Change IP addresses in Active Directory with two Domain Controlers

[P. Prosper]

Hello,
I have a small network (28 nodes) with two win2000 domain controllers
running Active Directory with DNS and DHCP enable on one of the domain
controllers.
I have to change the IP addresses being used on the network from
100.100.100.xxx to 192.168.1.xxx.

Your advice would be appreciated on the correct strategy to make the changes
: Will the following approach work ?

1- Shutdown Server B
2- Change IP address of Server A
3- Change DHCP address pool and DNS settings
4- Say a prayer ?
5- Boot Server B , Change IP address and reboot

Any help/ suggestion will be greatly appreciated.

 

[ptwilliams]

Here's my take on it:

1. Change the IP address and restart the netlogon service.
2. Delete the wrong records from DNS, and if a standard A record isn't
present, type "ipconfig /registerdns" at the command prompt.
3. Now do the DHCP
4. Pray if you want, but this shouldn't be a big deal...

Don't bother shutting down B. Just change the IP and perform point 1 (and
possibly 2) as well...

Alternatively you can not delete any records and run the scavenge routine
after everything has finished.


Paul.
_______________________________

 

[M]

Here's what I did:
Change the DHCP lease time to a very short period, like an hour or two, and
wait for all the nodes to refresh the lease. Depending on the origianal
lease time, you may need to let them sit for a while. It will create more
network traffic in the interim, but will set the stage for the new IP scope.
I'm assuming you would perform this after hours, so leave the computers on
in the evening. Change the IP address on both servers, and make sure they
can see each other for AD's sake, then the DHCP scope. Delete the old
workstation entries in DHCP management if needed, and wait. When the
workstations check in at the lease half life, it should retrieve the new
scope info to the workstation, and update the DHCP / DNS tables accordingly
on the servers. If necessary, you can go in and reload the zone, or just
delete the DNS entries that still have addresses from the old IP space. Then
change your scope back to whatever lease time you want.

Hope this helps.
Mark

 

[P. Prosper]

Thank you both Paul and Mark for you prompt replies.
My fear was that the two DC would stop seeing each other. It seems it should
not be a complicated process.

Thanks

 

[Hank Arnold]

Others have addressed the issue of implementing the change.

However, I'd like to suggest you think about a subnet other than
192.168.1.xxx. Even 192.168.2.xxx, just avoid the ".1" part. When I took
over support of the domain we have at a local Hospice, I found that they had
used the 192.168.1.xxx subnet to set it up (also named a server "SERVER",
but that's another issue). Last year, we started setting up satellite
offices with broadband and a low-end LinkSys router to allow multiple access
points to the internet. Users could connect to our Citrix servers using an
ICA client over the internet and nurses could synchronize their laptops with
our database server using a VPN tunnel. The nurses were able to establish
the tunnel, but were unable to synchronize their laptops. Turns out that the
router automatically assigns its local addresses as (you guessed it)
192.168.1.xxx.... We had to change the router so that it used a subnet of
192.168.2.xxx. Previously, we were unable to set up a VPN connection between
our network and a local hospital's because they used (are you ready?)
192.168.1.xxx.

The problem is that a whole lot of people setting up internal subnets will
use 192.168.1.xxx If you are ever in the position of wanting to connect
them, you will have problems. I know that the first reaction is "I have no
plans to connect....", but our so-called consultants made the same/wrong
assumption.

Just something to consider.....

 

[P. Prosper]

Many thank for your input,

I had thought of the problem paused by broadband routers using 192.168.1.xxx
since the DSL router installed by our ISP uses 192.168.1.1 to 192.168.1.5.
I had thought setting my IP scope from 192.168.1.20 and upward.

However you do have a point, this might be a problem if I ever need to
connect to other sites / partners.