Wednesday, May 25, 2016

DHCP Migrate Failover Deployment to Server 2012 R2

Awhile back I wrote a guide to migrate from split scope to failover that is new in Windows 2012.

This guide is intended to move the failover to a new Windows Server 2012 R2.  As you already know you can only have two servers in each failover scope.  So in order to do the migration we'll need to drop a server.  The steps to do this are very easy, but attention needs to be paid to where you execute the commands or you could drop the wrong server.

We'll identify our servers as the following:
  • Win2012-01 - Primary DHCP server moving away from
  • Win2012-02  - Secondary DHCP server moving away from
  • Win2012R2-01 - Primary DHCP server moving to
  • Win2012R2-02 - Secondary DHCP server moving to
I'm assuming you already have your new servers built and DHCP role installed.

Also important to note first! If the static IP address of a DHCP server needs to be changed, you must first delete all DHCP failover relationships that exist on that server, and then recreate the relationships when the new IP address is active. 

First we'll remove DHCP failover from Win2012-02
  1. Get a good backup of DHCP
  2. Log into Win2012-01 and open powershell as administrator (right click run as administrator)
  3. Run Get-DhcpServerv4Failover
    1. This gives us necessary information for removing the failover.  Note this will also tell you which partner it's connected to.
  4. Make note of the Name.  In my case it's TF-192.168
  5. The next command will remove the failover AND the scope from the opposite server.  For instance, I'm running this on Win2012-01, which will leave it's scope and leases intact.  But it will remove the scope and leases from Win2012-02.  Always run the remove command from the server you want to leave intact.
    1. Remove-DhcpServerv4Failover -Name TF-192.168
  6. Note that Win2012-02 no longer has the scope available (refresh the console)
Now let's add Win2012R2-01 into the scope (note I'm leaving my scope name the same, also I'm using hot standby which is indicated by "ServerRole")
  1. This command is run from Win2012-01
  2. Add-DhcpServerv4Failover -ComputerName Win2012-01 -PartnerServer Win2012R2-01 -name TF-192.168 -ScopeId -ServerRole Active -SharedSecret Ican'tTellYou -Force
  3. From the DHCP console we can now confirm that Win2012R2-01 is getting the scope and leases replicated to it (F5)
  4. In addition run Get-DhcpServerv4failover and you should see the new replication partner of Win2012R2-01 listed, ServerRole of Active (meaning Win2012-01 is still the primary), and Mode of hotstandby.
NOTE: Notice that it only replicates over the scope, but not anything below that.  If you set your Options or policies at the server level then this will not move them!  It also won't move your Filters.  

At this point we have DHCP Failover between Win2012-1 (Active) and Win2012R2-01 (Standby)

Now let's drop Win2012-01 out of the failover
  1. This command is run from Win2012R2-01  (Important, otherwise you'll drop the wrong server)
  2. Remove-DhcpServerv4Failover -Name TF-192.168
  3. Confirm in DHCP console that Win2012-01 no longer has any dhcp scopes (refresh)
Now we can add in Win2012R2-02
  1. From Win2012R2-01
  2. Add-DhcpServerv4Failover -ComputerName Win2012R2-01 -PartnerServer Win2012R2-02 -name TF-192.168 -ScopeID -ServerRole Active -SharedSecret Ican'tTellYou -Force

As a final step run your Get-DhcpServerv4Failover and check status.  Also refresh your DHCP consoles and ensure all is happy.  Make sure you configure your Server level options and Policies if needed as well as Conflict Detection Attempts.

Thursday, May 19, 2016

Powershell Moving and Viewing FSMO roles

Recently wanted to move my FSMO roles, but didn't want to use the old method of netdom.  Besides, everything is going powershell so might as well start learning now!

View the current holders:

  1. Thanks to The Scripting Guy - Get-ADDomainController -filter * | Select-Object Name, OperationMasterRoles

Now we can move them

  1. Move-ADDirectoryServerOperationMasterRole -Identity "servername" -OperationMasterRole 0,1,2,3,4 (or use their names)