Running Win2003 Domain with split-brain dns (outside ip is different than inside ip address scheme and is natted at the firewall). Primary DC running 2003, active directory and dns services. Backup domain controller is 2003. Other 2003 and 2000 servers within the domain. Anybody got the best steps for replacing the internal ip address schema? e.g.: step 1: add new ip to dns, add new reverse lookup zone, then change backup domain controller dns, etc..... ??? Thanks,

You need to provide more information. What do you mean by “internal IP address schema”? Are you planning to change the IP address from Public to Private? Do you have propter route and network in place? If so, you can change the IP address of the DC. http://technet.microsoft.com/en-us/library/cc758579(WS.10).aspxSanthosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX Blogs - http://blogs.sivarajan.com/ Articles - http://www.sivarajan.com/publications.html Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara This posting is provided AS IS with no warranties, and confers no rights.

Sorry, let me try and be clear-er. We have a split-brain dns domain whereby the ip addresses outside our firewall are different than the ones internally, e.g. outside: 68.118.30.4 - inside:199.5.4.3, natted at the firewall. The WAN is in place, working now. We're going to be changing all of our internal ip addresses to private. I've already printed out the article you describe above, but I suspect there's more to it and it needs to be done in a specific sequence. That's why I was wondering if someone had been through this before and had a step-by-step procedure they'd followed, instead of me re-inventing the wheel?

If you are changing the internal IP address, you need to update the NAT policy. Existing WAN IP address To new Internal IP address Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX Blogs - http://blogs.sivarajan.com/ Articles - http://www.sivarajan.com/publications.html Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara This posting is provided AS IS with no warranties, and confers no rights.

Not really what I'm looking for. We're changing entire domain from one class ip to another. So, what's the best order/process/steps to take to accomplish with Primary DC, other DC, dns, sql2005, IIS6, subnets, etc.

The order is going to depend on how the order of the VLANs on the physical network. If all of these systems are on the same subnet, you have no choice but to do them all at the same time. It will not be possible to re-IP some systems within the same VLAN while not doing others. This event will require some downtime. There really is no way around it. If it were me, I would do the server VLANs first. Keep in mind that you will most likely need to update your DHCP client settings and update any clients that have static IP configurations. Once your DC/DNS servers change their IPs, you most definitely want your clients with the updated information. If your DC/DNS servers live on different VLANs, you can get away with doing one group at a time so that while the segment is down, the clients can still point to the services running on the other network segments. Visit: anITKB.com, an IT Knowledge Base.

Thanks JM - I appreciate the reply. No we have about 8 or 9 subnets. Looks like it's Pepto Bismo time...

It shouldnt be that bad. As long as you don't support a 24x7 operation, taking a long weekend outage works best. I would recommend that you run IP scans prior to the IP change. You would be suprised how many devices you may have forgotton about that are connected to the network. Visit: anITKB.com, an IT Knowledge Base.

Thanks JM - so you say. I'm buying stock. Since we're a medical place, we're only closed on Sunday. I've read some stuff on ip scanners (then I'll compare that list to the DHCP) - any scanner that you prefer?

You'll be OK! With regard to an IP scanner, I have used the one from SolarWinds, but there are several free ones that you can download. 8 or 9 subnets and Sunday.... Sounds like you may want to do one every week, or at least one the first week and see how it goes. Consider changing your DHCP leases down to a day or less (I would say about an 1 hr) before you begin your work. That way, you can change the settings in DHCP and your clients will udpate quickly. Keep in mind, that when your leases are that short, you need to take good care of the DHCP server. If it happens to fail during this time, your clients will be out of leases within the hour. Of course, update the lease back to your normal time after the subnet has been converted. Then go to the next one, and so on. Visit: anITKB.com, an IT Knowledge Base.

Thanks, buddy! See, it's little tips like that that are so helpful. I really appreciate it... cheers.