Windows Server 2008R2/2012R2 Migrating DHCP scopes across forests

Recently, a cross-forest DHCP migration has been made, the existing two forests (domains) in the environment, forward.com and guitar.cn domain consolidation, the clients in the old domain forward.com have migrated to the new domain guitar.cn, and now the DHCP data needs to be migrated. The migration process is documented through an experimental environment and is then reviewed.

Background Introduction：

1. Existing forest Windows Server 2008R2 environment, domain name forward.com, 08dc.forward.com IP address: 192.168.3.2, mask : 255.255.255.0, Gateway: 192.168.3.1,dns:192.168.3.2;
2. New Forest Windows Server 2012R2 environment, domain name guitar.cn, TestDC.guitar.cn IP address: 192.168.2.2, mask : 255.255.255.0, Gateway: 192.168.2.1,dns:192.168.2.2;
3, forward.com on the existing DHCP server, to migrate the existing DHCP scope to the New Forest guitar.cn. The AD,DNS,DHCP role is installed on both 08DC and TESTDC in the lab environment.

Implementation steps One, the forest trust

When it comes to DHCP migrations between different forests, you first need to do a two-way forest trust between two forests to prepare for the subsequent DHCP migrations.
To create an inter-forest trust precondition:
Note : 1. First ensure that the login account in two domains has Enterprise Admins administrator privileges;
2. Ensure that the network of two domains is open.
1. New Auxiliary Area
1), on the guitar.cn domain control (DNS) server, right-dns-The forward lookup Zone guitar.cn property, select zone Transfer, add the forward.com domain-controlled IP address to the list of allowed transfers;

2), right-click Forward lookup Zone-new zone

3), New Zone Wizard-New secondary zone


4), area name fill in forward.com

5), Secondary zone primary DNS server, fill in forward.com domain control/DNS server IP address

6), complete the auxiliary area new

7), similarly, create a new guitar.cn secondary zone on the forward.com DNS server

Note: May appear, the following error:

Restart the DNS service to resolve this issue

8), on guitar.cn domain control, open the AD domain and trust relationship-New trust

9), New Trust Wizard, enter the name of the trusted domain forward.com


10), forest trust-two-way trust


11), create trusts for guitar.cn and forward.com domains

12), enter forward.com domain Administrator account password

13), incoming, outgoing authentication






14), check the trust relationship on guitar.cn and forward.com


15), in guitar.cn and forward.com users and computers, respectively, to find each other's domain user/computer information, if you can query the user/computer information, the domain trust relationship was created successfully

2. Create a conditional forwarder

1), create the conditional forwarder on the guitar.cn DNS server, forward the forward.com domain name resolution to the 192.168.3.2 domain-controlled/dns server


2. Similarly, create a conditional forwarder on the forward.com DNS server and forward the guitar.cn domain name resolution to the 192.168.2.2 domain-controlled/dns server

3. Create a two-way trust between two forests by referring to the step of creating a new trust in the first step

Second, DHCP data migration

The DHCP server already exists in the original forward.com and works, and now the DHCP data is migrated to the DHCP server in the guitar.cn domain.
1), install the DHCP role on the guitar.cn Windows server 2012R2 server,


2) After the installation is complete, the Server Manager will have a warning, prompting to complete the subsequent configuration of DHCP, first ignore this step. After the DHCP migration is completed and then configured;

3), running Windows PowerShell on Windows Server 2012R2(12)
4), Run command import-module dhcpserver, import DHCP module
5), Run command export-dhcpserver-computername 08dc.forward.com-leases-file C:\ForwardDHCP\ForwardDHCP.xml-Verbose, Export the data on the 08dc.forward.com DHCP server to the C:\ForwardDHCP folder of the Testdc.guitar.cn DHCP server

Note : The following error may occur:

After analysis and troubleshooting, found to be a permission problem, you can add the Administrator account in the domain to the Administrators group in the other domain

6), the DHCP XML file in the forward domain has been generated in the C:\ForwardDHCP folder of the Testdc.guitar.cn DHCP server

7), import the DHCP data into the Testdc.guitar.cn server, enter the command: Import-dhcpserver-computername testdc.guitar.cn-file C:\ForwardDHCP\ Forwarddhcp.xml-verbose-backuppath C:\12dhcpbak (This command imports DHCP data and backs up DHCP data on the original server)


8), see that the DHCP data has been imported successfully
9), after domain integration, only one DHCP server is used to distribute IP address in the production environment, the DHCP server in the original 08dc.forward.com can be de-authorized and authorized to the testdc.guitar.cn DHCP server


10), view the usage status of Ipv4,ipv6 on the testdc.guitar.cn DHCP server, modify DHCP server configuration options as needed
11), client testing, check whether the DHCP server is switched to testdc.guitar.cn, other server configuration options are correct
12), complete the server Option configuration on the testdc.guitar.cn DHCP server

Windows Server 2008R2/2012R2 Migrating DHCP scopes across forests