Active Directory

Changing the IP Address of a Domain Controller

How do I change a domain controller’s IP address?

As a critical part of your IT infrastructure, domain controllers (DC) should be assigned a static IP address so that they can be reliably discovered across the network. Sometimes it’s necessary to change the IP address assigned to a DC, for instance when there’s a change of IP addressing scheme on the local subnet, and this process can cause some concern for administrators due to the critical nature of DCs. However, assuming the DC is not hosting any other roles, changing the IP address shouldn’t pose any serious difficulties.

Change the IP address

In this example, I’m going to change the IP address of a Windows Server 2012 DC. The server is additionally configured as the domain’s only DNS server.

  1. Open a command prompt by right-clicking the PowerShell icon on the desktop Task Bar and select Run as Administrator.
  2. Run DCDIAG and make sure the DC passes all the tests. If any problems are identified, they should be resolved before proceeding any further.
  3. Right-click the network icon in the bottom right of the Task Bar and select Open Network and Sharing Center from the menu.
  4. In the Network and Sharing Center, click Change adapter settings.
  5. On the Network Connections screen, right-click the network adapter for which you want to change the IP address and select Properties from the menu.
  6. In the Ethernet Properties dialog box, scroll down the list and double-click Internet Protocol Version 4 (TCP/IPv4).
  7. In the TCP/IPv4 dialog box, change the IP address (and subnet mask if required). In this example I will also change the primary DNS server entry to the DC’s new static IP address, as the DC is also the only DNS server in the domain. Click OK to continue.
  8. Click OK in the Ethernet Properties dialog box and then close the Network and Sharing Center.

Register the domain controller’s new IP address

Now the IP address has been changed, we need to empty the local DNS cache and register the DC’s new IP address in DNS.

  1. In the PowerShell box, run ipconfig /flushdns to remove any cached DNS entries created by the local DNS resolver.
  2. Run ipconfig /registerdns to ensure the new IP address is registered by the DNS server.
  3. Run dcdiag /fix to update Service Principal Name (SPN) records and check that all the tests are passed successfully.

Change DC IP address

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

DHCP settings will need to be changed if the DC is also a DNS server to make sure domain members pick up the DNS server’s new IP address. Don’t forget that you’ll either need to clear the local DNS cache on all member servers and clients joined to the domain or reboot them so that they resolve the new IP address to locate the DC.

If you have a distributed DNS infrastructure, you may need to wait for DNS information to replicate or force a replication. If present, subnet information in AD Sites and Services should be updated if the subnet addressing scheme is also modified. As with any major change you make to your production servers, you should test the procedure in a preproduction environment using servers with the same configuration as your production systems.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Changing the IP Address of a Domain Controller”

  1. <p>Hi. </p><p><br></p><p>I fis as spefied above</p><p>My DC is up but i can't access the shares Netlogon and Sysvol.</p><p>The other shares are accesable but the logon script doesn't execute.</p><p><br></p><p>Any idea?</p>

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

 
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: