A serious job reminiscent of migrating an infrastructure service to a brand new working system model could be a main problem or provide alternatives for restructuring and reconfiguration.
Subsequently, I’ve summarized some data from my work in recent times and tried to place the partial job of migration within the context of the massive image.
In case you simply need to observe an instance, I like to recommend this how-to from Microsoft:
DHCP Server Migration: Migrate the DHCP Server position
It covers a sophisticated situation, together with a failover server, however you may additionally discover a few of my data helpful.
DHCP RESERVE/RESTORE strategies accessible
1. Home windows Server Migration Instruments
2. DHCP backup
3. Export PowerShell
PowerShell turned out to be the very best and most dependable means for me, and it was an incredible enchancment over the previous days of CMD. The exported XML can also be/nearly “human-readable” documentation on the unique server, and you may make some modifications to the XML earlier than importing it to a different server. This permits many use instances reminiscent of automation.
Import and export configuration
The Import-DhcpServer shortcut permits you to determine precisely what sort of configuration you need to import to your new server, and this will likely depend upon the migration/restore situation you are going through:
1. Static server configuration solely
Import-DhcpServer -File C:dhcp-export.xml -ServerConfigOnly
If we’ve got a failover associate readily available, that is all we have to import on the server we would have liked to replace/restore.
2. Static server configuration + reservations
Import-DhcpServer -File C:dhcp-export.xml
If we do not have a failover associate, that is the power to import the static configuration we made on the unique server and all DHCP reservations.
3. Static server configuration + reservations + energetic leases
Import-DhcpServer -File C:dhcp-export.xml -Leases
You import every part, together with any leases that had been energetic on the time you created the export. That is the tactic to switch or restore a single server.
It is easy to arrange, that you must have not less than one scorching standby DHCP server, with a small proportion of IP addresses reserved from every scope to outlive an hour or two of downtime on the principle server. If the first fails fully, your backup is corrupted, and many others, life is safer. It should additionally make it simpler emigrate the DHCP server to a brand new OS model, or not less than offer you an alternative choice in addition to restoring from a backup that does not include probably the most present energetic leases.
Log file dimension
MaxMBFileSize for log information is 70 MB and takes the scale of all of your DHCP server log information mixed.
As a result of the server splits IP4 and IP6 logging and creates one file for every day of the week, a single log file will max out at about 10MB should you’re not utilizing IP6.
Get the default settings:
... Allow : True MaxMBFileSize : 70 DiskCheckInterval : 50 MinMBDiskSpace : 20
I’ll at all times preserve loads of disk house for logging:
Set-DhcpServerAuditLog -MaxMBFileSize 1024 -MinMBDiskSpace 1024
Scale back rental time
I do not know if this actually makes any distinction, even it is a suggestion that’s eternally. I even resist in most conditions. First, purchasers will attempt to refresh leases fairly often, and when you have a failover server, purchasers will get what they need.
The one doable scenario I can consider is that if the IP deal with of the DHCP servers modifications or we transfer to a different subnet (+ very lengthy lease time). Sure, after which there is perhaps some previous printer that by no means turns off for years and will not get a brand new IP or the proper IP, possibly you simply have to rethink your printers configuration first.
Use Server Core
That is one other likelihood so that you can migrate from GUI to Server Core. Microsoft disables increasingly more Server Core companies by default, and model 2022 is the very best and most safe default configuration but!
Additionally, after so a few years in IT, are we nonetheless debating what number of companies we are able to or ought to present to any of our VMs?
We put one service on every Home windows Server VM and that is the top of the story. Very true for historical companies like DHCP (Broadcast-based UDP), and we at all times select the most recent OS model accessible. We additionally do not need to combine DHCP, PKI or a print server with our AD/DNS server, the printer nightmare itself was dangerous sufficient, we need not make our admins life any extra depressing.
