First, reference back to my first post on Domain Controller IP/Subnet changes. The nice thing about changing IP addresses on DCs in a larger environment, is that it’s actually easier. I have to keep this one quick for now, but will expand based on comments, which you all seem pretty good at leaving (and thank you!). Please, PLEASE refer back to the first post – this one is only an expansion on that one.
- Same as before: why are you changing IPs? In larger environments, I do this because of a physical move of just one site. If the networking team doesn’t have the new subnet up and routing, don’t start!
- Make sure the new site (if required) is set up in AD. If I’m moving DCs from one physical location to another, I will build a new site, rather than re-using the old one, because the new site often has better connectivity, so the site link costs are changing.
- Add the new IP to the DC you’re moving (DC01 for this). Same as before: don’t remove the old one, just add the new.
- On DC01, do the following to verify registration worked:
ipconfig /registerdns
Wait a few minutes.
nslookup
server DC01
set type=A
DC01.foobar.local
foobar.local
server DC02
DC01.foobar.local
foobar.local
The answers from DC01 and DC02 should be the same, with possibly different orders. The important thing is that the new IP address and the old IP address show up for both queries on both servers. - Shut down DC01, pack it up and move it. (Or just plug it into the new network.)
- Boot up, verify that DC01 has network connectivity, and that other systems can see that it has the new IP.
- If you haven’t, make the new IP primary (change order in Network settings), make sure the DNS and WINS servers are correct and reachable (Remember that Windows 2003 DNS should point to itself).
- Once verifying that AD is replicating across sites properly (up to 15 minutes in my experience), remove the old IP,
ipconfig /registerdns, and reboot. - When it comes back up re-verify that AD is still replicating, and you should be set.
I would point out that when doing a change this big to your environment, reviewing your AD replication, DNS forwarding, and WINS topology is a good idea.
2012-01-17 at 15:34
Hi Robert,
This article is great. I moved multiple 2003, and 2008 servers to newly remodeled building. I was told to give up existing IP addresses. I didn’t have enough time to build a new site, so I have to re-use the old DC. I will be configuring new servers next month.
Thanks!
2012-12-12 at 11:27
I know this is an old thread but…what if you are moving BOTH DC’s to a new subnet? Can I change both at the same time or do I need to move one, verify replication, and then move the other?
2012-12-12 at 11:52
The key is having both IP addresses working on the DC simultaneously long enough for DNS replication of the AD-integrated zones.
I have found that AD works much better if you always have 1 DC available somewhere in the network. If that server has 2 IPs, that’s not terrible, and better than no DCs online. I hope that helps. Did you read the followup article on multi-dc changes?