How to change the IP address of a domain controller

Hello All,

Hope this post finds you in good health and spirit.

A domain controller (DC) is an important element of your IT architecture. Because of its importance inside the domain, every change to its IP address must be done carefully. The server’s address is statically allocated to the DC. However, you may be forced to update the IP address of the DC at times—for example, if the Ip system on the local subnet changes. Any changes to the DC can interrupt services and have an impact on your operations, therefore there are a few things you should check before altering the IP address. Here’s a checklist to help you get started.

Pre-change checklist

Have multiple domain controllers.

It is suggested that you have several domain controllers and an Active Directory backup. This is done so that if the primary DC fails, the secondary DC may still be used. Substantial adjustments are not advised if you only have one DC. You may use the following command to look for additional DCs in your domain:

Get-ADDomainController -filter * | select hostname, domain, forest

Check FSMO roles

Another thing to look for is if the primary DC is performing Flexible Single-Master Operation (FSMO) tasks. Run the following command to verify this:

netdom query fsmo

If the primary DC is running FSMO roles, the FSMO roles must be moved to another DC on the same site to avoid interruptions in authentication services. Any additional services that have been manually setup on the server must also be relocated to the secondary DC.

Examine the roles and features that have been installed.

Before updating your DC’s IP address, you should examine what services are running on it. Any changes to the IP address might create a disruption if the DC is operating services such as the DHCP server or web server. To avoid this, use the following command to verify the existing roles and features:

Get-WindowsFeature | Where-Object {$_. installstate -eq "installed"}

Verify the DC and DNS are in good working order.

To minimise replication or DNS difficulties, it is advisable to confirm that your DC is in good health before making any IP changes. You may use the following command to verify the health of your DC:

DCDIAG

While the dcdiag command does not test the DNS by default, you can use the following command to determine DNS health:

dcdiag /test:dns /v

Start the Windows Best Practices Analyzer.

To avoid any potential difficulties during migration, utilize the Best Practices Analyzer tool to identify any mis-configurations based on Microsoft’s best practices. Because the tool is not always reliable, double-check the findings while reading the scan results.

Subnet should be changed.

You intend to change the subnet, you must update the helper address on your switch or firewall. In addition, you must add the new subnet to Active Directory Sites and Services.

Update the firewall rules

Before changing a domain controller’s IP address, you may need to adjust the rules of your network firewalls and Windows-based firewalls to allow traffic to the DC’s new IP address.

Plan the IP address change.

When changing the IP address of the domain controller, this is a recommended practise to follow. No matter how well you plan, there is always the possibility of anything going wrong while changing the IP address. Arranging the IP change allows you to have a maintenance window to address any difficulties that may arise.

How to Change a Domain Controller’s IP Address

When you’ve completed the pre-change checklist, you can change the domain controller’s IP address. Here’s how it’s done:

1. Log on locally to the server using console access. Don’t use RDP or remote access.
2. Right-click the network icon in the bottom-right corner of the taskbar.
3. Select Open Network and Sharing Center > Change adapter settings. Alternatively, you can press the Windows key + R, type ncpa.cpl into the box, and hit Enter.
4. On the Network Connections screen, right-click the network adapter for which you want to change the IP address and select Properties from the menu.
5. In the Ethernet Properties dialog box, scroll down the list and double-click Internet Protocol Version 4 (TCP/IPv4).
6. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, change the IP address.
7. If required, change the subnet mask and default gateway.
8. Change the primary DNS server entry to the new IP address for the DC, especially if the DC is the only DNS server in the domain. The Preferred DNS server should point to another DNS on the same site, while the Alternate DNS server should be the loopback address (127.0.0.1).

How to register the domain controller’s new IP address

Once you’ve changed the IP address of the domain controller, you will need to register the new IP address. To do so, run the following commands in elevated Command Prompt or PowerShell one after the other:

1. ipconfig /flushdns
   • This will clear any cached DNS entries.
2. ipconfig /registerdns
   • This ensures that the new IP address is registered by the DNS server.
3. dcdiag /fix
   • This ensures that the Service Principal Name (SPN) records are registered and that all tests are passed successfully.

Post-change checklist

After you’ve successfully changed the IP address of your domain controller, here are a few things you need to ensure:

1. Update services, servers, and client machines, such as:

• DHCP settings if the DC is also a DNS server.
• Active Directory Sites and Services if the subnet address was changed.
• Clients that use a static IP address.
• The DC’s network interface controller settings, if required.
• Firewall rules.

2. Check for any issues: Run the dcdiag and dcdiag /test:dns /v commands.If a client system seems to be having issues, you may need to flush the ipconfig /flushdns command.
3. Verify that the DNS is working: Use nslookup or other DNS lookup tools.
4. Test authenticating to the DC: Manually set a client’s IP DNS setting to the IP of the DC or specify the authentication server using PowerShell.

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post. Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them.

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.