?
Solved

DC/DNS Move to New VLAN/Subnet

Posted on 2009-05-05
2
Medium Priority
?
1,594 Views
Last Modified: 2012-05-06
Due to security considerations, we have created a "management" VLAN to which key systems and services (e.g. WSUS, antivirus central control, DCs, DNS services) will be moved from their current VLAN subnet to the new management VLAN/subnet. (All machines in the DMZ run in their own AD domain.) We need to move the two DCs/DNS servers to this new VLAN. The IP addresses, of course, will have to change and any machine pointing statically to the DNS servers will have to have those IP addresses changed. (We have already configured the VLAN to allow/route the needed traffic between the two VLANs.)

One of our techs seems to think it is as simple as changing the DNS/DC IP address (subnet is the same) to the new subnet/vlan IP addresses reserved for this purpose for both DC/DNS machines and then changing the other DMZ machines' DNS entries.

Having never done this before, I'm not so sure it is that simple. I'd rather be sure the process is done such that we don't lose the DNS resolution or screw-up AD.

If you have experience doing this and can give us the steps along with appropriate testing ideas or can point us to an appropriate KB article that relates to this, your help would be greatly appreciated.

Many thanks in advance for your help with this!
0
Comment
Question by:richlich
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 750 total points
ID: 24307278
As long as all the clients that point to this server have been updated (static clients, DHCP clients, applications, etc) you should be ok.
This article may also help
http://technet.microsoft.com/en-us/library/cc758579.aspx
Change the static IP address of a domain controller
At the end of that the dcdiag /fix will reigister the new IP address for this records in DNS for the DC.  (restarting netlogon does it too)
Thanks
Mike
0
 
LVL 3

Assisted Solution

by:ISWSIMBX
ISWSIMBX earned 750 total points
ID: 24307281
I recently had to move a DC to a new subnet.  Couple of things you need to make sure of:

1)  Ensure that the new subnet objects exist in AD Sites & Services and is associated with the correct site.
2)  Once the DC is moved, verify that all other domain controllers can resolve the new name/ip address to ensure there are no replication problems.

DNS is really the key to the whole situation as AD heavily relies on it.

Here is a good blog post on changing IP's on a domain controller:

http://www.totalnetsolutions.net/2007/07/29/how-to-change-a-domain-controller-ip/
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question