How do I replace one Domain Controller server with another and keep IP address?



  • I have 2 Domain Controllers on my network. Call them DC1: 192.168.1.10 and DC2: 192.168.1.11. I want to replace DC1 running Windows 2008R2 with a new Windows 2016 server and keep the IP address. DC1 is only running Active Directory and nothing else. DC2 (Windows 2012R2) has the FSMO and DHCP server roles. I would like to present my punch list to see if I got the migration steps correct to replace DC1 with a new Windows 2016 Domain controller and keep the IP address.

    • Check health of domain with dcdiag and correct any issues displaying errors.

    • Spin up new Windows 2016 server VM, join to domain, and install Active Directory services. The IP Address on install will be different than DC1. Let’s go with name DC3 and IP address 192.168.1.12.

    • Wait 5 business days (Mon-Fri) for AD Replication to fully propagate to DC3.

    • After 5 business days start preparation to remove DC1 out of domain during the weekend.

    • Remove DC1 IP address 192.168.1.10 from DNS Zone Replication List (Name Servers)

    • Decommission DC1 out from domain via dcpromo

    • Change DC1 (now stand-alone server) to a new IP address such as 192.168.1.13

    • Change IP address 192.168.1.12 on new DC3 to DC1 old IP address of 192.168.1.10

    • Reboot new DC3 server

    • Reboot DC2 server

    • Re-add original DC1 IP (now DC3) IP address to DNS Zone Replication List (Name Servers)

    • Cleanup AD meta data via AD Sites and Services or Ntdsutil.exe command line tool to remove any existing entries of DC1.

    • Add DNS A record to point decommissioned DC1 server name to 192.168.1.10 - Optional

    Summary:
    DC1 (Win2008R2)-> 192.168.1.10 (AD/DNS only) -> 192.168.1.13 -> Shutdown indefinitely
    DC2 (Win2012) -> 192.168.1.11 (FSMO & DHCP roles)
    DC3 (Win2016) -> 192.168.1.12 -> 192.168.1.10 (new AD/DNS server)

    These are notes from when I replaced a Windows 2003 DC to the Windows 2008R2 DC. It seems these steps should still work.



  • Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.

    Cleanup DC1 references.

    Spin up new DC3 using IP of DC1.



  • Now why the hell you would want to do this is just crazy. This is a waste of time. Nothing should be bound to the IP of DC 1 except maybe some DNS entries on a few static IP based devices. That is not a reason to want to do anything like this IMO.



  • @magicmarker
    What @JaredBusch said 🙂 +make sure DC2 is a global catalog before demoting DC1.
    Regarding replication, as I don't like to wait I would use repadmin to be sure replication is completed instead of waintg for x business days.



  • @JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:

    Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.

    Cleanup DC1 references.

    Spin up new DC3 using IP of DC1.

    DC2 already holds the FSMO roles. No need to migrate. I'm having a hard time understanding why it's crazy to want to keep the same IP address. Changing the IP address is more crazy to me. I feel it would be more disruptive to change the IP address. The server DC1 has been a DC for more than 20+ years. Finding the devices and equipment that are using the IP address is more work than keeping the IP address.



  • @magicmarker said in How do I replace one Domain Controller server with another and keep IP address?:

    @JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:

    Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.

    Cleanup DC1 references.

    Spin up new DC3 using IP of DC1.

    DC2 already holds the FSMO roles. No need to migrate. I'm having a hard time understanding why it's crazy to want to keep the same IP address. Changing the IP address is more crazy to me. I feel it would be more disruptive to change the IP address. The server DC1 has been a DC for more than 20+ years. Finding the devices and equipment that are using the IP address is more work than keeping the IP address.

    It is because of the amount of effort required to do it relative to the opportunities for issues is not a great trade off from a domain health perspective. It is going to be disruptive to your devices to re-ip. However, missing references in AD to the old device can play merry, almost undiagnosable, hell with your environment...potentially.



  • @magicmarker said in How do I replace one Domain Controller server with another and keep IP address?:

    @JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:

    Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.

