Challenging Multiple Domain Controller Upgrade Questions (parent and child)

David NG

11/13/23, 2:16 AM

I am new to this domain controller and new to the company. all the below domain controller are in windows 2008.

we got two parent controller

parent-DC1-2008.example.com
parent-DC2-2008.example.com

we got 4 physical location office, each location has its own child controller, all the location office domain controller connected to the parent controller above. and they are

locationA-DC1-2008.example.com
locationA-DC2-2008.example.com
locationB-DC1-2008.example.com
locationB-DC2-2008-read-only-for-wifi.example.com
locationC-DC1-2008.example.com
locationD-DC1-2008.example.com

now due to budget, the company only upgrade the below domain controller to windows 2016.

locationA-DC1-2016.example.com
locationB-DC1-2016.example.com
locationC-DC1-2016.example.com

which mean, the below domain controller are not upgraded

parent-DC1-2008.example.com (keep as its)
parent-DC2-2008.example.com (keep as its)
locationA-DC2-2008.example.com (will decommission)
locationB-DC2-2008-read-only-for-wifi.example.com (will decommission)
locationD-DC1-2008.example.com (will decommission)

now the questions.

if we only upgrade the child domain controller to 2016, and not the parent domain controller, will it work?
for location A, original 2 domain controller, after upgrade only have 1, will it work? what I really mean is, what if some of the device hard code to use the 2nd domain controller? how do we find out those device?
for location B, I got no idea why there is a read only DC for wifi. if this got decommission, what is the best way to handle it? force the location B wifi to use the main location B DC? is that a security concern
for location D, we still got some limited device there, is it possible to vpn all these device and use the domain controller in other location?

thank you for taking your time to reading this, much appreciated.

125

1 + 0

windows-server-2008

active-directory

domain-controller

windows-server-2016

Score:1

Server

bjoster

11/15/23, 2:40 PM

Those are many questions. And please do not use "parent" and "child" references in a multi-master domain model like active directory. There is no such thing; there are DCs in forests and FSMOs.

if we upgrade DCs to 2016, will it work?

yes.

for location A, original 2 domain controller, after upgrade only have 1, will it work?

yes.

if some devices have hard coded stuff to use the 2nd DC, how do we find out those device?

From the event log of the 2nd DC (before shutting it down).

for location B, I got no idea why there is a read only DC for wifi.

probably because someone set up a wifi which does 802.1x against it.

if this got decommission, what is the best way to handle it?

check your 802.1x setup and act accordingly. Like setting up a NPS or routing requests to other radius controllers.

force the location B wifi to use the main location B DC? is that a security concern

that depends on your setup, which we don't know.

for location D, we still got some limited device there, is it possible to vpn all these device and use the domain controller in other location?

sure.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Challenging Multiple Domain Controller Upgrade Questions (parent and child)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.