Change the IP address of a DC

  • Thread starter Thread starter Bo Hallgren
  • Start date Start date
B

Bo Hallgren

A job that has been postponed and postponed again because of different
opinions from our usual "sources of knowledge":

We have to move one of our two DCs from one IP subnet to another, i.e.
changing its IP address. What happens in terms of AD replication if the name
of the server remains the same but the IP address is new? The DCs are also
used as DNS servers and the "automatic update" option is enabled.

This is rather a critical operation why we have not sofar dared to do it.

What could go wrong and which is the way back? I recon the AD backup is
"useless" when the IP address is changed, that is, once the IP address is
changed, restoring the "old" AD backup brings everything back to the
starting point leading to the old IP address on the new network segment.
Correct?

Please assist!

/Bo H.
 
All you have to do, is to move server object to appropriate site in AD Sites
and Services and change its IP address. After startup, it will reregister
new IP address with its DNS server. If you want to bring it back, just
change IP back, and move server object back to previous site. I'm assuming
here, that you have Sites set up correctly.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
Bo Hallgren said:
A job that has been postponed and postponed again because of different
opinions from our usual "sources of knowledge":

We have to move one of our two DCs from one IP subnet to another, i.e.
changing its IP address. What happens in terms of AD replication if the name
of the server remains the same but the IP address is new? The DCs are also
used as DNS servers and the "automatic update" option is enabled.

This is rather a critical operation why we have not sofar dared to do it.

What could go wrong and which is the way back? I recon the AD backup is
"useless" when the IP address is changed, that is, once the IP address is
changed, restoring the "old" AD backup brings everything back to the
starting point leading to the old IP address on the new network segment.
Correct?

Please assist!

/Bo H.
Click to expand...

Just three points:

1. Make sure replication traffic is allowed between the two subnets
(firewall or a filtering device).

2. Whats the connection bandwidth between the sites? You might want to
create a new site in case there are any (slow) WAN connections inbetween.

3. Just make sure all the entries for the DCs are correct in DNS after you
have moved the machine. DNS is crucial for the AD to work. A DC registers
its services in DNS so clients are able to find them. And DCs use DNS to
find eachother.

In case you still find any records for the DC on the old IP, remove them as
they will cause logon failures. Know this from experience (new Moscou DC
build in and moved from the Netherlands to Moscou and occasionally clients
in Moscou are pointed to the Netherlands again for logons. Cleaning up DNS
solved the issue).

Do a backup (as you should allways do). Move the box, check DNS and the
logs. Try a ping / nslookup and check if clients are able to logon to the
domain using the reallocated DC. Make sure replication is working.

And what server is the GC? You might have some issues if you take the GC
offline.

Succes,

WA.
 
Back
Top