Methods to change IP Deal with of Area Controller

As an IT administrator, you could be confronted with the problem of tips on how to change the IP handle of a Area Controller in your community. The DC is a mission-critical IT infrastructure, you could be on the lookout for greatest practices on how one can accomplish this activity — this publish presents a walkthrough of the method concerned earlier than, throughout, and after.

Methods to change the IP Deal with of Area Controller

Though area controllers will be configured to receive an IP handle from DHCP, it’s greatest follow to configure a static IP handle in order that it may be reliably found throughout the community. It’s possible you’ll want to vary the IP handle of a DC for one motive or one other – for instance, when there’s a change of IP addressing scheme on the native subnet. Understand that any modifications to a website controller can doubtlessly disrupt companies and influence enterprise operations.

That stated, assuming the DC just isn’t internet hosting some other server roles, altering the IP handle is pretty an easy and unchallenging course of similar to assigning a static IP to a Home windows 11/10 consumer machine. We’ll focus on this subject below the next subheadings:

1. Pre-change Guidelines
2. Change the IP Deal with of a Area Controller
3. Register the Area Controller’s new IP Deal with
4. Put up-change Guidelines

Let’s see the outline of the 4-step course of concerned in efficiently finishing up this activity.

1] Pre-change Guidelines

It’s essential to plan & schedule the IP change throughout your upkeep window, as there may be all the time a possible that issues would possibly go awry. Additionally, ensure any supposed modifications are communicated forward of time. Earlier than you proceed with the area controller IP handle change correct, you could have to run by means of this pre-change guidelines and be sure to tick all of the packing containers. Relying in your case state of affairs or setup, you could have different duties so as to add as this isn’t an exhaustive record. The next outlines the essential and normal pointers for many setups.

• Test for a number of Area Controllers: For catastrophe restoration causes, it’s best follow to have a number of area controllers as making main modifications to area controllers when you have a single area controller can break the server. On this case, you’ll be able to nonetheless function from a secondary DC. Additionally, ensure to again up the Energetic Listing. To get an inventory of all area controllers in your area, run the command under:

Get-ADDomainController -filter * | choose hostname, area, forest

• Test FSMO Roles: You’ll want to test if the supposed DC hosts any Versatile Single Grasp Operations (FSMO) roles. To do that, run the command under:

netdom question fsmo

If from the output, the DC is working FSMO roles, you’ll have to transfer the FSMO roles to a different area controller that’s on the identical web site. This motion will assist keep away from disruption to authentication companies. You’ll additionally want to maneuver any companies which can be manually configured to the server.

• Test Put in Roles and Options: You’ll be able to test if the DC is working companies like a DHCP server or an online server. You’ll be able to test the Management Panel for put in software program, and you may test the established roles and options on the server by working the command under:

Get-WindowsFeature | The place-Object {$_. installstate -eq "put in"}

If the output exhibits the DC is working some important companies like DHCP and DNS, you will have to contemplate this when altering the IP handle. You need to use Wireshark to determine what methods are pointing to your area controller for numerous companies like DNS, DHCP, and so forth.

Learn: Methods to take away Roles and Options in Home windows Server

• Test the well being of the Area Controller and DNS: You’ll want to be sure that your area controller is wholesome earlier than making the IP change. In any other case, you could encounter DNS or replication points. To test the well being of the DC, run the command under:

dcdiag

With the DCDiag, you’ll be able to run about 30 totally different well being checks on a website controller and take a look at DNS settings, replication well being, errors, and extra. By default, dcdiag doesn’t take a look at DNS. So, to run an entire take a look at on DNS, execute the command under and ensure the server passes all assessments and the identify decision SRV file is registered.

dcdiag /take a look at:dns /v

Learn: An error occurred whereas attempting to configure this machine as a DC

• Run Finest Practices Analyzer: To keep away from any potential migration points. you’ll be able to run the Finest practices Analyzer (BPA) which might help discover configuration points in keeping with Microsoft greatest practices. After you run the BPA software, evaluation the scan outcomes, however remember that the software just isn’t all the time correct, so you want to double-check its findings. Additionally, any errors or warnings don’t imply your migration will fail. This software is accessible for obtain at Microsoft.com.
• Altering Subnets and Firewall guidelines: If you’ll be altering to a brand new subnet and the DC server additionally runs DHCP, you will have to replace the helper handle in your change or firewall. And add the brand new subnet to Energetic Listing Websites and Providers. It’s possible you’ll have to replace the principles to your community firewall and Home windows-based firewalls. For instance, you could have guidelines on the community firewall that restrict community entry for important servers like area controllers. On this case, you would possibly have to replace the firewall guidelines to allow visitors to the brand new DC IP.

Learn: What’s Subsequent-Era Firewall (NGFW)?

