Change IP Address on Domain Controller
In this post, I will demonstrate how to change the IP address on a domain controller.
Before you change the IP address it is very important to run through a checklist . Any changes to a domain controller can disrupt services and impact business operations. See my checklist below.
For this demonstration, I have the following settings.
- DC1, IP Address 192.168.100.10
- DC2, IP Address 192.168.100.11
- DC3, IP Address 192.168.100.12
I’m going to change the IP on DC2 to 192.168.100.15. If you are changing to a different subnet there are additional things to consider that I go over in the checklist.
Pre-Change Checklist
I recommend reviewing each item on this checklist before making changes. I’ve migrated many domain controllers from small to large networks and these steps have been a lifesaver. If you do this often you will probably come up with your own checklist.
Do You Have Multiple Domain Controllers?
It is best practice to have multiple domain controllers and backup Active Directory for disaster recovery reasons. I do not recommend making major changes to domain controllers if you have a single domain controller. If you have multiple DCs and the change breaks the server you can still operate from a secondary DC.
You can get a list of all domain controllers in your domain with this command:
Check FSMO Roles
Does the DC hold any FSMO roles? Easily check with this command:
Below you can see all my FSMO roles are on DC1.
To help avoid disruption to authentication services you could move the FSMO roles to another domain controller that is on the same site. Keep in mind you would need to move any services that are manually configured to the server.
I’m making changes to DC2 which has no FSMO roles running on it.
Check Installed Roles and Features
I recommend checking what services are running on the server, you don’t want to change the IP and then have something break because you didn’t know it was a DHCP server or a web server.
- Check the control panel for installed software
- Check the installed roles and features
You can quickly check the installed roles and features with this command:
Below you can see my DC2 server has some critical services running on it including DHCP and DNS. I’ll need to consider this when changing IP addresses.
Find Devices Pointing to the Domain Controller with Wireshark
Wireshark can help you identify what systems are pointing to your domain controller for various services like DNS, DHCP, and so on. This might be the most important pre-change step.
Useful Wireshark filters:
Here is an example:
The packet capture shows that system 192.168.100.22 is using DC2 for DNS. I’ve done a large migration of domain controllers before and used Wireshark to help identify systems that are still pointing to old domain controllers. From experience, you will probably be surprised at how many systems are hardcoded to your DCS.
Check Domain Controller Health
You need to check that your domain controller is healthy before making the change. Any issues could result in replication issues, DNS issues, and so on. I’ve got a complete guide on how to use dcdiag its actually very easy to use. Just open the command prompt on your server and run the command.
Check The Health of DNS
By default, dcdiag does not test DNS. Use this command to run a complete test on DNS.
Make sure the server passes all tests and the name resolution SRV record is registered.
Run Best Practice Analyzer
The best practice analyzer can find configuration issues according to Microsoft best practices. The BPA tool is not always accurate so you need to double check its findings. Also, any errors or warnings do not mean your migration will fail. It can just help you find any major misconfigurations according to Microsoft best practices.
Here is a scan from my DC2.
I’ve got a warning that the loopback address is not included on the ethernet adapter settings. The best practice is to point the preferred DNS server to another DNS server (not itself).
Here is an example of how it should be configured:
My DC2 IP address is 192.168.100.11. You can see I set the preferred DNS to another domain controller (DC1) and the alternate is set to the loopback address. This is Microsoft’s best practice.
Again any warnings or errors the best practice analyzer finds doesn’t mean your migration will fail. But to help avoid any potential migration issues I recommend running this tool and reviewing the scan results. It might even fix some issues you weren’t aware of.
Are You Changing Subnets?
If you will be changing to a new subnet then consider the following:
- If the server also runs DHCP you will need to update the helper address on your switch or firewall.
- Add the new subnet to Active Directory sites and services.
Check Firewall Rules
Are there any firewall rules that will need to be updated? This could be your network firewall and windows based firewalls. I typically have rules on the network firewall that limit network access for critical servers like domain controllers. I would need to update the firewall rules to permit traffic to the new DC IP.
