• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Changing IP address to a Windows 2003 DC


Windows 2003 server, AD, DNS, DHCP in
5 PC connected in DHCP, network = 192.168.1.x/24

I need change the IP address plan of this network to a new IP plan:  192.168.1.x/24 and to change the IP Server to the new IP

In short I need to migrate from 192.168.2.x/24 to 192.168.1.x/24

Is it possible? is it safe? is it easy ? What are the steps to follow ?

Thank you
1 Solution
Joseph MoodyBlogger and wearer of all hats.Commented:
First - why?
Ernie BeekExpertCommented:
Second, you can't change the IP address of a DC so you'll have to demote it first..........
Are you sure you want to do that?
Kruno DžoićSystem EngineerCommented:
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Muzafar MominCommented:
you can change the IP followed with changes to below

1) replace the old ip with new one in DNS (fwd and reverse zone)
2) add the new ip address in NS (name server ) in dns
3) restart the server
gadsadAuthor Commented:
muzafar answer say thas it is easy to do

as erniebeek say that I will have to démote and promote AD

what is the real answer ??

The reason why I need to do that is because I am moving the network to another location with another IP plan and I need to share internet access (same router)

Thank you
You can change IP of the domain controller.

Issues you might have are:
 - DNS refresh time - computers will remember old IP of the domain controller associated with name which might cause slow logon - you can change TTL on DNS zone to very short (even few minutes) prior to operation which will minimize impact
 - If you have more than 1 domain controller in network then you have to make sure that all DNS servers have new IP of domain controller. Also, using Active Directory Sites & Services you have to make sure that all reaplication connections are working after change, eventually you might have to rip them off and re-create replication connections between domain controllers - only in multi-domain controller environment.

Hope that helps. Let me know if you need more clarifications as I went through that few times and there is no big deal with IP change. Bigger issue is posed by domain controller name change.

Steps I would take in your case:
 - Set TTL on DNS zone for AD to low to expire name to IP associations on client computers very fast
 - Schedule downtime after hours
 - Change IP address on domain controller and reboot machine
 - Make sure that DNS containt only new IP address associated to domain controller name in DNS
 - Check on client computers that name of domain controller is correctly resolved on PCs
 - Any issues with client computers - you might need to do: ipconfig /flughdns (about 3 times on each machine) to clean DNS cache in case some computers still have old name to IP mapping
 - In case you operating in multi-DC environment then make sure all DNS servers you have contain correctly registered name to IP mapping
 - Using AD Sites & Services check all replication connections (KCC will verify connection and rebuild in case it's needed - if you will see any issues in event logs then you can remove connector and re-create this using same amdin tool).

That step-by-step procedure. One important thing.. sometime it looks like system is broken or not fully functional after this change. It is only temporary and you have to check all point before going to panic mode and rebooting server :)
It works with no problems.
PS. Of course I missed one step for DNS... after change you can revert back TTL on DNS zone to previous value as we don't need short life time for DNS records anymore.
gadsadAuthor Commented:
Thanks for your complete and clear answer

DO I have to change the IP address also in DNS (forward and revert zone?); is there any place in Windows that I have to enter the new IP addresse? (in addition to the "network propierties/TCPIP" zone? IN DHCP I will have to build a new scope, is it ?

I have a single domain environement so nothing to change in Sites adn Services AD

Thanks again

Once you will reboot DC then DNS entry should be refreshed automatically by NetLogon service.
However, I would recommend to go to DNS and make sure that appropriate record is accordingly updated and if not just change it manually in both, forward and reverse lookup zones.

Of course new DHCP scope will be required which will correspond with new IP subnet.

Except DNS there is no other place you need to update IP until you have some 3rd party services/applications which might require that.

Also, in TCP/IP settings remember to update primary DNS server to point to new IP of the domain controller.

Whole change should not affect users badly as they might have just delay in logging on to network if computer will have old IP in DNS cache.
gadsadAuthor Commented:
thank you
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now