing our servers, which six of these
> servers
> happen to be the first domain controllers and domain name servers (DNS).
> So
> of course every member server is pointing to one the six domain
> controller/DNS.
>
> We sent out a mass email to all application owners and server owners
> letting
> them know that these domain controllers are being retired. We told them
> that
> they would need to change their TCP/IP dns settings to point to a new
> domain
> controller/DNS.
>
> My question, is there a tool out there to determine if the domain
> controller
> / DNS is still being utilized by the domain?
>
> Thank you in advance
> Joe


As Marcin mentioned, that is a difficult one, unless you are using some sort
of IT asset management tool. One way is to script something that will query
all member servers for the configs and put them into a csv, xls, or some
other type of text database. I don't think relying on the app and server
owners will give you accurate results. I know how those type of owners are
having worked in a large environment. Some of them probably wouldn't even
understand the full implications of the email you sent out. I would think
you need to take it upon yourself with a script or something, then another
script using the netsh utility, or WSH to change their adapter settings.
Yes, I know, it;s not an easy task.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Previous Topic:where to look for delegate in Active Directorey
Next Topic:Re: Disabling password expiration
Goto Forum:
  


Current Time: Sat Oct 21 18:55:03 EDT 2017

Total time taken to generate the page: 0.09950 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software