Plan & Schedule the IP Change
I recommend making this type of change during your maintenance window. No matter how much you prepare for changes there is always a potential for something going wrong. You need to have a maintenance window to allow time to resolve any issues. Don’t forget to communicate these changes with your team ahead of time.
How to Change the IP Address of a Domain Controller:
Here are the steps to changing the IP Address on a domain controller.
- Log on locally to the server (console access, don’t RDP or use remote access).
- Change IP Address
- Change subnet mask (if required)
- Change Default gateway (if required)
- Preferred DNS server (should point to another DC in the same site)
- Alternate DNS server (should be the loopback address 127.0.0.1)
- After changing the IP run ipconfig /flushdns to remove local cache
- Run ipconfig /registerdns to ensure the new IP is registered by the DNS server
- Run dcdiag /fix to ensure service records are registered.
Video Tutorial
Done. Nice work!
Post Change Checklist:
- Update DHCP settings if DC server is also DNS server
- If subnet address changed then make sure AD Sites and services is updated
- Update clients that use static ip address
- Update other DCs nic settings (if needed)
- Run commands dcdiag and dcdiag /test:dns /v to check for issues.
- Verify DNS is working, you can do this with nslookup .
- Test authenticating to the DC. You can do this by manually settings a client IP DNS settings to the IP of the DC or using PowerShell and specify the authentication server.
- Continue to monitor old IP with wireshark – This can be done by a span port or assign the DCs old IP to a computer with wireshark installed. This is useful to help find systems that are still using the old IP of the DC.
- Update firewall rules if needed.
- If a client system is having issues try to flush the local dns cache with ipconfig /flushdns command
- Changing the IP address on the DC should not effect any shares on the server as long as DNS is updated.
In this post, I showed you how to change the IP address on a domain controller. I also showed you a checklist I go through before changing the IP address. Authentication, DNS, and DHCP services are critical so it’s very important to plan and review as much as you can before making changes to these critical services. Also, all organizations and networks are different so over time you may have a different checklist than mine.
Recommended Tool: Permissions Analyzer for Active Directory
This FREE tool lets you get instant visibility into user and group permissions and allows you to quickly check user or group permissions for files, network, and folder shares.
You can analyze user permissions based on an individual user or group membership.
This is a Free tool, download your copy here .
2 thoughts on “Change IP Address on Domain Controller”
hi Robert, thank you for sharing. for important and key steps here.
Leave a Comment Cancel reply
Notify me via e-mail if anyone answers my comment.
How to change IP Address of Domain Controller
How to change the IP Address of Domain Controller
1] pre-change checklist, 2] change the ip address of a domain controller, 3] register the domain controller’s new ip address, 4] post-change checklist, how do i change my domain ip address to windows 10, does domain controller need static ip, should dhcp be on domain controller.
Read : Fix Unable to contact your DHCP Server error on Windows.
[email protected]
10 ready-to-implement PowerShell scripts to make AD management easy!
- AD Fundamentals
- AD Policies
- Azure AD Fundamentals
- Azure AD Management
- Free AD Tools
How to change the IP address of a domain controller
The domain controller (DC) is an integral part of your IT infrastructure. Due to its role within the domain, it’s crucial that any change to its IP is done correctly.
The DC’s address is statically assigned to the server. However, you might be required to change the DC’s IP address at times—when there’s a change of the IP addressing scheme on the local subnet, for instance.Any changes to the DC can disrupt services and affect your operations, so there are a few things you need to ensure before changing the IP address. Here’s a checklist to make it easier.
Pre-change checklist
Have m ultiple domain controllers.
It is recommended to have multiple domain controllers and a backup of Active Directory. This is so that if something happens to the primary DC, you can still operate from the secondary DC. Major changes are not recommended if you have a single DC. You can check for other DCs in your domain with this command:
Get-ADDomainController -filter * | select hostname, domain, forest
Check FSMO roles
Another thing to look out for is if the primary DC is running Flexible Single-Master Operation (FSMO) roles. To check this, run the following command:
netdom query fsmo
If the primary DC is running FSMO roles, you will have to move the FSMO roles to another DC that is on the same site to avoid any disruptions to authentication services. Any other services that are manually configured on the server will also have to be moved to the secondary DC.
