Change Network address from to on W2K SP4 Single domain network  (Inherited problem)

Posted on 2006-03-21
Last Modified: 2008-01-09
What is involved if I change the IP addressing on a AD domain.  What will break.  I understand I must update the router etc. and need no help there.

Must I delete the DHCP scopes or can I edit them?  

Must AD integrated  DNS zone be deleted and readded.

I am moving the network to W2K3 R2 by adding a second server.  Do I do that first and then correct IPs or correct IP issue and then move.  This is currently a single Server with all AD functions and 25 desktops.  

The previous techs must have believed that was private.  They did not understand this is actually a public address space so currently if anyone of this network needed to visit any site using 192.1.1..X they would be unable to since they call it home  <G>.

This is nothin.  You should see some of the other stuff.


Question by:dcohn
    LVL 11

    Accepted Solution

    That's funny :)) Now u made me curious!! wot other stuff ??  :D:D

    To be honest, i've never done this before. But considering how AD works, I think you should follow a similar path as bellow:

    . temporary discconect clients from the network
    . change the static addresses first (the servers, dhcp, dns ...)
    . repair you AD related DNS records (see bellow how to do this)
    . create another scope (a valid one) in the dhcp server
    . exclude the first one (do not just delete it)
    . update client pointing them to the right services (like DNS).
    . setup a logon script for all users: "ipconfig /release and ipconfig /renew"
    . reconnect your clients

    Basically, you must reconfigure DNS - remember AD is dead withouth DNS working properly. You should also make sure there are no static bad ip assignements in the dhcp

    How to repair the DNS record registration
    To repair the Active Directory DNS record registration:

    Check for the existence of a Root Zone entry. View the Forward Lookup zones in the DNS Management console. There should be an entry for the domain. Other zone entries may exist. There should not be a dot (".") zone. If the dot (".") zone exists, delete the dot (".") zone. The dot (".") zone identifies the DNS server as a root server. Typically, an Active Directory domain that needs external (Internet) access should not be configured as a root DNS server.

    The server probably needs to reregister its IP configuration (by using Ipconfig) after you delete the dot ("."). The Netlogon service may also need to be restarted. Further details about this step are listed later in this article.
    Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.

    To install the Windows 2000 Support tools:
    Insert the Windows 2000 CD-ROM.
    Browse to Support\Tools.
    Run Setup.exe in this folder.
    Select a typical installation. The default installation path is Systemdrive:\Program Files\Support Tools.
    After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed.

    .: The server may need to reregister its IP configuration (by using Ipconfig) after you run Netdiag. The Netlogon service may also need to be restarted.

    .: If the Active Directory DNS records do not appear, you may need to manually re-create the DNS zone.

    .: After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed. Manually re-create the DNS zone:

    source: to reinstall the dynamic DNS in a Windows 2000 Active Directory

    I must admit this may  not be 100% accurate. As I said, I've never done this. Hope this info is of some help though.

    LVL 3

    Author Comment

    Well considering this is their only server I cannot do this based on your honest answer.  THANK YOU!!

    But I will have to add my W2K3 server first maybe and MAYBE create a new AD forest etc.  I just hate the idea.

    ANyone else????
    LVL 11

    Expert Comment

    It is not a "honest" answer but a answer according to the knowledge I have and research I have done, which of course, you can accept or not. Additionally, I'm sure you have heard about backups or of any other means of minimizing risks of such network changes (for example, Ghost). And I'm also sure that you are aware that some changes, must be done off woking hours...

    If you want to create a new forest ... go for it.... Make sure the actual network is not using a changed AD schema first.
    And also, I don't see how this operation (of adding a new forest) is less risky comparing to what I have suggested.

    I do understand your concerns about what I suggested! I just think there are many other ways one could appreciate someone who is trying to help you - like thinking first about it, and then, considering his own knowledge, judge accordingly.

    Now ... what you are going to do ... it is really a matter of choice.

    good luck.
    LVL 3

    Author Comment

    If I sounded unappreciative them I apologize as it was the furthest thing from my intent.

    I respect your answer as one coming from a sound technician and know it has merit.

    The issues, which I did not explain, are that I really wanted to hear some magic answer that would have been basically very little work with almost no risk.

    I have an image of his system from some Acronis Server backup he has running BUT it uses a built in IOMEGA REV drive which the owner, who deals with the daily drive removal, said was stuck today. (THe tape/disk was stuck in the machine)

    I mean their backup was installed on the same server they backup.  While I have seen people do this before in small companies a $10 million dollar business with 25 plus employees deserves better IMO.

    I am not sure that a new forest is as risky.   A New seperate server is what I mean. But I am not sure is the key here.  While your response is very professional I probably got thrown by the last line.  I also answered too quickly and while I was in the middle of assisting my guys with another remote server recovery from another resellers mess that we recently took over.

    We are slow movers sometimes as we believe in redundancy first and foremost but that surely does not change the validity of your suggestion.

    Let me get through this day and loook at it again when I am not so stressed.

    And again I said THANK YOU because I really meant I appreciated your help very much.  But again I wanted the Magic most likely non existent solution,.


    LVL 11

    Expert Comment

    Ok. I would like that someone come with a magic solution as I'm always keen to learn from other's experience - as I said, I never came through a similar situation like this one.

    I hope someone turns up...

    I will still make some research and if I find something of interest, I'll post it here

    LVL 6

    Assisted Solution

    I think you might be overcomlicating this.  If you reboot the box after you have changed the IP address then Windows will re register it's services with the DNS server using the apprpriate new IP address.

    I have a testbed with a single server setup of Windows 2k3 and Exchange 2k3 and I can changed it's IP address twice without breaking anything.  If you think about it, what if you wanted to relocate the server to another location, MS can't force you to do a full re-installation each time.  

    If your really paranoid then an alternative is possibly to have two network cards in the server with one on the existing network and one on the new network.  This allows you to migrate clients at will between the networks but maintain the link to the main server throughout.
    LVL 11

    Expert Comment

    Changing locations, doeesn't necessariliy imply changing the internal ip address space ...
    But I agree that this may be sim[pler than it looks.... I'll keep checking this aas I'm curious how this goes on


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now