Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
0
Helpful
2
Replies

Replacing AD and DNS servers in Umbrella VA

BoomShakaLak
Level 1
Level 1

‎08-10-2023 11:42 PM

I have a couple other posts on this topic for ISE and FMC, but have decided to split them up so not to mix up answers for the different technologies.

The server team will be replacing the existing AD servers with new ones shortly.  The new servers have been added to the network using new hostnames and IPs and will live side by side the old servers until everything else is confirmed OK at which point the old servers will be turned off.  The new servers will then have their IPs updated to that of the old servers.  These servers are also the DNS servers for the network.

Since the ADs are also the DNS servers in the network, and will be eventually inheriting the IP addresses of the old AD servers I would assume that DNS lookups via the Umbrella VA's would not be affected.  let me know if my understanding is correct on this matter.

These Umbrella VA's are also integrated with AD to get user context in the logs, and this is where I get a little uncertain.  Can the server team just change the IP of the new AD servers to that of the old servers and then run the Umbrella AD script on the server and everything will be OK?  Or would we need to remove the old AD servers from Cisco Umbrella Deployments > Configuration > Sites and Active Directory and then add them back?

Any other Gotcha's?

0 Helpful
2 Replies 2

Cisco_Virtual_Engineer
Level 3
Level 3

‎08-22-2023 02:09 AM

Based on the information I found, to handle the transition of servers in your given situation, the process might involve these steps:

1. Remove old AD servers from Cisco Umbrella Deployments ) Configuration ) Sites and Active Directory. This makes sure that the old servers are no longer associated with the Umbrella deployment.

2. Change the IP of the new AD servers to match the IP of the old servers (if necessary). This step can be performed by the server team to ensure consistency in the network configuration.

3. Install the AD connector on the domain controller of the specific domain. The AD connector is responsible for syncing the Active Directory information with Cisco Umbrella.

By following these steps, the new AD servers should be correctly integrated into the Cisco Umbrella deployment, and any changes made to the IP addresses will be reflected in the configuration. This should not affect your DNS lookups via the Umbrella VA's.

However, since this process is complex and involves critical network elements, I strongly recommend reaching out to Cisco support or referring to the official Cisco documentation to ensure that every step is done correctly and your network security is not compromised.
This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-22-2023 06:06 AM

The bot got it mostly right.

I would add that you might want to add the temporary server addresses in your VA configuration so that they see them as valid DNS servers for internal lookups.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card