Taking over a DC IP and FQDN

Came into environment where if a DC in a DC without any FSMO is offline is impacting production.

I suspect the following:

A.Member servers primary DNS point to this server

B. Application owners have hardcode IP or FQDN into there code.

Server is physical cant p2v

So i am thinking of doing the following

A. Assign new IP to DC

B.  Add the old IP to a new DC
C.  Create a cname that matches the hostname (& fqdn) just to stop having problems

Clean-up Entails
A.  Change  members server DNS to point to new DC server  as primary
B. Followup with determining what is hitting this server directly via IP
C. Finally demote the old DC controller with Dcpromo
newbie2239Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
There is no need to create a cname record for changing the IP Address of the domain controller. Make sure that when you demote your old DC that you change the IP first, then assign the old DC IP to the new DC and you should be fine.

You will also want to make sure that you update your DHCP as well.

Will.
0
newbie2239Author Commented:
Due to complexities  in the environment   and politics involved my Decision is  not to  DCPromo to demote the server until everything is tested .

Environment:
AD Servers: mixed Mode: 2003, 2012, 2012 R2  : Legacy Physical , 2012 Servers and Up Virtual.
Server in Question:
2003 Server Run: DC,GC - No FSMO, No DHCP. -
Issue: Out of memory ,  Hardware issue , No Hardware support , and most importantly 2003 Server
Complexities
1. Harden FW ACLS by IP . Coordination with teams can take a month
2. Potentially Developers coding with  FQDN and IP of AD Servers in as there are 15 year old apps in environment.
3. Devices not under my control pointing DNS entries to DC



I have done something similar in the past

1.  Access 2003 DC Server,  Change IP  2003 server and shutdown the server .
2 . Add  IP the IP of the server you just shut down to an existing Domain Controller in the Environment  which resides  on the same subnet  .  Server will temporally have 2 IP's
3. . Either reboot the domain Controller   server or, ipconfig /registerdns and restart the netlogon service
4. . Test make sure things are working
5. Create another Change Control to access old Domain Controller  to power on and Demote using DCpromo.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Personally I would not simply power down the DC. What is the point of doing that when you are going to demote it anyway.

You also have to consider SRV records as well not sure DNS. So you can run into issues when simply shutting off a server for extended periods of time.

I would suggest you demote it or your clients could run into issues when looking for service locator records.

Will.
0
newbie2239Author Commented:
Will,

I spoke with Microsoft  and they stated   I could do the following below as well .

Note :   I was able to successfully do this in my a Lab .

Change Domain Controller name and IP  with another Domain Controller

Lab Environment

1.      DC2012-01   – Holds all FSMO – 10.10.1.10
2.      DC2012-02- -10.10.1.11
3.      DC2003-01 – 2003 Server in the Lab 10.10.1.12


1       Demote DC2003-01 ( 10.10.1.12) with DCPROMO
2.      DC2012-01  Force Replication – repadmin /syncall /A / P on the server that the DC is replicating its changes off  
3.      Re-Ip Server DC2003-01 10.10.1.13
4.      Remove DC2003-01 Domain  to Workgroup
5.      Shutdown DC2003-01
6.      DC2012-01  Force  Replication – repadmin /syncall /A / P
7.      In the lab I still had to delete DC2003-01  icon in sites and services but also the computer name did get remove from DC2012-02 – deleted member server DC2003-01 in Users and Groups
7.       My Next step was change changing  IP  on DC2012-02 - 10.10.1.12
8.       Then renaming DC2012-02 to DC2003-01
9.       Reboot
10.     Validated  AD
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.