How do I replace one Domain Controller server with another and keep IP address?
-
@magicmarker said in How do I replace one Domain Controller server with another and keep IP address?:
@JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:
Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.
Cleanup DC1 references.
Spin up new DC3 using IP of DC1.
DC2 already holds the FSMO roles. No need to migrate. I'm having a hard time understanding why it's crazy to want to keep the same IP address. Changing the IP address is more crazy to me. I feel it would be more disruptive to change the IP address. The server DC1 has been a DC for more than 20+ years. Finding the devices and equipment that are using the IP address is more work than keeping the IP address.
It is because of the amount of effort required to do it relative to the opportunities for issues is not a great trade off from a domain health perspective. It is going to be disruptive to your devices to re-ip. However, missing references in AD to the old device can play merry, almost undiagnosable, hell with your environment...potentially.
-
@magicmarker said in How do I replace one Domain Controller server with another and keep IP address?:
@JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:
Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.
Cleanup DC1 references.
Spin up new DC3 using IP of DC1.
DC2 already holds the FSMO roles. No need to migrate. I'm having a hard time understanding why it's crazy to want to keep the same IP address. Changing the IP address is more crazy to me. I feel it would be more disruptive to change the IP address. The server DC1 has been a DC for more than 20+ years. Finding the devices and equipment that are using the IP address is more work than keeping the IP address.
It should not be difficult. The only things that should be have that IP hard coded anywhere are devices with a static IP, and thus static DNS settings.
You have to know what those are. If you do not, you have much larger problems.
Anything stuck resolving DC1 by name to that IP needs to fail.
-
Well, I'm glad I have this forum to bounce ideas off. I will plan to take everyone's advice and just promote a new Windows 2016 DC with a new name and new IP and demote the Windows 2008R2 DC1. I should be able find all the devices that have the DC1 IP address hard coded.
-
@magicmarker said in How do I replace one Domain Controller server with another and keep IP address?:
Well, I'm glad I have this forum to bounce ideas off. I will plan to take everyone's advice and just promote a new Windows 2016 DC with a new name and new IP and demote the Windows 2008R2 DC1. I should be able find all the devices that have the DC1 IP address hard coded.
Once you get the devices with static IP settings taken care of, you can change the IP of the new DC without issue. It's supported and I have done it multiple times on 2012 — 2019 without issue.
The biggest surprises in my experience were network switches that had static settings, so check those too. Also make sure your dhcp server settings reflect what you want the dhcp clients to have. Your other DC, check that. Your client devices should be dynamic, but you never know.
-
What I have done in the past is this:
- Make sure DC2 has DNS installed and working properly (DNS, FSMO, Global Catalog).
- Update DHCP to hand out DC2 as the primary DNS Server (Wait a day or two)
- Demote DC1
- Install New Server OS reusing DC1's Name and IP address.
- Done.
I had to do this for a Domain at my last job more times than I cared to count (when I started, we had a Whitebox for that domain controller).
Going forward, you may want to consider any devices (aside from switches and DCs) be assigned a Static DHCP Lease, so you don't have to worry about having to manually change DNS and such quite so much.
-
@dafyre said in How do I replace one Domain Controller server with another and keep IP address?:
aside from switches
Why does a switch need a static IP? They don't even need a reservation unless you simply want them in a certain place for human organization.
-
@JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:
@dafyre said in How do I replace one Domain Controller server with another and keep IP address?:
aside from switches
Why does a switch need a static IP? They don't even need a reservation unless you simply want them in a certain place for human organization.
Umm... Management? Can't have 192.168.50.10 be the core switch today and have it be some small switch in a rarely visited closet next week.
Reservations for switches would work fine for that as well.
-
@dafyre said in How do I replace one Domain Controller server with another and keep IP address?:
Umm... Management? Can't have 192.168.50.10 be the core switch today and have it be some small switch in a rarely visited closet next week.
Who cares? How much are you changing things?
-
@JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:
@dafyre said in How do I replace one Domain Controller server with another and keep IP address?:
Umm... Management? Can't have 192.168.50.10 be the core switch today and have it be some small switch in a rarely visited closet next week.
Who cares? How much are you changing things?
Changing? Very little. Monitoring? Always.... But that derails this thread a bit.
-
I wanted to update this post for anyone searching this in the future. After I actually went through all the devices that would have a hard coded static IP address, I was only presented with a list 15 devices throughout my entire infrastructure (5 branch offices). The list does not include server VM DNS entries though. Updating the DNS settings on the hard coded devices is definitely a better route than what I was trying to originally accomplish by keeping the original DC IP address. Attempting a work around with Active Directory would potentially cause much more chaos. Updating 15 devices and server IP DNS entries is going to take me less than an hour. So take the advice in this post as long as you know your network.