    Cleanup DC1 references.

    Spin up new DC3 using IP of DC1.

    DC2 already holds the FSMO roles. No need to migrate. I'm having a hard time understanding why it's crazy to want to keep the same IP address. Changing the IP address is more crazy to me. I feel it would be more disruptive to change the IP address. The server DC1 has been a DC for more than 20+ years. Finding the devices and equipment that are using the IP address is more work than keeping the IP address.

    It should not be difficult. The only things that should be have that IP hard coded anywhere are devices with a static IP, and thus static DNS settings.

    You have to know what those are. If you do not, you have much larger problems.

    Anything stuck resolving DC1 by name to that IP needs to fail.



  • Well, I'm glad I have this forum to bounce ideas off. I will plan to take everyone's advice and just promote a new Windows 2016 DC with a new name and new IP and demote the Windows 2008R2 DC1. I should be able find all the devices that have the DC1 IP address hard coded.



  • @magicmarker said in How do I replace one Domain Controller server with another and keep IP address?:

    Well, I'm glad I have this forum to bounce ideas off. I will plan to take everyone's advice and just promote a new Windows 2016 DC with a new name and new IP and demote the Windows 2008R2 DC1. I should be able find all the devices that have the DC1 IP address hard coded.

    Once you get the devices with static IP settings taken care of, you can change the IP of the new DC without issue. It's supported and I have done it multiple times on 2012 — 2019 without issue.

    The biggest surprises in my experience were network switches that had static settings, so check those too. Also make sure your dhcp server settings reflect what you want the dhcp clients to have. Your other DC, check that. Your client devices should be dynamic, but you never know.



  • What I have done in the past is this:

    • Make sure DC2 has DNS installed and working properly (DNS, FSMO, Global Catalog).
    • Update DHCP to hand out DC2 as the primary DNS Server (Wait a day or two)
    • Demote DC1
    • Install New Server OS reusing DC1's Name and IP address.
    • Done.

    I had to do this for a Domain at my last job more times than I cared to count (when I started, we had a Whitebox for that domain controller).

    Going forward, you may want to consider any devices (aside from switches and DCs) be assigned a Static DHCP Lease, so you don't have to worry about having to manually change DNS and such quite so much.



  • @dafyre said in How do I replace one Domain Controller server with another and keep IP address?:

    aside from switches

    Why does a switch need a static IP? They don't even need a reservation unless you simply want them in a certain place for human organization.



  • @JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:

    @dafyre said in How do I replace one Domain Controller server with another and keep IP address?:

    aside from switches

    Why does a switch need a static IP? They don't even need a reservation unless you simply want them in a certain place for human organization.

    Umm... Management? Can't have 192.168.50.10 be the core switch today and have it be some small switch in a rarely visited closet next week.

    Reservations for switches would work fine for that as well.



  • @dafyre said in How do I replace one Domain Controller server with another and keep IP address?:

    Umm... Management? Can't have 192.168.50.10 be the core switch today and have it be some small switch in a rarely visited closet next week.

    Who cares? How much are you changing things?



  • @JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:

    @dafyre said in How do I replace one Domain Controller server with another and keep IP address?:

    Umm... Management? Can't have 192.168.50.10 be the core switch today and have it be some small switch in a rarely visited closet next week.

    Who cares? How much are you changing things?

    Changing? Very little. Monitoring? Always.... But that derails this thread a bit.



  • I wanted to update this post for anyone searching this in the future. After I actually went through all the devices that would have a hard coded static IP address, I was only presented with a list 15 devices throughout my entire infrastructure (5 branch offices). The list does not include server VM DNS entries though. Updating the DNS settings on the hard coded devices is definitely a better route than what I was trying to originally accomplish by keeping the original DC IP address. Attempting a work around with Active Directory would potentially cause much more chaos. Updating 15 devices and server IP DNS entries is going to take me less than an hour. So take the advice in this post as long as you know your network.


Log in to reply