| Author | Messages | |
groulder
Posts:43
 | | 03/10/2010 10:32 PM |
| hi all,
i'm curious if there's consequences to changing the ip address of an
established domain controller.
scenario is that i need to replace a windows 2003 dc in a windows 2000
native domain at a remote site and a requirement is that it keeps the
existing name and ip address. this is because the box is also a file server.
the way i've planned this is to promote the replacement server as a dc with
a temporary name and ip. then once i confirm it's promoted successfully, i'm
going to demote the existing dc and turn it off, followed by changing the ip
and name of the new server to the existing name.
the existing dc doesn't run dhcp nor does it have any fsmo roles. it does
however run ad integrated dns.
any feedback would be appreciated.
daniel.
| | | |
| bdesmond
Posts:977
| | 03/10/2010 10:34 PM |
| Should be fine - done this many times before.
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of daniel
Sent: Wednesday, March 10, 2010 4:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] changing ip address of dc
hi all,
i'm curious if there's consequences to changing the ip address of an established domain controller.
scenario is that i need to replace a windows 2003 dc in a windows 2000 native domain at a remote site and a requirement is that it keeps the existing name and ip address. this is because the box is also a file server. the way i've planned this is to promote the replacement server as a dc with a temporary name and ip. then once i confirm it's promoted successfully, i'm going to demote the existing dc and turn it off, followed by changing the ip and name of the new server to the existing name.
the existing dc doesn't run dhcp nor does it have any fsmo roles. it does however run ad integrated dns.
any feedback would be appreciated.
daniel.
| | | |
| mcasey
Posts:75
| | 03/10/2010 10:40 PM |
| Changing the IP shouldn't be a big deal. The part about juggling names seems unnecessary. Can you just stand up new server with new name, promote to DC, demote the old, turn off, re-IP the new, then add an alias to DNS to respond to reqs for the old name?
Sent via BlackBerry by AT&T
-----Original Message-----
From: Brian Desmond <brian@briandesmond.com>
Date: Wed, 10 Mar 2010 22:33:00
To: activedir@mail.activedir.org<activedir@mail.activedir.org>
Subject: RE: [ActiveDir] changing ip address of dc
Should be fine - done this many times before.
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of daniel
Sent: Wednesday, March 10, 2010 4:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] changing ip address of dc
hi all,
i'm curious if there's consequences to changing the ip address of an established domain controller.
scenario is that i need to replace a windows 2003 dc in a windows 2000 native domain at a remote site and a requirement is that it keeps the existing name and ip address. this is because the box is also a file server. the way i've planned this is to promote the replacement server as a dc with a temporary name and ip. then once i confirm it's promoted successfully, i'm going to demote the existing dc and turn it off, followed by changing the ip and name of the new server to the existing name.
the existing dc doesn't run dhcp nor does it have any fsmo roles. it does however run ad integrated dns.
any feedback would be appreciated.
daniel.
| | | |
| groulder
Posts:43
| | 03/10/2010 10:50 PM |
| well i'd be curious what other people's opinions of that are too. not the
first person to suggest a cname. but i'm just not sure if it will work. for
instance, i remember there was an issue with windows 2003 and perhaps xp
where if you referenced a cname in a unc path it was unresolvable. a hotfix
was subsequently released for this.
these sort of issues are what is worrying me about simply dropping in a
cname.
daniel.
On 11 March 2010 08:39, <mcasey726@gmail.com> wrote:
> Changing the IP shouldn't be a big deal. The part about juggling names
> seems unnecessary. Can you just stand up new server with new name, promote
> to DC, demote the old, turn off, re-IP the new, then add an alias to DNS to
> respond to reqs for the old name?
>
>
>
>
> Sent via BlackBerry by AT&T
> ------------------------------
> *From: *Brian Desmond <brian@briandesmond.com>
> *Date: *Wed, 10 Mar 2010 22:33:00 +0000
> *To: *activedir@mail.activedir.org<activedir@mail.activedir.org>
> *Subject: *RE: [ActiveDir] changing ip address of dc
>
> *Should be fine – done this many times before.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c – 312.731.3132*
>
> * *
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *daniel
> *Sent:* Wednesday, March 10, 2010 4:31 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] changing ip address of dc
>
>
>
> hi all,
>
>
>
> i'm curious if there's consequences to changing the ip address of an
> established domain controller.
>
>
>
> scenario is that i need to replace a windows 2003 dc in a windows 2000
> native domain at a remote site and a requirement is that it keeps the
> existing name and ip address. this is because the box is also a file server.
> the way i've planned this is to promote the replacement server as a dc with
> a temporary name and ip. then once i confirm it's promoted successfully, i'm
> going to demote the existing dc and turn it off, followed by changing the ip
> and name of the new server to the existing name.
>
>
>
> the existing dc doesn't run dhcp nor does it have any fsmo roles. it does
> however run ad integrated dns.
>
>
>
> any feedback would be appreciated.
>
>
>
> daniel.
