Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Changing IP address to a Windows 2003 DC

Posted on 2011-05-02
Medium Priority
Last Modified: 2012-05-11

Windows 2003 server, AD, DNS, DHCP in
5 PC connected in DHCP, network = 192.168.1.x/24

I need change the IP address plan of this network to a new IP plan:  192.168.1.x/24 and to change the IP Server to the new IP

In short I need to migrate from 192.168.2.x/24 to 192.168.1.x/24

Is it possible? is it safe? is it easy ? What are the steps to follow ?

Thank you
Question by:gadsad
LVL 22

Expert Comment

by:Joseph Moody
ID: 35504416
First - why?
LVL 35

Expert Comment

by:Ernie Beek
ID: 35504426
Second, you can't change the IP address of a DC so you'll have to demote it first..........
Are you sure you want to do that?
LVL 11

Expert Comment

by:Kruno Džoić
ID: 35504431
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 10

Expert Comment

by:Muzafar Momin
ID: 35504792
you can change the IP followed with changes to below

1) replace the old ip with new one in DNS (fwd and reverse zone)
2) add the new ip address in NS (name server ) in dns
3) restart the server

Author Comment

ID: 35508708
muzafar answer say thas it is easy to do

as erniebeek say that I will have to démote and promote AD

what is the real answer ??

The reason why I need to do that is because I am moving the network to another location with another IP plan and I need to share internet access (same router)

Thank you

Accepted Solution

qf3l3k earned 2000 total points
ID: 35512248
You can change IP of the domain controller.

Issues you might have are:
 - DNS refresh time - computers will remember old IP of the domain controller associated with name which might cause slow logon - you can change TTL on DNS zone to very short (even few minutes) prior to operation which will minimize impact
 - If you have more than 1 domain controller in network then you have to make sure that all DNS servers have new IP of domain controller. Also, using Active Directory Sites & Services you have to make sure that all reaplication connections are working after change, eventually you might have to rip them off and re-create replication connections between domain controllers - only in multi-domain controller environment.

Hope that helps. Let me know if you need more clarifications as I went through that few times and there is no big deal with IP change. Bigger issue is posed by domain controller name change.

Steps I would take in your case:
 - Set TTL on DNS zone for AD to low to expire name to IP associations on client computers very fast
 - Schedule downtime after hours
 - Change IP address on domain controller and reboot machine
 - Make sure that DNS containt only new IP address associated to domain controller name in DNS
 - Check on client computers that name of domain controller is correctly resolved on PCs
 - Any issues with client computers - you might need to do: ipconfig /flughdns (about 3 times on each machine) to clean DNS cache in case some computers still have old name to IP mapping
 - In case you operating in multi-DC environment then make sure all DNS servers you have contain correctly registered name to IP mapping
 - Using AD Sites & Services check all replication connections (KCC will verify connection and rebuild in case it's needed - if you will see any issues in event logs then you can remove connector and re-create this using same amdin tool).

That step-by-step procedure. One important thing.. sometime it looks like system is broken or not fully functional after this change. It is only temporary and you have to check all point before going to panic mode and rebooting server :)
It works with no problems.

Expert Comment

ID: 35512257
PS. Of course I missed one step for DNS... after change you can revert back TTL on DNS zone to previous value as we don't need short life time for DNS records anymore.

Author Comment

ID: 35512649
Thanks for your complete and clear answer

DO I have to change the IP address also in DNS (forward and revert zone?); is there any place in Windows that I have to enter the new IP addresse? (in addition to the "network propierties/TCPIP" zone? IN DHCP I will have to build a new scope, is it ?

I have a single domain environement so nothing to change in Sites adn Services AD

Thanks again


Expert Comment

ID: 35512929
Once you will reboot DC then DNS entry should be refreshed automatically by NetLogon service.
However, I would recommend to go to DNS and make sure that appropriate record is accordingly updated and if not just change it manually in both, forward and reverse lookup zones.

Of course new DHCP scope will be required which will correspond with new IP subnet.

Except DNS there is no other place you need to update IP until you have some 3rd party services/applications which might require that.

Also, in TCP/IP settings remember to update primary DNS server to point to new IP of the domain controller.

Whole change should not affect users badly as they might have just delay in logging on to network if computer will have old IP in DNS cache.

Author Closing Comment

ID: 35783315
thank you

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question