Check the installed roles and features
It is recommended to check what services are running on your DC before changing its IP address. If the DC is running services like that of the DHCP server or web server, any changes to the IP address can cause a break. To avoid this, you can run the following command to check the established roles and features:
Get-WindowsFeature | Where-Object {$_. installstate -eq "installed"}
Ensure the health of the DC and DNS
It is best to ensure that your DC is healthy before making any IP changes to avoid encountering any replication issues or DNS issues. You can check the health of your DC using the following command:
By default, the dcdiag command doesn’t test the DNS, so you can run the following command to check on DNS health:
dcdiag /test:dns /v
Run Windows B est P ractices A nalyzer
To avoid the risk of any potential issues during migration, you can use the Best Practices Analyzer tool to find any misconfigurations according to Microsoft’s best practices. The tool may not always be accurate, so make sure to double-check the findings when reviewing the scan results.
Chang e subnets
If the server also runs DHCP, and you’re going to be changing the subnet, you will need to update the helper address on your switch or firewall. You will also have to add the new subnet to Active Directory Sites and Services.
Update the f irewall rules
Before you change the IP address of a domain controller, you may need to update the rules of your network firewalls and Windows-based firewalls to permit traffic to the DC’s new IP address.
Schedule the IP change
This is a good practice to follow when you change the domain controller’s IP address. There is always the potential for something to go wrong when changing the IP, no matter how much you prepare. Scheduling the IP change gives you a maintenance window to resolve any issues that may occur.
How to change the IP address of a domain controller
Once you’re done with the pre-change checklist, you can go ahead and change the domain controller’s IP address. Here’s how:
- Log on locally to the server using console access. Don’t use RDP or remote access.
- Right-click the network icon in the bottom-right corner of the taskbar.
- Select Open Network and Sharing Center > Change adapter settings . Alternatively, you can press the Windows key + R , type ncpa.cpl into the box, and hit Enter .
- On the Network Connections screen, right-click the network adapter for which you want to change the IP address and select Properties from the menu.
- In the Ethernet Properties dialog box, scroll down the list and double-click Internet Protocol Version 4 (TCP/IPv4) .
- In the Internet Protocol Version 4 ( TCP/IPv4 ) Properties dialog box, change the IP address.
- If required, change the subnet mask and default gateway.
- Change the primary DNS server entry to the new IP address for the DC, especially if the DC is the only DNS server in the domain. The Preferred DNS server should point to another DNS on the same site, while the Alternate DNS server should be the loopback address (127.0.0.1).
How to register the domain controller’s new IP address
Once you’ve changed the IP address of the domain controller, you will need to register the new IP address. To do so, run the following commands in elevated Command Prompt or PowerShell one after the other:
- This will clear any cached DNS entries.
- This ensures that the new IP address is registered by the DNS server.
- This ensures that the Service Principal Name (SPN) records are registered and that all tests are passed successfully.
Post-change checklist
After you’ve successfully changed the IP address of your domain controller, here are a few things you need to ensure:
- Update services, servers, and client machines, such as:
- DHCP settings if the DC is also a DNS server.
- Active Directory Sites and Services if the subnet address was changed.
- Clients that use a static IP address.
- The DC’s network interface controller settings, if required.
- Firewall rules.
- Check for any issues : Run the dcdiag and dcdiag /test:dns /v commands.If a client system seems to be having issues, you may need to flush the ipconfig /flushdns command.
- Verify that the DNS is working: Use nslookup or other DNS lookup tools.
- T est authenticating to the DC : Manually set a client’s IP DNS setting to the IP of the DC or specify the authentication server using PowerShell.
Final thoughts
If you’re looking to change domain controller IPs, there are a few things to ensure before you do so. Since the DC is an integral part of your IT infrastructure, it’s essential that this process is done correctly to avoid any breaks or other issues. Scheduling the IP change is also highly recommended because it will give you a maintenance window to sort out any other issues that could potentially arise.
