How do I change the domain subnet mask on a single server 2003 r2
Hi,
I have a single server 2003 R2 with a domain supporting around 90 pc's / laptops + a reserved lease of 30 to allow for resource servers, printers and wireless access points.(Based in a primary school)
The address range is 172.xx.xx.1 to 172.xx.xx.127 and the subnet mask is 255.255.255.128
There have been many problems with address leasing and it has ended up with my reducing
the lease period to 1 day. Another school has moved to a totally different ip range and their old range followed immediately after our own.
I have managed to obtain extra addresses to increase the range to 172.xx.xx.254, with a change in the subnet mask to 255.255.255.0.
The LEA is changing its firewalls etc to accommodate the new range.
The intent was to update during the late afternoon, but as so often happens things didn't go according to plan!
Whilst the LEA was updating the firewall etc I started on the local domain.
Without much experience in this area, I changed all the devices with a fixed ip address to show
the new subnet.
I have changed the server's own network address subnet mask to the correct
subnet, and looked at the dhcp addressing.
I expired/removed the remaining leases so that new would be issued on the next logon.
I looked at the address range, but could see the subnet was greyed out and could not be changed.
I believe the scope needs to be re-set, DNS server address changed, also the gateway, which should be updated to point to the new address provided by the LEA
Flushing by ipconfig /flushdns and /registerdns should clear old addresses.
Unfortunately time was running out and I had to reset all the subnets to the original .128 before the school was closed for the evening to avoid the risk of system failure in the morning.
Before I start again I'd be better off with a full documented plan of what and where to make changes, hence the request for help.
I've looked at the many comments/advice on changing subnets but could do with some advice on which steps I have missed out or need to follow (as I am sure there are many), and probably just where I need to look in the dhcp/dns settings + Active Directory possibly.
Any help would be much appreciated.
I have a single server 2003 R2 with a domain supporting around 90 pc's / laptops + a reserved lease of 30 to allow for resource servers, printers and wireless access points.(Based in a primary school)
The address range is 172.xx.xx.1 to 172.xx.xx.127 and the subnet mask is 255.255.255.128
There have been many problems with address leasing and it has ended up with my reducing
the lease period to 1 day. Another school has moved to a totally different ip range and their old range followed immediately after our own.
I have managed to obtain extra addresses to increase the range to 172.xx.xx.254, with a change in the subnet mask to 255.255.255.0.
The LEA is changing its firewalls etc to accommodate the new range.
The intent was to update during the late afternoon, but as so often happens things didn't go according to plan!
Whilst the LEA was updating the firewall etc I started on the local domain.
Without much experience in this area, I changed all the devices with a fixed ip address to show
the new subnet.
I have changed the server's own network address subnet mask to the correct
subnet, and looked at the dhcp addressing.
I expired/removed the remaining leases so that new would be issued on the next logon.
I looked at the address range, but could see the subnet was greyed out and could not be changed.
I believe the scope needs to be re-set, DNS server address changed, also the gateway, which should be updated to point to the new address provided by the LEA
Flushing by ipconfig /flushdns and /registerdns should clear old addresses.
Unfortunately time was running out and I had to reset all the subnets to the original .128 before the school was closed for the evening to avoid the risk of system failure in the morning.
Before I start again I'd be better off with a full documented plan of what and where to make changes, hence the request for help.
I've looked at the many comments/advice on changing subnets but could do with some advice on which steps I have missed out or need to follow (as I am sure there are many), and probably just where I need to look in the dhcp/dns settings + Active Directory possibly.
Any help would be much appreciated.
ASKER
Thanks davorin,
This is a first time exercise for me- do I have to delete the existing scope and create new or just add new- I'm at home at the moment working out how to prepare for it in the morning?
I don't have the option to test, this will be a live change so I've got to get it right!
Is the subnet greyed out and can't be changed, because it ties up with the current scope which ?
How long would you suggest I allow for the server alterations- I know how long it will take for all the fixed IP resetting.
Thanks,
Nigel
This is a first time exercise for me- do I have to delete the existing scope and create new or just add new- I'm at home at the moment working out how to prepare for it in the morning?
I don't have the option to test, this will be a live change so I've got to get it right!
Is the subnet greyed out and can't be changed, because it ties up with the current scope which ?
How long would you suggest I allow for the server alterations- I know how long it will take for all the fixed IP resetting.
Thanks,
Nigel
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have changed your subnet mask to 255.255.255.0 you will need to delete and recreate DHCP scope. You can not just add new scope, because IP adresses will overleap. If you don't have many DHCP reservations it should not took you more than 5 minutes for configure new scope.
"How long would you suggest I allow for the server alterations" - I really don't understand this question. Most of the time you will need to connect and log in at the servers. Changing IP setting will go faster.
As you already did - I would start at domain servers, routers, then DHCP and at the end other equipment (printers, wlan eq.,...)