>
>
>
>
>
| | | |
| kbatkbslpcom
Posts:194
| | 03/10/2010 10:54 PM |
| If you go the alias route, be aware of the registry change to allow
Windows to work with aliases correctly:
http://support.microsoft.com/kb/281308
I can't comment on the renaming-the-DC-when-it-is-still-a-DC part, as
I've never done that. I thought there was a requirement of 2003
functional level (not 2000) - but maybe that was just me
mis-understanding the steps involved.
-----Original Message-----
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of
mcasey726@gmail.com
Sent: Wednesday, March 10, 2010 5:40 PM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] changing ip address of dc
Changing the IP shouldn't be a big deal. The part about juggling
names seems unnecessary. Can you just stand up new server with new name,
promote to DC, demote the old, turn off, re-IP the new, then add an
alias to DNS to respond to reqs for the old name?
Sent via BlackBerry by AT&T
________________________________
From: Brian Desmond <brian@briandesmond.com>
Date: Wed, 10 Mar 2010 22:33:00 +0000
To: activedir@mail.activedir.org<activedir@mail.activedir.org>
Subject: RE: [ActiveDir] changing ip address of dc
Should be fine - done this many times before.
Thanks,
Brian Desmond
brian@briandesmond.com <mailto:brian@briandesmond.com>
c - 312.731.3132
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of daniel
Sent: Wednesday, March 10, 2010 4:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] changing ip address of dc
hi all,
i'm curious if there's consequences to changing the ip address
of an established domain controller.
scenario is that i need to replace a windows 2003 dc in a
windows 2000 native domain at a remote site and a requirement is that it
keeps the existing name and ip address. this is because the box is also
a file server. the way i've planned this is to promote the replacement
server as a dc with a temporary name and ip. then once i confirm it's
promoted successfully, i'm going to demote the existing dc and turn it
off, followed by changing the ip and name of the new server to the
existing name.
the existing dc doesn't run dhcp nor does it have any fsmo
roles. it does however run ad integrated dns.
any feedback would be appreciated.
daniel.
| | | |
| tonyszko
Posts:140
| | 03/10/2010 10:56 PM |
| On 3/10/2010 11:48 PM, daniel wrote:
> well i'd be curious what other people's opinions of that are too. not
> the first person to suggest a cname. but i'm just not sure if it will
> work. for instance, i remember there was an issue with windows 2003 and
> perhaps xp where if you referenced a cname in a unc path it was
> unresolvable. a hotfix was subsequently released for this.
> these sort of issues are what is worrying me about simply dropping in a
> cname.
For original question - here is procedure from Technet how to perform
such operation:
http://technet.microsoft.com/en-us/library/cc758579%28WS.10%29.aspx
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
| | | |
| rwilper
Posts:37
| | 03/10/2010 11:02 PM |
| One issue that bites us here from time to time is Kerberos name canonicalization. Some Kerberos clients will canonicalize a request for a CNAME to its A name before requesting service tickets. Most of the time this will not present any issues, but Kerberos can fail if either the A name is not a registered as a SPN for the service or the client cannot determine the proper realm for the A name.
-Ross
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of daniel
Sent: Wednesday, March 10, 2010 2:49 PM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] changing ip address of dc
well i'd be curious what other people's opinions of that are too. not the first person to suggest a cname. but i'm just not sure if it will work. for instance, i remember there was an issue with windows 2003 and perhaps xp where if you referenced a cname in a unc path it was unresolvable. a hotfix was subsequently released for this.
these sort of issues are what is worrying me about simply dropping in a cname.
daniel.
On 11 March 2010 08:39, <mcasey726@gmail.com<mailto:mcasey726@gmail.com>> wrote:
Changing the IP shouldn't be a big deal. The part about juggling names seems unnecessary. Can you just stand up new server with new name, promote to DC, demote the old, turn off, re-IP the new, then add an alias to DNS to respond to reqs for the old name?
Sent via BlackBerry by AT&T
________________________________
From: Brian Desmond <brian@briandesmond.com<mailto:brian@briandesmond.com>>
Date: Wed, 10 Mar 2010 22:33:00 +0000
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org><activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>
Subject: RE: [ActiveDir] changing ip address of dc
Should be fine - done this many times before.
Thanks,
Brian Desmond
brian@briandesmond.com<mailto:brian@briandesmond.com>
c - 312.731.3132
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of daniel
Sent: Wednesday, March 10, 2010 4:31 PM
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
Subject: [ActiveDir] changing ip address of dc
hi all,
i'm curious if there's consequences to changing the ip address of an established domain controller.
scenario is that i need to replace a windows 2003 dc in a windows 2000 native domain at a remote site and a requirement is that it keeps the existing name and ip address. this is because the box is also a file server. the way i've planned this is to promote the replacement server as a dc with a temporary name and ip. then once i confirm it's promoted successfully, i'm going to demote the existing dc and turn it off, followed by changing the ip and name of the new server to the existing name.
the existing dc doesn't run dhcp nor does it have any fsmo roles. it does however run ad integrated dns.
any feedback would be appreciated.
daniel.
| | | |
| groulder
Posts:43
| | 03/10/2010 11:13 PM |
| ok, i'm pretty convinced i'll stick with renaming the server rather than
setting up an alias.
the safer method for renaming a dc is apparently using netdom. but this
requires a windows 2003 domain level. so i'm forced to rename it through the
system properties. from what i'm reading if done this way you need to allow
sufficient time for this to replicate.
my biggest concern is once i demote the old one ad will take ages to
recognise the new dc as the bridgehead for the site. i need to wait for this
change before dare attempting to rename it.
