DOMAIN 2008 & ADC have issue!

Questions ArchiveCategory: NetworkDOMAIN 2008 & ADC have issue!
Khaled Madany asked 7 months ago

Hi , 
   Thanks for quick reply , 
Really you help us by this portal which we ask and find reply from expert like you , i appreciate your time and effort .

  • ADC = Additional Domain Controller 
  • rules = roles ? yes

The main server installed Active directory 
The second server installed DNS , DHCP 
OS 2008 R2 and target OS 2012 
And i dont know if i should install & configure DNSSEC or not as i dont know any about it and maybe will make issue ? need your suggestion please ?
 
Thanks 

2 Answers
Hassan Aboul Hassan answered 4 months ago

Hi khaled.
Did you find a problem replying to the same post you opened before, why did you open another question ticket, please tell me if you faced any problem.
Concerning your question:
You said you want to migrate, then the additional domain controller is to be used later as the main. true?
First, you have to consider migrating each alone :
1.Domain + DNS
2.DHCP
Migrating the DHCP is very easy. please check this video:
https://youtu.be/XFHTCEmfBC0
Or follow this step by step guide:
Follow these steps to migrate your DHCP  using netsh command line tool.
1.Log on to your existing DHCP  Server (you want to migrate) ex : win 2003 or win 2008
Be sure to back your server before
2.Run cmd  as administrator.
3.Type :
netsh dhcp server export pathYouWantToExport all
and then press Enter.
4.Install the DHCP role on the new (2012-2016) DHCP server using Server Manager or PowerShell.
5.Copy the exported DHCP text file to a path you want on new DHCP server.
6.Verify that the DHCP service is installed and started on the new DHCP server.
7.Run cmd as administrator.
8.Type :
netsh dhcp server import pathYouWantToImportFrom all
and then press ENTER.
9.Open DHCP console on the new server and authorize your server on your domain (right click and click authorize).
Migrate Domain controller:
Check this link, it has a step by step guide with images from Dell:
http://www.dell.com/support/article/us/en/04/sln290322/complete-guide-to-a-migration-of-a-windows-server-2008-r2-domain-controller-to-windows-server-2012-r2
Please feel free to contact me whenever you want if you have any problem or if you need help.

Osoris replied 3 months ago
 

Thanks a lot for the steps ,
Also want to ask about DNSSEC if it will secure my Dns from any attack or no need for it , because I need to protect my Dns sever even I already installed Malwarebyte AV . But maybe I need something like Infoblox ? What u suggest to protect DNS Server .
Thanks

Hassan Aboul Hassan answered 4 months ago

Are your servers connected to the internet?
Are your domain names vulnerable to such attacks?
If yes then go ahead and enable dnssec
If you can open another question explaining your network architecture so I can suggest the best solution for security.
I can’t recommend the best way to protect without Understanding your network architecture.

Malwarebytes is an antivirus, I don’t know if it has something related to DNS protection.
In general, you can’t Implement DNSSEC in windows without using any software.
Check this links:
https://newhelptech.wordpress.com/2017/07/02/step-by-step-implementing-dns-security-in-windows-server-2016/
http://techgenix.com/securing-dns-windows-part1/
Please if you need any more details, let me know, I will be waiting for your questions.
Please Open another question if you want to change the topic, just to stay organized.
Thank you again for contacting.