Hi Rick,
Ah yes, the 'Island' issue...fortunately these are the child domain controllers (NOT authoritative for the _msdcs.ForestDNSName zone) the root domain controllers at our hub site are setup as you suggested 8-)). That is why I have this particular zone setup as secondaries on all child DC's to help with replication issues.
Thank You for your reply. Devan.
----Original Message Follows---- From: "Rick Kingslan" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> Subject: RE: [ActiveDir] Checklist for changing IP Address on DC Date: Tue, 8 Jun 2004 20:46:43 -0500
Devan,
Looking over your plan - it all looks fine. You should be quite successful with getting the IP update done.
However, I would like to submit and suggest that instead of DC1 DNS being set as:
Primary: DC1 Secondary: DC2
Set it like this:
Primary: DC2 Secondary DC1
If you have more than one DNS server, it's always a good idea to look at your peer for your lookups rather than yourself - especially if you are AD Integrated. Reasoning for this is to prevent the DNS servers from becoming 'islands' for the CNAME _msdcs.ForestDNSName records in your name resolution infrastructure.
See this KB for more info. http://support.microsoft.com/default.aspx?scid=kb;en-us;275278
Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala Sent: Tuesday, June 08, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Checklist for changing IP Address on DC
Hi all,
I have 2 DC's in a site that need IP's to be updated to reflect network changes.
Both DC's are DNS servers (ADI), DHCP servers (with manual redundant scopes, which are not changing). Each point to themselves for DNS and the other for secondary, with forwarding enabled to the forest root DNS servers.
Here's my plan:
On DC2:
1. Change the primary (P) DNS server to point to DC1 and secondary (S) to itself
2. Change all IP configuration (to reflect new IP segment & physically move the cable)
3. Test connectivity (pinging loopback adapter, IP, GW etc.)
4. Flush the DNS resolver cache
5. Re-register DNS names
6. Check DNS entry for DC2 on DC1's DNS server
7. Test name resolution on DC1 and subsequently DC2
8. Change the P & S DNS server settings to point to itself and its replication partner or DC2
9. Bounce the DNS and Netlogon services on DC2
10. Check DNS entry on DC2 to verify correct name to IP entry (for DC2)
11. Test name resolution on DC2
12. Change the DHCP client parameters (to reflect new DNS server and DHCP server) on both DC1 and DC2, restart DHCP server service on DC2
13. Update secondary zone transfers for forest-wide locator records on master server (DC1)
14. Repeat steps for DC1 when DC2 is operational with new IP configuration, except for few different things like master server for DC1 (for secondary zone transfers etc.)
I am just trying to verify my steps and see if I'm missing anything or any gotchas before proceeding...
Thanks, List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
