Share via

Moving Domain Controller to New Site - Questions

Don Harvey 21 Reputation points
2020-11-23T18:35:28.967+00:00

Hello all. We have a domain AD site that has multiple domain controllers. We have recently started standing up DCs that are protected by Cisco ACI. We are now half ACI and half legacy that are not. We would like to start to force authentication in this AD site to just these ACI domain controllers. I thought standing up a new AD site and move these DCs here would force the authentication to the ACI DCs and give us time to decommission the legacy DCs since we don't know what the dependencies to these old DCs are.

Would it work if I create a new AD site and move these DCs there and just not assign any subnets to this site? This way clients would not authenticate to these DCs by default. These DCs are in multiple different vlans. As we build this out we plan to fix and standardize AD. Can I move them without re-iping them as well?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,909 questions
0 comments
Accepted answer
  1. Anonymous
    2020-11-23T19:06:00.607+00:00

    Generally speaking clients in site / subnet "A" are going to prefer domain controllers in site / subnet "A"
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/designing-the-site-topology

    If you move the domain controller to another vlan then yes, you'll also want to re-ip them.

    --please don't forget to Accept as answer if the reply is helpful--

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.