• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 53
  • Last Modified:

Taking over a DC IP and FQDN

Came into environment where if a DC in a DC without any FSMO is offline is impacting production.

I suspect the following:

A.Member servers primary DNS point to this server

B. Application owners have hardcode IP or FQDN into there code.

Server is physical cant p2v

So i am thinking of doing the following

A. Assign new IP to DC

B.  Add the old IP to a new DC
C.  Create a cname that matches the hostname (& fqdn) just to stop having problems

Clean-up Entails
A.  Change  members server DNS to point to new DC server  as primary
B. Followup with determining what is hitting this server directly via IP
C. Finally demote the old DC controller with Dcpromo
0
newbie2239
Asked:
newbie2239
  • 2
  • 2
2 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
There is no need to create a cname record for changing the IP Address of the domain controller. Make sure that when you demote your old DC that you change the IP first, then assign the old DC IP to the new DC and you should be fine.

You will also want to make sure that you update your DHCP as well.

Will.
0
 
newbie2239Author Commented:
Due to complexities  in the environment   and politics involved my Decision is  not to  DCPromo to demote the server until everything is tested .

Environment:
AD Servers: mixed Mode: 2003, 2012, 2012 R2  : Legacy Physical , 2012 Servers and Up Virtual.
Server in Question:
2003 Server Run: DC,GC - No FSMO, No DHCP. -
Issue: Out of memory ,  Hardware issue , No Hardware support , and most importantly 2003 Server
Complexities
1. Harden FW ACLS by IP . Coordination with teams can take a month
2. Potentially Developers coding with  FQDN and IP of AD Servers in as there are 15 year old apps in environment.
3. Devices not under my control pointing DNS entries to DC



I have done something similar in the past

1.  Access 2003 DC Server,  Change IP  2003 server and shutdown the server .
2 . Add  IP the IP of the server you just shut down to an existing Domain Controller in the Environment  which resides  on the same subnet  .  Server will temporally have 2 IP's
3. . Either reboot the domain Controller   server or, ipconfig /registerdns and restart the netlogon service
4. . Test make sure things are working
5. Create another Change Control to access old Domain Controller  to power on and Demote using DCpromo.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Personally I would not simply power down the DC. What is the point of doing that when you are going to demote it anyway.

You also have to consider SRV records as well not sure DNS. So you can run into issues when simply shutting off a server for extended periods of time.

I would suggest you demote it or your clients could run into issues when looking for service locator records.

Will.
0
 
newbie2239Author Commented:
Will,

I spoke with Microsoft  and they stated   I could do the following below as well .

Note :   I was able to successfully do this in my a Lab .

Change Domain Controller name and IP  with another Domain Controller

Lab Environment

1.      DC2012-01   – Holds all FSMO – 10.10.1.10
2.      DC2012-02- -10.10.1.11
3.      DC2003-01 – 2003 Server in the Lab 10.10.1.12


1       Demote DC2003-01 ( 10.10.1.12) with DCPROMO
2.      DC2012-01  Force Replication – repadmin /syncall /A / P on the server that the DC is replicating its changes off  
3.      Re-Ip Server DC2003-01 10.10.1.13
4.      Remove DC2003-01 Domain  to Workgroup
5.      Shutdown DC2003-01
6.      DC2012-01  Force  Replication – repadmin /syncall /A / P
7.      In the lab I still had to delete DC2003-01  icon in sites and services but also the computer name did get remove from DC2012-02 – deleted member server DC2003-01 in Users and Groups
7.       My Next step was change changing  IP  on DC2012-02 - 10.10.1.12
8.       Then renaming DC2012-02 to DC2003-01
9.       Reboot
10.     Validated  AD
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now