Related posts
Active directory ldap field - attribute mappings , how to seize fsmo roles, how to transfer fsmo roles, securing administrator accounts in active directory, free active directory tools.
Active Directory Management & Reporting
Self-Service Password Management
Real-time Active Directory Auditing
Exchange Server Auditing & Reporting
Active Directory Backup & Recovery Tool
People also read
Active directory account lockout policy, managing gpos in active directory, how to locate active directory objects, active directory object permissions: step-by-step guide to managing permissions using gpos, aduc, and powershell, active directory object classes and attributes: a complete overview, active directory sites, active directory users and computers (aduc) - an introduction and installation guide, how to raise active directory forest functional level, managing gpos with group policy management console, group policy backup.
A one-stop place for all things Windows Active Directory. Follow us for more content
Quick Links
Curated resources.
There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from IAMRoundup.
Wanna be a part of our bimonthly curation of IAM knowledge?
- Please enter a valid e-mail address Please enter a valid e-mail address Please enter a valid e-mail address
- By clicking 'Become an insider' , you agree to processing of personal data according to the Privacy Policy .
Time-saving software and hardware expertise that helps 200M users yearly. Guiding you with how-to advice, news and tips to upgrade your tech life.
Let's keep in touch!
How to Change Domain Controller IP Address
Easy methods to change the ip address of a domain controller.
- The domain controller authenticates a user using the data stored in the Active Directory.
- Changing the IP address of a domain controller can cause issues for the administrator.
- Thankfully, this guide gives you the safe method to change the IP address of the domain controller and change the system name.
Domain Controllers (DCs) are actively used for authenticating users and the devices connected to the domain.
Because of these works, they are best set up and left as is. This becomes important in terms of their hostname and network details.
Changing the IP of the domain controller may not be ever required but a time may come when you change it.
Moreover, domain controllers are assigned to a static IP address so they are reliable and discovered across the network without any issues.
While changing the IP address of the domain controller may cause certain issues for the administrator, because of its critical nature.
However, if the DC is not hosting any other roles, changing IP isn’t a big problem and can be done easily.
In this guide, we will show you exactly how you can change the IP of the domain controller safely and with no issues. Let us get right into it.
Browse the web from multiple devices with increased security protocols.
Access content across the globe at the highest speed rate.
Connect to thousands of servers for persistent seamless browsing.
How do I find the IP address of my domain controller?
- Open the Start menu.
- Type Command Prompt and open it as an administrator .
- If the USERDNSDOMAIN isn’t displayed then likely the server isn’t a domain member. You may want to consult with your Network Admin because it will be required in the later steps.
- You need the USERDOMAIN value for the DCDiag test.
- Type the below and press Enter . nslookup
- Execute the below command and press Enter . set type=all
- Replace the <DOMAIN_NAME> with the USERDNSDOMAIN value you got in Step 3.
- This DNS query will display the SRV record of each domain controller.
- Check for hosts containing the same name or the same IP address. Notably, each entry should have a unique hostname and IP address.
- To exit out of nslookup , enter: exit
Using the above steps, you would be able to find the IP address of your domain controller. The steps may look a bit too much but it is for those who know what they are doing.
How do I change the system name and IP address from the domain control network?
1. rename the system name, 1.1. using system properties.
- Download the Remote Server Administration Tools .
- Launch the installer.
- Read and accept the license and click I accept .
- After the installation is complete, open the RSAT tool .
- On the start screen, click on Server Manager .
- Click on Change System Properties .
- Click on the Computer Name tab, and click Change .
- Hit the OK button to acknowledge the renaming.
- Under Computer Name , type the name you wish.
1.2. Using Netdom
- Run the command prompt as an administrator.
- <Current Computer Name> : Enter the current, or primary, fully qualified DNS name of the computer that you are renaming.
- <New Computer Name> : Enter the full qualified DNS name for the computer you are renaming.
- Type the below command to assign the new name to your PC and press Enter . netdom computername <CurrentComputerName> /makeprimary:<NewComputerName>
- Restart your PC.
- After the PC reboots, open CMD.
- Execute the below command. netdom computername <NewComputerName> /remove:<OldComputerName>
We have shown you two methods to change the system name, i.e. one using system properties and the other one using Netdom.
