Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Solved
Changed IP address on DC and now I cannot join clients to domain.
Posted on 2016-08-16
So I have a domain controller (windows 2012 server) that has been moved to a new location. It had to have the IP address changed to match the new network. SO now that this has all happened it appears to have fouled up all my dns setting because I cannot join computers to the domain. The client computers that are trying to join are using the IP address of the DC as the primary DNS. I know its something with the dns settings (lookup zones) on the server im just not sure what I dont have configured right. the new dc controller IP is 10.0.0.90 and I have removed all the old entries in DNS and added new zones pointing to the new address. Is there a simple way to rebuild this?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2-
2
- +1
9 Comments
Active today
Make sure the NIC on the DC is configured to register itself in DNS (Adapter properties > IPv4 properties > Advanced > DNS tab > Check mark in register this connection). Run ipconfig /flushdns, then run ipconfig /registerdns on the DC. Then stop and restart the netlogon service. There are probably more DNS entries that need to be updated. Doing these things will cause the DC to register itself in DNS again.
If that doesn't fix the issue, clear and rebuild your _msdcs zone. Go into DNS, find a zone and/or folder called _msdcs. Delete it (delete both if there is a zone *and* folder with that name), run ipconfig/flushdns on the DC, then ipconfig /registerdns. Once that's done, stop and restart the netlogon service on the DC. that will force the DC to re-register everything and rebuild the _msdcs zone, which defines all the
If that doesn't fix the issue, clear and rebuild your _msdcs zone. Go into DNS, find a zone and/or folder called _msdcs. Delete it (delete both if there is a zone *and* folder with that name), run ipconfig/flushdns on the DC, then ipconfig /registerdns. Once that's done, stop and restart the netlogon service on the DC. that will force the DC to re-register everything and rebuild the _msdcs zone, which defines all the
Active today
I am still getting "an active directory domain controller for the domain could not be contacted" error.
Also, and nslookup doesnt not resolve the server name.
When I try to ping the server name from the client, I get "Pinging (server name) 222.222.222.155" which is the old IP address.
Also, and nslookup doesnt not resolve the server name.
When I try to ping the server name from the client, I get "Pinging (server name) 222.222.222.155" which is the old IP address.
How are your clients getting DNS server information, is it statically configured or are they getting DNS settings via DHCP?
Was the server that was relocated also acting as the DNS server for the clients? If so have the settings for the clients been updated to point to the new DNS server? Or if they weren't using directly using it as a DNS server was it configured as a forward lookup on the DNS server they do use, in which case the information for the forwarder may need updated...
Was the server that was relocated also acting as the DNS server for the clients? If so have the settings for the clients been updated to point to the new DNS server? Or if they weren't using directly using it as a DNS server was it configured as a forward lookup on the DNS server they do use, in which case the information for the forwarder may need updated...
Active today
Foochar - They are getting DNS manually. I have entered the domain controller as the primary dns address(10.0.0.90). The server that was relocated is the acting DNS server. After the move I uninstalled the dns server role and reinstalled. However, it appears some of the old entries were still residing in the DNS. I had to manually delete some entries that showed my DC A record still using the old 222.222.222.155 IP address.
Adam - did that and it didnt help.
Also, still getting this from client.......
Pinging NHP-RDS01 [222.222.222.155] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
222.222.222.155 is the old address of the DC.
Adam - did that and it didnt help.
Also, still getting this from client.......
Pinging NHP-RDS01 [222.222.222.155] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
222.222.222.155 is the old address of the DC.
You mentioned earlier that nslookup isn't resolving the request. Have you verified that the clients are able to ping the server at its new 10.0.0.90 IP address? Since its not resolving at all (as opposed to just resolving to the old address) when you do an nslookup I'd be looking first at basic network and DNS connectivity, for example the possibility that traffic on port 53 isn't allowed between the two networks, or that there is a routing issue between the two networks...
Active today
If I ping the Dc via the server name it comes back with above. If I ping using the Ip address the it comes back fine.
The computer that I am trying to connect to the domain is on the same network with the DC. They are local to each other.
Pinging 10.0.0.90 with 32 bytes of data:
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
The computer that I am trying to connect to the domain is on the same network with the DC. They are local to each other.
Pinging 10.0.0.90 with 32 bytes of data:
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Reply from 10.0.0.90: bytes=32 time<1ms TTL=128
Active today
I would say stop.
Now, check the workstation:
1. Check the HOSTS file
2. Check the LMHOSTS file
3. Check the DNS settings on the workstation. They should ONLY point to the server's CURRENT private IP. There should not be any other DNS servers listed (no ISP DNS servers, no google servers, nothing... JUST the DC).
4. IDEALLY, post screen shots of all of the above.
Now check the server:
1. Does the server's TCP/IP properties DNS listing ONLY point to itself (I prefer by server IP and NOT the loopback address, though that should theoretically be fine)?
2. Restart the netlogon service on the server. That should re-register all AD records in DNS.
Are things working now?
No? Try joining the fully qualified domain name instead of the netbios name.
No? Try adding the dns suffix to the system properties of the domain name.
No? Post screen shots of the server.
Now, check the workstation:
1. Check the HOSTS file
2. Check the LMHOSTS file
3. Check the DNS settings on the workstation. They should ONLY point to the server's CURRENT private IP. There should not be any other DNS servers listed (no ISP DNS servers, no google servers, nothing... JUST the DC).
4. IDEALLY, post screen shots of all of the above.
Now check the server:
1. Does the server's TCP/IP properties DNS listing ONLY point to itself (I prefer by server IP and NOT the loopback address, though that should theoretically be fine)?
2. Restart the netlogon service on the server. That should re-register all AD records in DNS.
Are things working now?
No? Try joining the fully qualified domain name instead of the netbios name.
No? Try adding the dns suffix to the system properties of the domain name.
No? Post screen shots of the server.
Featured Post
Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade. One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder. Here's how to …
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
Suggested Courses
Course of the Month11 days, 2 hours left to enroll
618 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.