CUSTOM DHCP OPTIONS
DHCP migration issues happen more often than not because of customized DHCP choices. You need to establish these customized choices as quickly as doable by importing your settings to a check DHCP server as quickly as doable.
150 TFTP servers is outstanding within the checklist of errors chances are you’ll encounter, remember to discover a answer for every error earlier than fascinated with anything.
Error: 20010: The desired choice doesn’t exist
Aspect be aware, you can even transfer between OS languages when doing the migration to a different server/OS, however additionally, you will have to preserve observe of ALL DHCP choices as a result of they’re language dependent (Title, Description).
Different DHCP-related issues to recollect
DNS cleanup time and DHCP lease time
DHCP purchasers will begin attempting to resume their leases after that
50% (T1) from the time of rental. Time to wash up dynamic DNS data is
7 days default and max. the lease time of the DHCP lease is
Most values might be set per scope or DNS zone, and it is simple to overlook one thing in giant environments.
I simply need you to keep in mind that should you change one of many values, there are others that could be affected by it. To maintain every part present and preserve outdated data to a minimal, that you must discover the precise stability.
Only a safety reminder, you need to disable NetBios totally and DHCP is one option to obtain this (Choice 001). It should additionally work for units you possibly can’t management with Group Coverage:
ipconfig /all ... NetBIOS over Tcpip. . . . . . . . : Disabled ...
A and PTR-records
Every A file additionally wants a PTR file within the DNS database. The rule of thumb was extra of a burden than it introduced me any advantages. In fact, there are at all times exceptions to the rule, and you will have to know for certain what your present community requires. Folks can get confused about what is required in LAN environments in comparison with WAN, routing or exterior/web infrastructures.
That is why I need to level out that we’ve got the instruments to manage what’s going to present up in our native DNS database.
1. By means of Group Coverage, we are able to configure what we wish Home windows purchasers to do with respect to their very own DNS file
2. We are able to flip off DNS registration for every community connection individually if we select to let the DHCP server do the registration and deletion
3. If we determine to let the DHCP server do DNS updates on behalf of purchasers, we are able to determine for every scope what sort of DNS data we actually want for the environment
To summarize what I need to level out right here, should you take a more in-depth take a look at your logs, you’ll almost definitely discover quite a lot of error, retry/refresh entries.
In case you begin permitting solely what you actually need (disable PTR) and let purchasers make their very own DNS entries, or (not AND) cease them from doing so and simply let DHCP do all of the work, I am certain get higher outcomes. Your log information will instantly change into shorter and the subsequent time that you must troubleshoot DHCP issues, it will likely be a lot simpler. Keep in mind which you could determine for every scope individually or determine for an OU in case you are configuring Home windows purchasers through GPO.
Subsequent, Subsequent, Subsequent and rolling with the default settings for years is certain to change into an issue at some point.
DnsUpdateProxy safety group
In case you use a couple of DHCP server, you will need to configure the DnsUpdateProxy safety group. If the server is performing dynamic DNS updates on behalf of purchasers, the DHCP server that’s a part of the failover connection should be a part of this safety group, or if a failover happens, the server will be unable to replace DNS data. initially made by the opposite server.
That is very harmful if the DHCP server can also be a site controller!
Devoted subnets matter
Specializing a subnet for a particular system kind issues. For instance, when you have subnets particular to printers and a DHCP scope configured for them, you possibly can take into consideration each characteristic of these units. In case you combine and match many various kinds of units in a single large subnet, you’ll jeopardize your safety, you will be unable to make an optimum and rapidly comprehensible configuration for every kind of system, and troubleshooting will change into an actual burden over time.
A few of us might keep in mind the time when a e-book on DHCP alone was round 300 pages lengthy (DNS/BIND/Energetic Listing 1K+ pages), and as we speak all you may get is a 10-30 web page chapter on it. For my part, some older IT books nonetheless have quite a lot of worth and I’ll suggest anybody who needs to remain in IT somewhat longer to select up a few of them.