Announcement

Collapse
No announcement yet.

Swapping IP of AD domain controllers with DNS integrated

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Swapping IP of AD domain controllers with DNS integrated

    Hi,

    I'd like to know what is the steps involved in swapping the IP address of domain controller with AD-Integrated DNS ?

    From below:

    Win2k3 - 10.1.2.11 (oldDNS & oldDHCP)
    Win2k12R2 - 10.1.2.199 (NewDNS & NewDHCP and All FSMO Role holder)

    Into:
    Win2k3 - 10.1.2.199 (oldDNS & oldDHCP)
    Win2k12R2 - 10.1.2.11 (NewDNS & NewDHCP and All FSMO Role holder)

    is there any risk involved in doing the above task ?

  • #2
    Re: Swapping IP of AD domain controllers with DNS integrated

    No risk, although it is worth reducing length of DHCP leases in advance so clients pick up the "correct" details sooner
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Swapping IP of AD domain controllers with DNS integrated

      Make sure you run ipconfig /registerdns and restart the NETLOGON service on each DC after the change. This will ensure the DNS records are all updated for the domain (SRV records, NS records etc, and not just the Host (A) Records.)
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      sigpic
      Cruachan's Blog

      Comment


      • #4
        Re: Swapping IP of AD domain controllers with DNS integrated

        Hi Cruachan and Ossian,

        Thanks for the response, so here's what I'd like to do the changes during ones business day.

        Since I also have around 17 other AD Sites with Domain Controller & AD-Integrated DNS on each sites, do I also have to manually logon to each of the server and restart the NETLOGON service, and manually change the AD Name Server IP address as well ?

        Please correct me if that doesn't make sense.
        Last edited by Albertwt; 10th April 2015, 02:32.

        Comment


        • #5
          Re: Swapping IP of AD domain controllers with DNS integrated

          Originally posted by cruachan View Post
          Make sure you run ipconfig /registerdns and restart the NETLOGON service on each DC after the change. This will ensure the DNS records are all updated for the domain (SRV records, NS records etc, and not just the Host (A) Records.)
          So the process above, can I do it in the same day or do I need to wait until the AD is replicated all the way to the rest of my DC/GC & DNS servers ?

          Comment


          • #6
            Re: Swapping IP of AD domain controllers with DNS integrated

            IMHO don't do anything at the other sites unless they start having problems - their clients will look to the site DC, and DNS replication will eventually push the correct records around
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Swapping IP of AD domain controllers with DNS integrated

              Originally posted by Albertwt View Post
              So the process above, can I do it in the same day or do I need to wait until the AD is replicated all the way to the rest of my DC/GC & DNS servers ?
              Do it as soon as you've changed the IP, then AD replication should take care of the rest. As Ossian said, don't do anything at the other sites unless you need to.

              https://technet.microsoft.com/en-gb/...=ws.10%29.aspx gives far more detail about AD and DNS than you would ever want to know, basically the process is that when the NETLOGON service starts on a DC it should check with DNS to ensure that it's SRV records are correctly registered. Once AD has replicated the chnages I'd go in and manually check that all of the NS records are correct as sometimes I've seen the old ones remain.
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Re: Swapping IP of AD domain controllers with DNS integrated

                Originally posted by cruachan View Post
                Do it as soon as you've changed the IP, then AD replication should take care of the rest. As Ossian said, don't do anything at the other sites unless you need to.

                https://technet.microsoft.com/en-gb/...=ws.10%29.aspx gives far more detail about AD and DNS than you would ever want to know, basically the process is that when the NETLOGON service starts on a DC it should check with DNS to ensure that it's SRV records are correctly registered. Once AD has replicated the chnages I'd go in and manually check that all of the NS records are correct as sometimes I've seen the old ones remain.
                ok, so the steps below can be executed in one day without having to turn off the other DC for one or more days ?

                Changing Win2k3 IP address:
                1. Turn off / shutdown the Win2k12R2 server & unplug the network cable.
                2. Change IP address (to match the Win2k12R2 IP).
                3. Open Command prompt and then run ipconfig /registerdns command.
                4. Restart the NETLOGON service on the current Win2k3 server.
                5. Open Command prompt and then run dcdiag /fix command.
                6. Check the AD/DNS replication and for any other error.
                Changing Win2k12R2 IP address:
                1. Turn on the Win2k12R2 server without the network cable connection.
                2. Change IP address (to match the Win2k3 IP).
                3. Connect the network cable to the Win2k12R2 server NIC.
                4. Open Command prompt and then run ipconfig /registerdns command.
                5. Restart the NETLOGON service on the current Win2k3 server.
                6. Open Command prompt and then run dcdiag /fix command.
                7. Check the AD/DNS replication and for any other error.
                is there anything that I need to be aware or I missed any important steps ?

                Comment

                Working...
                X