Moving a Domain Controller to a Different Site

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If you change the IP address or the subnet-to-site association of a domain controller after Active Directory is installed on the server, the Server object does not change sites automatically. You must move it to the new site manually. When you move the Server object, the Net Logon service on the domain controller registers DNS SRV resource records for the appropriate site.

TCP/IP Settings

When you move a domain controller to a different site, if an IP address of the domain controller is statically configured, then you must change the TCP/IP settings accordingly. The IP address of the domain controller must map to a Subnet object that is associated with the site to which you are moving the domain controller. If the IP address of a domain controller does not match the site in which the Server object appears, the domain controller might be forced to communicate over a potentially slow WAN link to locate resources rather than locating resources in its own site.

Prior to moving the domain controller, ensure that the following TCP/IP client values are appropriate for the new location:

  • IP address, including the subnet mask and default gateway

  • DNS server addresses

  • WINS server addresses (if appropriate)

If the domain controller that you are moving is a DNS server, you must also:

  • Change the TCP/IP settings on any clients that have static references to the domain controller as the preferred or alternate DNS server.

  • Determine whether the parent DNS zone of any zone that is hosted by this DNS server contains a delegation to this DNS server. If yes, update the IP address in all such delegations. For information about creating DNS delegations, see Verifying Active Directory Installation.

Preferred Bridgehead Server Status

Before moving any Server object, check the Server object to see whether it is acting as a preferred bridgehead server for the site. This condition has ISTG implications in both sites, as follows:

  • Site to which you are moving the server: If you move a preferred bridgehead server to a different site, it becomes a preferred bridgehead server in the new site. If preferred bridgehead servers are not currently in use in this site, the ISTG behavior in this site changes to support preferred bridgehead servers. For this reason, you must either configure the server to not be a preferred bridgehead server (recommended), or select additional preferred bridgehead servers in the site (not recommended).

Site from which you are moving the server: If the server is the last preferred bridgehead server in the original site for its domain, and if other domain controllers for the domain are in the site, the ISTG selects a bridgehead server for the domain. If you use preferred bridgehead servers, always select more than one server as the preferred bridgehead server for the domain. If, after the removal of this domain controller from the site, multiple domain controllers remain that are hosting the same domain and only one of them is configured as a preferred bridgehead server, either configure the server to not be a preferred bridgehead server (recommended), or select additional preferred bridgehead servers hosting the same domain in the site (not recommended).

Note

If you select preferred bridgehead servers and all selected preferred bridgehead servers for a domain are unavailable in the site, the ISTG does not select a new bridgehead server. In this case, replication of this domain to and from other sites does not occur. However, if no preferred bridgehead server is selected for a domain or transport (through administrator error or as the result of moving the only preferred bridgehead server to a different site), the ISTG automatically selects a preferred bridgehead server for the domain and replication proceeds as scheduled.

Task Requirements

  • My Network Places

  • DNS snap-in

  • Active Directory Sites and Services

  • Adsiedit.msc

To complete this task, perform the following procedures in order:

  1. Change the static IP address of a domain controller

  2. Create a delegation for a domain controller

    If the parent DNS zone of any zone that is hosted by this DNS server contains a delegation to this DNS server, use this procedure to update the IP address in all such delegations.

    If your forest root domain has a parent DNS domain, perform this procedure on a DNS server in the parent domain. If you just added a new domain controller to a child domain, perform this procedure on a DNS server in the DNS parent domain. By following recommended practices, the parent domain is the forest root domain.

  3. Verify that an IP address maps to a subnet and determine the site association

  4. Determine whether the server is a preferred bridgehead server

  5. Configure the server to not be a preferred bridgehead server

  6. Move the Server object to the new site