Home Lab 7: Domain Controller Swap

Posted byWirelessHoboPosted inHomeLab, Windows ServerTags:,

This week we are completing the refresh of the domain controllers by swapping out the expiring DC01 for a fresh install of ADDC01. I highly recommend performing all the steps below via the console since you will be swapping server IPs.

In a Production environment, before we do this kind of swap, we make sure any department/group doing any kind of authentication is aware this is coming and swap authentication to the new server hostname if not using IP addresses. All other administrators, developers, and IT managers should know it is coming.

  1. In Hyper-V, disable the network interface card in the VM. Confirm that the network connection has dropped in the console for the VM.
  2. Via the console of the original domain controller, DC01, modify the network settings. As a reminder this is what they looked like before.
  3. This is what the network settings on DC01 look after the changes. It is swapped to .201 and DNS is pointing to 192.168.68.200. ADDC01 will move to .200 shortly.
  4. Now, switch to the console for ADDC01 and open up the network settings for the network interface card. Remember ADDC01 is still connected to the network.
  5. Update the IP address to 192.168.68.200 as we want ADDC01 to become the domain controller on that IP address and retain the .200 IP address since it is the DNS server for our domain. When you hit OK, reboot ADDC01.
  6. In Server Manager or any of the other myriad of ways to check IP address, did the change take and 192.168.68.200 is still the IP address? Yes.
  7. In DNS Manager, did ADDC01 self-register as its new IP address? Yes.
  8. Are DNS lookups working on client computers? Yes.
  9. Is nslookup working on a client? Yes.
    PS C:\Users\jane.doe> nslookup whwin11c-1234567890.wirelesshobo.test
    Server: UnKnown
    Address: 192.168.68.200

    Name: whwin11c-1234567890.wirelesshobo.test
    Address: 192.168.68.76
  10. Now, return to the console of the original domain controller, DC01. Confirm that the IP address is changed and reboot. Confirm the IP address is still set to 201 and DNS is pointing to .200 on the network interface card.
  11. Shutdown DC01 and reconnect the network interface card in Hyper-V or VMWare.
  12. Power DC01 back on.
  13. On ADDC01, in DNS Manager, refresh wirelesshobo.test zone. Did DC01 update to .201? Yes.
  14. Let’s check replication, but do not freak out yet. Prior to booting DC01, ADDC01 thought DC01 was also on .200, the old IP. AND DC01 thought ADDC01 was on .201. You might see a couple errors in replication related to DNS, but those should roll off.
  15. Now perform all your favorite domain controller health checks from other corners of the Internet. I will also generally reboot both domain controllers receiving the maintenance and force a replication.

Now this is where I typically shut the old box down for 24-48 hours to see if anything obvious breaks in production. If you have any authentication services pointing at the outgoing domain controller, this scream test will help find them as identify there is an issue while giving you the flexibility to simply power it back on. And we will document those changes, right?

Leave a comment