2] Change the IP Deal with of a Area Controller

Now that you’ve accomplished the pre-change guidelines, you’ll be able to proceed to vary the IP Deal with on the area controller by following these steps:

• Go online regionally to the server for console entry (don’t RDP or use distant entry).
• Proper-click the community icon within the backside proper of the taskbar.
• Choose Open Community and Sharing Middle from the menu.
• Within the Community and Sharing Middle, click on Change adapter settings.
• Alternatively, you’ll be able to press the Home windows key + R, and sort ncpa.cpl into the field and hit Enter.
• On the Community Connections display, right-click the community adapter for which you wish to change the IP handle.
• Choose Properties from the menu.
• Within the Ethernet Properties dialog field, scroll down the record and double-click Web Protocol Model 4 (TCP/IPv4).
• Within the TCP/IPv4 dialog field, change the IP handle.
• Change the Subnet masks and Default gateway if required.

Word: Change the first DNS server entry to the DC’s new static IP handle if the DC can also be the one DNS server within the area. And as per Microsoft greatest follow, the primary entry for the DNS server, that’s the Most popular DNS server IP handle ought to level to a different DNS server on the identical web site, whereas the Alternate DNS server IP ought to specify the loopback or LocalHost handle.

• Click on OK to proceed.
• Click on OK within the Ethernet Properties dialog field.
• Shut the Community and Sharing Middle.

Learn: Can not change Static IP handle & DNS server on Home windows 11/10

3] Register the Area Controller’s new IP Deal with

As soon as finished with the DC IP handle change, the next move is to empty the native DNS cache and register the DC’s new IP handle in DNS. Do the next:

• In elevated Command Immediate or PowerShell, run the next instructions one after the opposite:

ipconfig /flushdns

This command will take away any cached DNS entries created by the native DNS resolver.

ipconfig /registerdns

This command will guarantee the brand new IP handle is registered by the DNS server.

dcdiag /repair

This command will replace Service Principal Title (SPN) information and test that each one the assessments are handed efficiently.

• Exit Home windows Terminal when finished.

Learn: RSAT set up failed on Home windows 11/10

4] Put up-change Guidelines

As you could have efficiently modified the IP handle of your area controller, you’ll be able to full the next duties.

• Replace companies, servers, and consumer machines: DHCP settings will have to be modified if the DC can also be a DNS server to ensure area members decide up the DNS server’s new IP handle. If the subnet handle modifications then ensure AD Websites and Providers are up to date. Replace purchasers that use the static IP handle. Replace different DC’s NIC settings and firewall guidelines (if wanted). Altering the IP handle on the DC mustn’t have an effect on any shares on the server so long as DNS is up to date.
• Test for points and flush the native DNS cache: You’ll be able to run the instructions dcdiag and dcdiag /take a look at:dns /v to test for points. It’s possible you’ll have to run the command ipconfig /flushdns to clear the native DNS cache on all member servers and purchasers joined to the area or reboot them in order that they resolve the brand new IP handle to find the DC. You might have to resolve DNS points on the Home windows 11/10 consumer machines.
• Check authenticating to the DC and confirm DNS is working: You’ll be able to take a look at authenticating to the DC by manually setting a consumer IP DNS setting to the IP of the DC or specify the authentication server utilizing PowerShell. To confirm if DNS is working, you need to use any of the free DNS Lookup Instruments & On-line companies.

Learn: Repair Nslookup works however Ping fails in Home windows 11/10

• Monitor previous IP with Wireshark: You’ll be able to proceed to observe to search out methods which can be nonetheless utilizing the previous IP of the DC so that you could take crucial actions. You are able to do this by Port Mirroring (SPAN Swap Port Analyzer) or assign the DCs previous IP to a pc with Wireshark put in.

That’s it!

These posts would possibly curiosity you:

How do I alter my area IP handle to Home windows 10?

To vary the area IP handle in your Home windows 11/10, merely change the IP handle on DC and run the next command to make the modifications take impact: Sort ipconfig /flushdns and hit Enter. Sort Web Cease DNS and click on Enter. Lastly, kind Web Begin DNS and click on Enter.

Does Area Controller want static IP?

Area controllers will be configured to acquire an IP handle from DHCP, however it’s greatest follow to configure a static IP handle. You’ll be able to configure the machine to make use of a DNS server. If you happen to’re creating a brand new area or forest, you could not want this step if the system will change into a DNS server in addition to a website controller.

Ought to DHCP be on Area Controller?

Area controllers don’t require the DHCP Server service to function and for increased safety and server hardening, it is suggested to not set up the DHCP Server position on area controllers, however to put in the DHCP Server position on member servers as a substitute.

Learn: Repair Unable to contact your DHCP Server error on Home windows.