Do note that whichever method you choose, you have to update the FRS object and Update the DFS Replication member object.
2. Update the FRS member object
- Open Windows Tools .
- Select Active Directory Users and Computers .
- Click Advanced Features in the View menu.
- Expand the domain node, System, File Replication Service , and Domain System Volume (SYSVOL share) .
- The objects below Domain System Volume (SYSVOL share) are the FSR Member objects, find the object that shows the old name of the domain controller.
- Right-click the FRS Member object and click Rename .
- Type the new name of the domain controller.
Battle.net Update Stuck at 0%: How to Easily Fix It?
The specified disk is not convertible: 2 ways to fix, event id 7031: what is it & how to easily solve it, amdppm.sys: what causes this bsod & how to fix it, windows did not detect any networking hardware [error fix], 3. update the dfs replication member object.
- Expand the domain node , System , DFSR-GlobalSettings , Domain System Volume , and Topology .
- Locate the <DomainControllerName> object showing the old name of the DC.
- Right-click the msDFSR-Member object and click Rename .
- Enter the new name of the domain controller.
4. Change the IP address of domain controller
1. Press the Windows key on your keyboard or click on the Start button on your taskbar to open the Search menu .
Expert tip:
Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken. We recommend installing Restoro, a tool that will scan your machine and identify what the fault is. Click here to download and start repairing.
2. Type cmd in the search box and right-click on the first result, then select Run as Administrator .
3. Write the below command and press Enter to remove any cached DNS entries created by the local DNS server: ipconfig /flushdns
4. Execute the below commands one by one and press Enter :
Net Stop DNS
Net Start DNS
Net Stop Logon
Net Start Logon
5. Now run the below command to ensure the new IP address is registered by the DNS server: ipconfig /registerdns
6. Finally, r un the below command to update the Service Principal Name (SPN) records: dcdiag /fix
The Domain Controller’s IP can be easily changed via the built-in command tool known as Command Prompt or cmd. All you need to do is input a few commands in it, and the tool will do the job for you.
Is a domain controller the same as Active Directory?
We won’t give you complex terminologies as we want you to understand terms easily. An Active Directory is like a database. It stores information of users and computers as objects.
On the other hand, the domain controller is a service that runs Active Directory and uses the data stored by the AD for authentication and giving access to the user. Notably, a DC or domain controller manages the security policies of Windows NT or Windows Server.
So, the easiest way to remember the difference between Active Directory and DC is that Active Directory handles your identity and security access, on the flip side the Domain Controllers authenticate your authority.
That is it from us in this guide. We hope that we gave you the complete information on how you can change the IP of the domain controller. Let us know in the comments below if you come across any issues while following the above steps.
Still having issues? Fix them with this tool:
If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.
Leave a Reply Cancel reply
Commenting as . Not you?
Save information for future comments
You can’t install windows on usb flash drive using setup [fix], how to record multiple screens in windows [easy ways], how to switch file explorer to winappsdk on windows 11, ink cartridge full but not printing here’s what to do.
IMAGES
VIDEO
COMMENTS
Here are the steps to changing the IP Address on a domain controller. Log on locally to the server (console access, don’t RDP or use remote access). Change NIC TCP/IP settings Change IP Address Change subnet mask (if required) Change Default gateway (if required) Preferred DNS server (should point to another DC in the same site)
Change the IP Address of a Domain Controller; Register the Domain Controller’s new IP Address; Post-change Checklist; Let’s see the description of the 4-step process involved in successfully ...
Right-click the network icon in the bottom right of the Task Bar and select Open Network and Sharing Center from the menu. In the Network and Sharing Center, click Change adapter settings. On the...
Right-click the network icon in the bottom-right corner of the taskbar. Select Open Network and Sharing Center > Change adapter settings. Alternatively, you can press the Windows key + R , type ncpa.cpl into the box, and hit Enter.
Change the IP address of domain controller 1. Press the Windows key on your keyboard or click on the Start button on your taskbar to open the Search menu. Expert tip: SPONSORED Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files.