• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Moving a domain controller?

Chiefcrowe

Chiefcrowe

Diamond Member
So, I found out I have to move a domain controller and unfortunately there is no other options because a certain part of the network is being decommissioned.
So, it needs a new IP address. Has anyone gone through this? I'm not sure the best way to change IPs on a domain controller would be ...
thank you!
 
I don't believe there is much too it, you change the IP and reboot. DNS should update provided you have it set to register DNS automatically. Clients may need to flushdns cache, so I might set the TTL on DNS lower for the day or do the switch on a weekend.

It should be pretty straight forward provided you dont have static IP mappings like file/printer shares.
 
dawks said:
I don't believe there is much too it, you change the IP and reboot. DNS should update provided you have it set to register DNS automatically. Clients may need to flushdns cache, so I might set the TTL on DNS lower for the day or do the switch on a weekend.

It should be pretty straight forward provided you dont have static IP mappings like file/printer shares.
Click to expand...
Kinda what I was thinking. Shouldn't have to be too big of a deal. I've never had to do it, but Domains work off of DNS by name not IP, so as long as DNS stays up to date shouldn't be much of an issue. Especially if you have multiple DC's at the site. clients should be able to hit the other DC and you'd see replication issues in the logs long before you had any major issues.
 
As long as DHCP is being used and the old server address is not hardcoded you will be ok.

Otherwise you will need to hunt down the static ones.
 
Well there are some things. Like DHCP uses IP address for DNS servers. So if this dc is a dns server you could run into an issue there. Just double check things like that, that may be looking to the dc based on IP. Changing the IP of the dc itself is not a big deal, but some things like dhcp may be looking for an ip of the dc based on a role it has.
 
Prep work: (basics only) IF you have other apps WSUS / Print servers / WDS you need to deal with those.
DHCP (if enabled) remove old scope(s) if the moved DC will be providing DHCP going forward add new scope, otherwise remove the scope.
DNS after an IP change you sometimes need to go in the config and verify it "took" the new address. Prior to the move reset the TTL of the moving server to something short like 5 minutes. Wait longer than the original TTL for the new TTL to replicate out.
WINS (if your still using it move on past 1985) clear the cache
Shutdown DC
Move to new Network
Boot machine
Change IP/DNS etc
Allow the machine to register DNS.
Verify DNS is talking to its sibling DNS servers
Verify again DNS is working. Reset TTL to something sane (use the old number)
Force an AD replication.
Launch Sites and Services, verify that the server has moved in the correct site. If not move it on your own.
Force an AD replication
Enable DHCP (if required)

Once DNS updates printer services and other DNS based systems will begin to function (you do use DNS names right? If not.... get busy manually configuring clients)

Should be good to go.
 
Last edited:
Thanks everyone for replying. I've never done this so it's a bit daunting.

more info:

This server is a DNS server as well (along with the 2nd DC) so will that change anything I need to do?

yes we use DNS names for everything. This is an older domain (win2K), and i would get rid of it but i'm not quite ready to do that.
 
Is there a second DNS server? If so, then still shouldn't be too big of a deal. You'll just need to change the IP of this DNS in the DHCP settings.
 
Chiefcrowe said:
Thanks everyone for replying. I've never done this so it's a bit daunting.

more info:

This server is a DNS server as well (along with the 2nd DC) so will that change anything I need to do?

yes we use DNS names for everything. This is an older domain (win2K), and i would get rid of it but i'm not quite ready to do that.
Click to expand...

First things first. 1. Make sure the DC that is not being moved has all 5 FSMO roles (critical) 2. Second thing I would do is schedule a shutdown of the DC you plan to move to see if anything breaks (sanity check - job protection) 3. Run a full Backup of both DCs Basically the above three things are done and confirmed, this DC becomes redundant and you can plan your move accordingly. Remember all the clients using DHCP need to be updated either from the scope or manually. This doesn't look too bad tbh especially if done over the weekend. Best of luck o/
 
power_hour said:
First things first. 1. Make sure the DC that is not being moved has all 5 FSMO roles (critical) 2. Second thing I would do is schedule a shutdown of the DC you plan to move to see if anything breaks (sanity check - job protection) 3. Run a full Backup of both DCs Basically the above three things are done and confirmed, this DC becomes redundant and you can plan your move accordingly. Remember all the clients using DHCP need to be updated either from the scope or manually. This doesn't look too bad tbh especially if done over the weekend. Best of luck o/
Click to expand...

You can move the FSMO role holder. It doesn't affect the domain. I have done it with out issue. The key thing is DNS. You will have tons of issues if DNS is broken. That is why you reset TTL's to a much shorter time. You will have issues if the TTL is say 8 days and you move it over the weekend until a) the ttl expires or b) you do a ipconfig /flushdns on the clients and servers.

I do like the shutdown and see what break approach but you have to becareful because if you take the FSMO holder down certain types of updates can't occur and will give you "false errors"
 
Not to thread jack, but I wish to virtualize my DC. Is there a decent way of moving the actual data/config from one instance of WS to another? I won't be switching IPs.
 
jsedlak said:
Not to thread jack, but I wish to virtualize my DC. Is there a decent way of moving the actual data/config from one instance of WS to another? I won't be switching IPs.
Click to expand...

Boot the DC to active directory services restore mode.
P2V it
Shutdown main host.
Boot the VM to active directory services restore mode.
install tools (which ever) in VMware you disable time sync between the host and VM and set the time, not sure is xen / hyperv need that or not.
reboot
DC is now virtual. Just never boot the old one after that point.
 
phoenix79 said:
Is this your primary or only DC?
Click to expand...

imagoon said:
Boot the DC to active directory services restore mode.
P2V it
Shutdown main host.
Boot the VM to active directory services restore mode.
install tools (which ever) in VMware you disable time sync between the host and VM and set the time, not sure is xen / hyperv need that or not.
reboot
DC is now virtual. Just never boot the old one after that point.
Click to expand...

Only DC and acts as the VM host.
 
never P2V AD role servers. It's unsupported by microsoft - it can be done - it is extremely hard and will end up making a mess. better to build new AD servers in the VM's and demoting the servers and decomission them.
 
Emulex said:
never P2V AD role servers. It's unsupported by microsoft - it can be done - it is extremely hard and will end up making a mess. better to build new AD servers in the VM's and demoting the servers and decomission them.
Click to expand...

Not true in the least. The method I listed is how MS recommends you move an AD server in to HyperV. Same process works fine on ESXi.
 
jsedlak said:
I figured - is there a way to move the configuration and data onto a new instance of WS? Kind of like a replication of the roles?
Click to expand...

If it is the sole DC and the vm host... I would move the VM's off it to another server, then P2v the old server in AD recovery mode, and put the hypervisor on the first server if it supported it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top