[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 531
  • Last Modified:

Any issues with changing Domain Controller IP to old DC address?

Setup: We have a domain with about 70 workstations and 2 Domain Controllers.  One is Windows 2000 Server, and has been the only DC for years, controlling DHCP, DNS, WINS, file and print sharing.  The other DC was added recently and is Windows Server 2003 R2 Standard.  We added this one to ultimately take over all roles.  We have already made it a DC, added all roles (except DHCP) and transferred FSMO roles.  Everything looks good so far.
What we would like to do is take down the old server, and then change the IP of this new server to the one the old server had. That way, it's easier for us and the users.  So the question is, can this be done (I am thinking yes) and are there any issues to look out for. Is this common? Any tips and advice would be great.  Thanks.
0
cpeele
Asked:
cpeele
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
cluebeckCommented:
Sound all good to me. Although i have to say you should never really be using the ip-adress anyway, especially not normal users. Always use the DNS name that way you are more flexible.
0
 
haldoxpCommented:
As you are changing only IP address just check DNS if DNS entries are updated with new host name. There is a chance you will have one IP pointing to two host names.

I assume you will not demote the old DC first, just power it off. Don't forget to change the IP and disable the services before you reconnect it to network.
0
 
cpeeleAuthor Commented:
Thanks for the comments.  Do you mean using the IP address for mappings?  We tend to do this to ensure the shares can be reached.  And if we change the IP of this server, we wouldn't have to change any mappings that include the IP.  And we are so used to using the IP to access the server as well.
Any other comments welcome.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
cpeeleAuthor Commented:
Actually I was going to demote the old one first. Are you saying this is not the best approach?
0
 
haldoxpCommented:
The old server will be good backup if anything goes wrong, you can quickly return to previous configuration.

Take a backup of the old server, transfer all services to the new server, disable services on old server if needed and power it off. Change IP on new server and test it for few days if everything is going as planned. If everything is ok, power on the old server and change IP, reconnect it to the network and demote it. You must reconnect the old server before the AD tombstone lifetime (default 60days). Otherwise you will need ntdsutil to remove old AD entries.
0
 
haldoxpCommented:
or off course you can change the IP of the old server in the same time and leave it on the network
0
 
Rob WilliamsCommented:
Personal I would demote it and dispose of it, especially where you are changing the IP of the newer server. If you ever boot up the old server with the same IP and still a DNS server you might create a real nightmare.
After changing the new server's IP, open the DNS management console and manually clean it up. As mentioned you will probably have two IP's pointing to the same Host, run ipconfig /flushdns, then edit DHCP to have only the new DNS server's IP, and reboot all workstations. Of course if any devices that have statically assigned IP's you will have to remove the other DNS IP. You will have slow name resolution on devices that still have a dormant DNS server IP.
0
 
haldoxpCommented:
>>If you ever boot up the old server with the same IP and still a DNS server you might create a real nightmare.

That is why I wrote him to change the IP and disable services before reconnecting old server to network. Alternatively, he can leave the old one on network but must change the IP in the same time. This is much easier than a restore if anything goes wrong.
0
 
cpeeleAuthor Commented:
Thanks for the comments, both of you.  This helps us a lot.
0
 
Rob WilliamsCommented:
Thanks cpeele. Good luck with it.
Cheers !
--Rob
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now