On 11 March 2010 09:01, Wilper, Ross A <rwilper@stanford.edu> wrote:
> One issue that bites us here from time to time is Kerberos name
> canonicalization. Some Kerberos clients will canonicalize a request for a
> CNAME to its A name before requesting service tickets. Most of the time this
> will not present any issues, but Kerberos can fail if either the A name is
> not a registered as a SPN for the service or the client cannot determine the
> proper realm for the A name.
>
>
>
> -Ross
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *daniel
> *Sent:* Wednesday, March 10, 2010 2:49 PM
>
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] changing ip address of dc
>
>
>
> well i'd be curious what other people's opinions of that are too. not the
> first person to suggest a cname. but i'm just not sure if it will work. for
> instance, i remember there was an issue with windows 2003 and perhaps xp
> where if you referenced a cname in a unc path it was unresolvable. a hotfix
> was subsequently released for this.
>
>
>
> these sort of issues are what is worrying me about simply dropping in a
> cname.
>
>
>
> daniel.
>
> On 11 March 2010 08:39, <mcasey726@gmail.com> wrote:
>
> Changing the IP shouldn't be a big deal. The part about juggling names
> seems unnecessary. Can you just stand up new server with new name, promote
> to DC, demote the old, turn off, re-IP the new, then add an alias to DNS to
> respond to reqs for the old name?
>
>
>
> Sent via BlackBerry by AT&T
> ------------------------------
>
> *From: *Brian Desmond <brian@briandesmond.com>
>
> *Date: *Wed, 10 Mar 2010 22:33:00 +0000
>
> *To: *activedir@mail.activedir.org<activedir@mail.activedir.org>
>
> *Subject: *RE: [ActiveDir] changing ip address of dc
>
>
>
> *Should be fine – done this many times before.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *brian@briandesmond.com*
>
> * *
>
> *c – 312.731.3132*
>
> * *
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *daniel
> *Sent:* Wednesday, March 10, 2010 4:31 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] changing ip address of dc
>
>
>
> hi all,
>
>
>
> i'm curious if there's consequences to changing the ip address of an
> established domain controller.
>
>
>
> scenario is that i need to replace a windows 2003 dc in a windows 2000
> native domain at a remote site and a requirement is that it keeps the
> existing name and ip address. this is because the box is also a file server.
> the way i've planned this is to promote the replacement server as a dc with
> a temporary name and ip. then once i confirm it's promoted successfully, i'm
> going to demote the existing dc and turn it off, followed by changing the ip
> and name of the new server to the existing name.
>
>
>
> the existing dc doesn't run dhcp nor does it have any fsmo roles. it does
> however run ad integrated dns.
>
>
>
> any feedback would be appreciated.
>
>
>
> daniel.
>
>
>
>
>
>
>
| | | |
| MikeLeone
Posts:55
| | 03/11/2010 5:11 PM |
| On Wed, Mar 10, 2010 at 6:11 PM, daniel <rpo8373@gmail.com> wrote:
> ok, i'm pretty convinced i'll stick with renaming the server rather than
> setting up an alias.
>
> the safer method for renaming a dc is apparently using netdom. but this
> requires a windows 2003 domain level. so i'm forced to rename it through the
> system properties. from what i'm reading if done this way you need to allow
> sufficient time for this to replicate.
>
> my biggest concern is once i demote the old one ad will take ages to
> recognise the new dc as the bridgehead for the site. i need to wait for this
> change before dare attempting to rename it.
Couldn't you kick it a bit to force a replication using repadmin? I'd
want 10-15 minutes for normal replication time, and then (if I didn't
see the changes replicated out to a remote site), use repadmin to
force a replication. I'd wait another 5-10 min, then check again.
| | | |
| ZJORZ
Posts:363
| | 04/29/2010 9:44 PM |
| Also see:
http://blogs.dirteam.com/blogs/jorge/archive/2005/11/25/165.aspx
Met vriendelijke groeten / Kind regards,
Jorge de Almeida Pinto
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of daniel
Sent: Wednesday, March 10, 2010 23:31
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] changing ip address of dc
hi all,
i'm curious if there's consequences to changing the ip address of an
established domain controller.
scenario is that i need to replace a windows 2003 dc in a windows 2000
native domain at a remote site and a requirement is that it keeps the
existing name and ip address. this is because the box is also a file server.
the way i've planned this is to promote the replacement server as a dc with
a temporary name and ip. then once i confirm it's promoted successfully, i'm
going to demote the existing dc and turn it off, followed by changing the ip
and name of the new server to the existing name.
the existing dc doesn't run dhcp nor does it have any fsmo roles. it does
however run ad integrated dns.
any feedback would be appreciated.
daniel.
| | | |
|
|