If you have physical access to a domain controller, you can restart the domain controller in Directory Services Restore Mode locally. Restarting in Directory Services Restore Mode takes the domain controller offline. In this mode, the server is not functioning as a domain controller.
When you start Windows Server 2003 in Directory Services Restore Mode, the local Administrator account is authenticated by the local Security Accounts Manager (SAM) database. Therefore, logging on requires that you use the local administrator password, not an Active Directory domain password. This password is set during Active Directory installation when you provide the password for Directory Services Restore Mode.
To perform this procedure, you must provide the Administrator password for Directory Services Restore Mode.
To restart the domain controller in Directory Services Restore Mode locally
- Restart the domain controller.
- When the screen for selecting an operating system appears, press F8.
- On the Windows Advanced Options menu, select Directory Services Restore Mode.
- When you are prompted, log on as the local administrator.
To perform this procedure, you must be a member of the Domain Admins group in the domain of the domain controller whose IP address you are changing.
To change the static IP address of a domain controller
- Log on locally (also known as interactively) to the system console of the domain controller whose IP address you want to change. If you are not able to log on to the domain controller by using the domain, you may have to start the domain controller in Directory Services Restore Mode (DSRM). For more information, see Restart the domain controller in Directory Services Restore Mode locally (https://lazyadminblog.wordpress.com/2015/04/11/restart-the-domain-controller-in-directory-services-restore-mode-locally/).
On the desktop, right-click My Network Places, and then click Properties.
- In theNetwork Connections dialog box, right-click Local Area Connection, and then click Properties.
- In theLocal Area Connection Properties dialog box, double-click Internet Protocol (TCP/IP).
- In theInternet Protocol (TCP/IP) Properties dialog box, in the IP address box, type the new address.
- In theSubnet mask box, type the subnet mask.
- In theDefault gateway box, type the default gateway.
- In thePreferred DNS server box, type the address of the DNS server that this computer contacts.
- In theAlternate DNS server box, type the address of the DNS server that this computer contacts if the preferred server is unavailable.
- If this domain controller uses WINS servers, clickAdvanced and then, in the Advanced TCP/IP Settings dialog box, click the WINS
- If an address in the list is no longer appropriate, click the address, and then clickEdit.
- In theTCP/IP WINS Server dialog box, type the new address, and then click OK.
- Repeat steps 11 and 12 for all addresses that need to be changed, and then clickOK twice to close the TCP/IP WINS Server dialog box and the Advanced TCP/IP Settings dialog box.
- ClickOK to close the Internet Protocol (TCP/IP) Properties dialog box.
After you change the IP address of a domain controller, you should run the ipconfig /registerdns command to register the host record and dcdiag /fix command to ensure that service records are appropriately registered with DNS. For more information, see Dcdiag Overview and subordinate topics for additional information about the Dcdiag tool (https://lazyadminblog.wordpress.com/2015/04/11/dcdiag-overview/).
Changing the IP settings of a server does not affect the share resources or shared permissions on that server, if the name resolution structure DNS and WINS settings are correctly configured. However, if network drives or passive connections (connections that are made manually from a command prompt or run line) are mapped using the IP address, an update is required. For example, if a client computer has G: drive mapped using the following command net use g: \\192.168.0.199\data and the IP address of the server that hosts the Data shared folder is changed from 192.168.0.199 to 192.168.1.200, the new G: drive mapping command should be changed to net use g: \\192.168.1.200\data. A better solution would be to ensure that DNS name resolution is working properly and to use the server name, as opposed to the IP address, in the command. For example, if the server name is DC1, the command to map a G: drive to the Data share on the server is net use g: \\dc1\data. It changes only if the server name changes; it is not affected if the IP address of the server changes.