2

The situation: Two formerly completely separate Windows 2000 AD domains need to be connected to a common router. (The reason why is not important.) Unfortunately (for me), both domains currently have the same network address, which is (say) 192.168.0.0/24.

So as not to confuse the router, I decide to renumber the smaller of the networks to (say) 192.168.128.0/24. Basically, I want to change the 3rd octet of the network number from 0 to 128. What do I need to update (and in what order, if it matters) on the DCs in order to complete the change with a minimum of problems?

To keep it simple, let's say the network to be renumbered has one DC (yes, I know, best practice is for 2 or more), and that DC serves just DNS and DHCP (and AD, of course). Is there a "best practice" for renumbering a network in an AD domain, or am I fine just bashing the DNS and DHCP settings on the DC until they all have the new network number?

And finally: How does the answer change (if at all) if there are two or more DCs in the affected domain?

Steven Monday
  • 13,599
  • 4
  • 36
  • 45

2 Answers2

3

The renumbering itself is not much of a problem - you just change the IP addresses of your DCs and make sure the DNS entries change as well (usually, restarting the "netlogon" service on your DCs fixes them).

You also should create a new reverse lookup zone for the new IP subnet on DNS servers of your "renumbered" network and make sure that your DNS forwarder(s) set up in the DNS configuration are still available. If you are not asked to set up trusts between domains, no further DNS changes are necessary.

Apparently, your router supports more than a single IP interface, so you will be able to run separate DHCP servers to serve the two broadcast domains in your two (V)LANs. In this case, you would simply need to change the DHCP scope and option configuration on the "renumbered" DHCP server.

If the "single router" does not support VLANs and both formerly separate networks end up within a single broadcast domain (i.e. broadcasts are received by members of both AD domains), you will have some trouble getting DHCP to work correctly for you.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
  • Yes, the router has multiple interfaces, so traffic between the networks will be IP-routed (layer 3, not layer 2). Thus there should be no problem running separate DHCP on the two networks. – Steven Monday Jan 30 '12 at 17:31
2

You mention a single router, but that router will have multiple interfaces, on for each network and subnet right? Or you are at least planning on setting up a VLAN per network?

The reason I ask is because it sounds like you want to keep multiple DHCP servers running, and that simply won't be possible to have both DHCP servers on the same physical segment.

Since you have a single domain controller, and I would guess a small number of computers you really shouldn't have much work to do.

  • First prepare the network/VLAN
  • Renumber the DC
  • Update the DHCP server (also on the DC?)
  • Update any statically configured DNS entries in the DNS server
  • force your clients to renew
  • update any other systems with a static address.
Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • Yes, the router has multiple interfaces, and each network is (and will remain) a separate broadcast domain. My thanks to you and to @syneticon-dj for your clear responses. – Steven Monday Jan 30 '12 at 17:42