Solved

DC/DNS Move to New VLAN/Subnet

Posted on 2009-05-05
2
1,349 Views
Last Modified: 2012-05-06
Due to security considerations, we have created a "management" VLAN to which key systems and services (e.g. WSUS, antivirus central control, DCs, DNS services) will be moved from their current VLAN subnet to the new management VLAN/subnet. (All machines in the DMZ run in their own AD domain.) We need to move the two DCs/DNS servers to this new VLAN. The IP addresses, of course, will have to change and any machine pointing statically to the DNS servers will have to have those IP addresses changed. (We have already configured the VLAN to allow/route the needed traffic between the two VLANs.)

One of our techs seems to think it is as simple as changing the DNS/DC IP address (subnet is the same) to the new subnet/vlan IP addresses reserved for this purpose for both DC/DNS machines and then changing the other DMZ machines' DNS entries.

Having never done this before, I'm not so sure it is that simple. I'd rather be sure the process is done such that we don't lose the DNS resolution or screw-up AD.

If you have experience doing this and can give us the steps along with appropriate testing ideas or can point us to an appropriate KB article that relates to this, your help would be greatly appreciated.

Many thanks in advance for your help with this!
0
Comment
Question by:richlich
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 24307278
As long as all the clients that point to this server have been updated (static clients, DHCP clients, applications, etc) you should be ok.
This article may also help
http://technet.microsoft.com/en-us/library/cc758579.aspx
Change the static IP address of a domain controller
At the end of that the dcdiag /fix will reigister the new IP address for this records in DNS for the DC.  (restarting netlogon does it too)
Thanks
Mike
0
 
LVL 3

Assisted Solution

by:ISWSIMBX
ISWSIMBX earned 250 total points
ID: 24307281
I recently had to move a DC to a new subnet.  Couple of things you need to make sure of:

1)  Ensure that the new subnet objects exist in AD Sites & Services and is associated with the correct site.
2)  Once the DC is moved, verify that all other domain controllers can resolve the new name/ip address to ensure there are no replication problems.

DNS is really the key to the whole situation as AD heavily relies on it.

Here is a good blog post on changing IP's on a domain controller:

http://www.totalnetsolutions.net/2007/07/29/how-to-change-a-domain-controller-ip/
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now