"How long would you suggest I allow for the server alterations" - I really don't understand this question. Most of the time you will need to connect and log in at the servers. Changing IP setting will go faster.
As you already did - I would start at domain servers, routers, then DHCP and at the end other equipment (printers, wlan eq.,...)
ASKER
Thanks Raimsee for the sequence to follow, and davoris for the need to create a new scope.
I asked about time to configuration time because I had been told by a colleague that there was a lot to update and was not straightforward.
Someone who has done this many times would rattle through quickly, know where to look to make changes, and what to do in what order- that's an expertise that I do not have so have no idea of how long it would take me.
As I only work-parti-time I cannot risk leaving the job part-done so that users do not have a working system the next day. I have a limited time frame between the end of school lessons and school being locked up. (That's why I had to reset everything to the .128 subnet as I didn't have confirmation that the LEA had configured the external devices)
The LEA have now reconfigured the router / incoming switch to the new 255.255.255.0 subnet as far as I know, the current domain setup using the 255.255.255.128 is working ok, I would have thought there might have been a clash with differing subnets but it seems to work so far.
Some responses to similar questions on subnetting mention Active Driectory- is this applicable in this situation, i.e. single server doing all roles such as dns/dhcp/print server.
Thanks
I asked about time to configuration time because I had been told by a colleague that there was a lot to update and was not straightforward.
Someone who has done this many times would rattle through quickly, know where to look to make changes, and what to do in what order- that's an expertise that I do not have so have no idea of how long it would take me.
As I only work-parti-time I cannot risk leaving the job part-done so that users do not have a working system the next day. I have a limited time frame between the end of school lessons and school being locked up. (That's why I had to reset everything to the .128 subnet as I didn't have confirmation that the LEA had configured the external devices)
The LEA have now reconfigured the router / incoming switch to the new 255.255.255.0 subnet as far as I know, the current domain setup using the 255.255.255.128 is working ok, I would have thought there might have been a clash with differing subnets but it seems to work so far.
Some responses to similar questions on subnetting mention Active Driectory- is this applicable in this situation, i.e. single server doing all roles such as dns/dhcp/print server.
Thanks
DHCP is not as integrated into AD as lets say DNS is. The only reason you would really need to worry about AD is if you were changing DHCP servers.
In a Windows AD environment, you must "authorize" a DHCP server through AD before it will start accepting DHCP requests. If you have a complicated AD environment with many DC's, it can actually take a reasonably long amount of time for the authorization process to complete. However, since you are simply adding a new scope to the existing server, you don't have to worry about any AD authorizations.
In a Windows AD environment, you must "authorize" a DHCP server through AD before it will start accepting DHCP requests. If you have a complicated AD environment with many DC's, it can actually take a reasonably long amount of time for the authorization process to complete. However, since you are simply adding a new scope to the existing server, you don't have to worry about any AD authorizations.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to both of you,
rsimsee
Good to know that I don't have to delve into AD with just deleting the scope and adding a new one. Do I assume that because there is an existing DHCP server in operation that is why it doesn't need further authorisation?
davorin,
It's a relief about the communication between the subnets so long as the ip addresses stay in the lower 0- 127 range, couldn't remember the rules regarding this particularly with the broadcast address changing from 127.
I've been going through the multiple levels of DNS and DHCP and couldn't see anywhere else obvious that the domain ip/subnet was being picked up from to give the current domain settings. Is it just collected from the scope settings? Again, I'm learning fast!
Thanks
rsimsee
Good to know that I don't have to delve into AD with just deleting the scope and adding a new one. Do I assume that because there is an existing DHCP server in operation that is why it doesn't need further authorisation?
davorin,
It's a relief about the communication between the subnets so long as the ip addresses stay in the lower 0- 127 range, couldn't remember the rules regarding this particularly with the broadcast address changing from 127.
I've been going through the multiple levels of DNS and DHCP and couldn't see anywhere else obvious that the domain ip/subnet was being picked up from to give the current domain settings. Is it just collected from the scope settings? Again, I'm learning fast!
Thanks
Yes, but let's be clear, the "existing" dhcp server is the same dhcp server you're using. If you were to add another dhcp "server", that too would have to be authorized.
Just a comment as per Davorin's post - I don't think that time is going to be much of an issue, I don't know how many static ip's you have to update, but being that you only had the.128 mask and 90 pcs, you can't have too many. Being that you can set up the new scope in the background while the other scope is active, it shouldn't take you more than a few minutes to do the entire transistion.
Just a comment as per Davorin's post - I don't think that time is going to be much of an issue, I don't know how many static ip's you have to update, but being that you only had the.128 mask and 90 pcs, you can't have too many. Being that you can set up the new scope in the background while the other scope is active, it shouldn't take you more than a few minutes to do the entire transistion.
I'm not sure that I completely understand your last question.
If you want your computer to work on domain network properly, you need to set next parameters on network adapter - IP address, subnet mask, gateway address and DNS server's IP address.
