Mass, domain DNS changes

So, we changed out all four DCs on a domain with approximately 600 servers.  It's a mixture of both physical and VM servers and a mixture of some 2003, 2008 and 2012 servers.  

All of the servers have statically assigned IP addresses and they all have statically assigned DNS.  

To keep the world from ending, when the old DCs went away, I assigned the old IP addresses to the new servers as a second IP.  That way anything looking for DNS or LDAP or anything else based on the old DCs IP would still work.

Now I need to change the statically assigned DNS settings on the NICs for 600 servers.  

Now, I could leave the old IPs in place, but I don't like changing IP addresses on DCs when they were promoted and began replicating with one IP.  Some rules stick in my head like never try and change the name of a DC after it's promoted and never change it's IP.  Yes, I know it's doable, but I don't like doing it.

So, how can I change the statically assigned DNS on 600 servers without having to log into each one and do it manually?

Powershell?  Script from Hades?  600 Kelly temps (one per server)?



Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
Need to have a few questions answered:

1. is PowerShell installed on all the servers?
2. How many servers are 2003, 2008, 2012?

I would test the following command on 1 of each OS version:

Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'"

Open in new window

To see all the info on the NIC:

Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'" | select *

Open in new window

If the command works on your test server selection, then you could use a script like:

$ActiveNic = Get-WmiObject win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'"
Set-DnsClientServerAddress -InterfaceIndex $ActiveNic.InterfaceIndex -ServerAddresses ("","")

Open in new window

Update your DNS Server IP Addresses on the 2nd line and save as a .ps1 file.

The command must be executed at an elevated permissions level... aka: Run as Admin.

A side note for future reference, if I may:  I would recommend that 1 DC at a time is swapped out.  This way you can immediately reuse the IP of the decommissioned DC.  This way, you avoid the situation that you find yourself in now.  

You could casually swap a server a day (or 2):  demote the old server, take it offline.  Reuse the old address on the new server, bring it online, dcpromo it, check replication, monitor AD for a while... next.

I've found that this process (for me) works the best.  I pre-stage all my new servers with the desired OS, patch them, install required software, then just go down my list of DCs to swap out.

I know this is after the fact, but I done DC HW upgrades in a similar way and had only more work to do afterwards.  I'm just trying to share a piece of experience after having done DC swaps, uncountable times.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crp0499CEOAuthor Commented:
Ok, powershell would be installed in all of the 2008 boxes and up.

Maybe 4 or 5 2003 boxes.

The reason I did it this way is we have a massively large network with many devices of all types looking for either the IP addresses of the old DCs or the DNS names of the old DCs.  I wanted to be sure nothing broke so I kept the double IPs and the CNAME alias.  Then I emailed everyone and told them they had 90 days to replace any references to old IPs and old DNS names to the new before I killed the dual IP/CNAME scheme I have.
Dan McFaddenSystems EngineerCommented:
So I'd say 595 servers out of 600 ain't a bad hit rate.

I'd do the win2003 servers by hand.  But that's just my preference.  Making the changes with VBScript is a bit more complicated as opposed to the 2 lines in PS.

I'd run the script on a select group of maybe 4-5 servers and double check the changes and wait a few days to see if the level of tech calls increases.  Hopefully not.

Then I would run the script on servers in a single AD Site at a time.  Try to contain any potential issues to specific regions.

As for gettin' on me soapbox... just trying to share my past headaches with the community and trying to reduce future sales of ibuprofen to IT workers.

crp0499CEOAuthor Commented:
I really do appreciate the advice.  My advil bottle is almost empty.  :)  I'll let you know how this works out.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.