How to Change IP address of Domain Controller (DC)
Changing IP addresses on a corporate network may require to change IP address of domain controller (one or more). Responsible for authentication, authorization, DNS resolution on Windows networks, domain controllers are a critical part of the network infrastructure. Therefore, a change of IP address on a domain controller must be properly planned to avoid network problems.
Important! Changing the IP address of a domain controller is not a usual management task. Therefore, it is recommended to simply promote a new DC with a new IP address in the target subnet. The old DC should then be downgraded to a member server. This minimizes the risk of breaking anything on your network.
Preparing for Domain Controller IP Address Change
There are a few preparatory steps you need to take before changing the static IP address of a DC:
- Make sure there are at least two AD domain controllers online on your network.
- Perform AD and replication health checks and fix any issues found.
- Check that the IP address of another DC is set as the preferred DNS server in the network adapter settings on all Domain Controllers. The loopback address (127.0.0.1) should be set as the alternate DNS server.
- In the Active Directory Sites and Services console (dssite.msc), check that the new domain controller IP address has an IP subnet associated with the AD site. Create an IP subnet if required.
How to Change IP Address of Domain Controller?
In this example, we are going to change the old static IP address of the domain controller 192.168.1.10 to a new one 192.168.158.10.
- Connect to the domain controller host console. Depending on your infrastructure, this can be a VM console, iLO, iDRAC, IPMI remote console, etc. Do not use RDP to access the DC as the connection will be lost if the IP is changed.
- Open the Network Connection Control Panel by running the command ncpa.cpl
- Open the network connection properties > Internet Protocol Version 4 (TCP/IPv4) > Properties > specify the new IP address of the domain controller. If you change the subnet, change the default gateway IP.
- Click OK > OK to save changes.
Now you need to register the new domain controller IP address in DNS. Open a command prompt as an administrator and run the commands:
ipconfig /flushdns ipconfig /registerdns
To force an update of all the resource records of the domain controller in the DNS (_msdcs, _sites, _tcp, _udp, etc.), run:
nltest /dsregdns
Open the DNS Manager snap-in (dnsmgmt.msc) and check that the domain controller’s DNS records in the forward and reverse DNS zones have been updated.
Check the health of the domain controller and replication after 20-30 minutes:
Dcdiag /fix | select-string -pattern '\. (.*) \b(passed|failed)\b test (.*)'
Re-check the Domain Controller health:
dcdiag /a /q
Updating Domain Controller IP Adress on Clients
Once you have changed the IP address of the domain controller, you will need to update it on all the clients that have been using it. These could be other DCs, computers, network devices (printers, scanners, MFPs, etc).
- Update the preferred DNS server address on other domain controllers that were using the old IP.
- If you are assigning IP settings to client devices via DHCP, specify a new DNS address in the DHCP scope settings. In order for DHCP clients to receive new IP settings, you must reboot them or run the commands:
ipconfig /renew ipconfig /flushdns
- Manually change DNS settings for devices with static IP settings.
Make sure your network clients are able to authenticate on the domain controller with the new IP address.