You can do this manually of you can deliver that settings from DHCP server. You can define GW and DNS servers IP addresses in scope options. If you won't change any IP addresses you can just copy settings from old scope.
If you want your computer to work on domain network properly, you need to set next parameters on network adapter - IP address, subnet mask, gateway address and DNS server's IP address.
You can do this manually of you can deliver that settings from DHCP server. You can define GW and DNS servers IP addresses in scope options. If you won't change any IP addresses you can just copy settings from old scope.
ASKER
rsimsee
Thanks for clarifying the dhcp server question.
I had tried to set up a new scope , but it blocked it with the message 'overlapping subnets' or words to that effect. That's why I assume I will need to delete the scope then create the new one.
davorin
Sorry I wasn't clear with my question.
I had thought that with a single DC it would only refer to the scope for the domain address, and to the server's own network card address to ensure that it was within the correct range.
I had been told that I would need to check DNS settings etc, to find out anywhere the ip address for the domain was referred to, hence expanding the levels to find any reference to tcp/ip folders where such an address may be stored and would have to be updated to the new subnet mask..
By the sound of it, that has been unnecessary.
Thanks
Thanks for clarifying the dhcp server question.
I had tried to set up a new scope , but it blocked it with the message 'overlapping subnets' or words to that effect. That's why I assume I will need to delete the scope then create the new one.
davorin
Sorry I wasn't clear with my question.
I had thought that with a single DC it would only refer to the scope for the domain address, and to the server's own network card address to ensure that it was within the correct range.
I had been told that I would need to check DNS settings etc, to find out anywhere the ip address for the domain was referred to, hence expanding the levels to find any reference to tcp/ip folders where such an address may be stored and would have to be updated to the new subnet mask..
By the sound of it, that has been unnecessary.
Thanks
Oops, sorry bout that. Just create the new scope with the correct subnet mask, but change one of the octets until the scope is ready to go (instead of 172.x.x.1, make it 172.x.x+1,1). You can edit the changed octet on on the scope right before you activate it.
ASKER
As a trial run, I changed all settings/scope, fixed addresses as far as I could without accepting changes, subnet mask ok with octet change etc- also did a backup of the server c:drive as well
LEA have now fully reconfigured external devices and I could connect one client pc to the internet using a fixed ip/subnet in the new range as opposed to using DHCP. Monday afternoon will be the crunch when all changes are applied. I'll cross my fingers and report back then.
Thanks
LEA have now fully reconfigured external devices and I could connect one client pc to the internet using a fixed ip/subnet in the new range as opposed to using DHCP. Monday afternoon will be the crunch when all changes are applied. I'll cross my fingers and report back then.
Thanks
ASKER
Well, so far so good this afternoon.
Although I could deactivate the scope, I couldn't create a new one with overlapping subnet so had to delete anyway (after taking careful note of all the settings I could find!)I Must have missed the expire lease option, but got round it by deleting the current leases- all users had been told that the network would be down from late afternoon. Everything added in ok - took me a while as I had to make sure that I double-checked everything after taking an image of the C: drive. Checked with several laptops/PCs that they could access the printers / internet/ proxy server and that users could access their share on the server.
Default lease setting was 8 days- is there any benefit to making it longer/shorter?
Tomorrow morning will be the crunch, and I can then award point for your valuable help.
Thanks
Although I could deactivate the scope, I couldn't create a new one with overlapping subnet so had to delete anyway (after taking careful note of all the settings I could find!)I Must have missed the expire lease option, but got round it by deleting the current leases- all users had been told that the network would be down from late afternoon. Everything added in ok - took me a while as I had to make sure that I double-checked everything after taking an image of the C: drive. Checked with several laptops/PCs that they could access the printers / internet/ proxy server and that users could access their share on the server.
Default lease setting was 8 days- is there any benefit to making it longer/shorter?
Tomorrow morning will be the crunch, and I can then award point for your valuable help.
Thanks
I guess you missed my post about changing the octet to get around the duplicate scope issue :(
ASKER
tried to change it- third octet 22 to 23, but still gave me the same error on the scope range.
Halfway through the morning- so far so good
Halfway through the morning- so far so good
Hmm, that's odd....
ASKER
All has gone smoothly thanks you to both, davorin and rsimsee:. It's the first time I have awarded points and would like to split equally between you. Both have provided details relevant to solving my question with supplementary information to explain the stages and requirements. As different responses have contributed to the final solution I will selection one comment from each expert to accept multiple solutions.
Are you both happy with this for awarding points?
Are you both happy with this for awarding points?
Yup, that's pretty standard, glad everything went smoothly!
Me too :)
ASKER
Many thanks to both rsimsee and davorin- especially for your patience!
You are welcome.
Just create new scopes and enter new values of gateway, dns servers, manually change setting of equipment with fixed IP addresses...