How do I change a domain controller’s IP address?
As a critical part of your IT infrastructure, domain controllers (DC) should be assigned a static IP address so that they can be reliably discovered across the network. Sometimes it’s necessary to change the IP address assigned to a DC, for instance when there’s a change of IP addressing scheme on the local subnet, and this process can cause some concern for administrators due to the critical nature of DCs. However, assuming the DC is not hosting any other roles, changing the IP address shouldn’t pose any serious difficulties.
Change the IP address
In this example, I’m going to change the IP address of a Windows Server 2012 DC. The server is additionally configured as the domain’s only DNS server.
- Open a command prompt by right-clicking the PowerShell icon on the desktop Task Bar and select Run as Administrator.
- Run DCDIAG and make sure the DC passes all the tests. If any problems are identified, they should be resolved before proceeding any further.
- Right-click the network icon in the bottom right of the Task Bar and select Open Network and Sharing Center from the menu.
- In the Network and Sharing Center, click Change adapter settings.
- On the Network Connections screen, right-click the network adapter for which you want to change the IP address and select Properties from the menu.
- In the Ethernet Properties dialog box, scroll down the list and double-click Internet Protocol Version 4 (TCP/IPv4).
- In the TCP/IPv4 dialog box, change the IP address (and subnet mask if required). In this example I will also change the primary DNS server entry to the DC’s new static IP address, as the DC is also the only DNS server in the domain. Click OK to continue.
- Click OK in the Ethernet Properties dialog box and then close the Network and Sharing Center.
Register the domain controller’s new IP address
Now the IP address has been changed, we need to empty the local DNS cache and register the DC’s new IP address in DNS.
- In the PowerShell box, run ipconfig /flushdns to remove any cached DNS entries created by the local DNS resolver.
- Run ipconfig /registerdns to ensure the new IP address is registered by the DNS server.
- Run dcdiag /fix to update Service Principal Name (SPN) records and check that all the tests are passed successfully.
DHCP settings will need to be changed if the DC is also a DNS server to make sure domain members pick up the DNS server’s new IP address. Don’t forget that you’ll either need to clear the local DNS cache on all member servers and clients joined to the domain or reboot them so that they resolve the new IP address to locate the DC.
If you have a distributed DNS infrastructure, you may need to wait for DNS information to replicate or force a replication. If present, subnet information in AD Sites and Services should be updated if the subnet addressing scheme is also modified. As with any major change you make to your production servers, you should test the procedure in a preproduction environment using servers with the same configuration as your production systems.