Changing netmask from /24 to /16 on a Windows 2003 domain

windows domain ip subnet netmask
5,703

Solution 1

If you have enough computers that a /24 isn't large enough it is seriously time to start switching over to DHCP.

If the addresses are set, there is no magic where you can set some single setting on the domain controller.

You could possibly build some kind of startup script that used the various command line tools to get the current settings and update them. This could result in broken systems without network access if you don't get it exactly right though.

If didn't mind performance issues you could setup your router to perform a proxy-arp so you don't have to change every system at once. The ability and procedure for this depends on what router you have.

As for DNS, you probably will just need to either additional /24 reverse zones, or remove your existing zone and add a /16. I am not aware of anyway to convert from a /24 to /16 on Windows.

My main concern is, if I change servers' masks from 255.255.255.0 to 255.255.0.0 do you think everyone will still be able to communicate? ... I just want to have time to do it, without having to shutdown the whole network.

Assuming you don't have any other usage in the 192.168.0.0/16 network, then you could start changing masks on systems. Just keep that until the masks are change on all systems, then systems with an IP address 192.168.0.0 - 192.168.0.255 and a /24 mask will not be able to communicate with machine with an address 192.168.1.0 - 192.168.255.254 and the /16 mask. So, you should probably re-number quickly, and you not actually use any of the new address space until you are done.

Solution 2

You need to be using DHCP. (When asked "How many computers do you have in a network before you use DHCP?" I always respond "More than 1.")

As long as you keep the default gateway device's address and the addresses of all your servers in the 192.168.0.0/24 network you simply can change the servers' subnet masks to 255.255.254.0 (/23) and start using addresses from 192.168.0.255 to 192.168.1.254 on client computers immediately. (This assumes that only the servers in the 192.168.0.0/24 range need to be able to communicate with the new devices in the "high addresses".) You can do this without making any changes to the existing statically-configured devices.

Once you've done this you can setup a DHCP server for the entire 192.168.0.0/23 network and begin to move the static devices to DHCP (whereupon they will get the new subnet mask).

You should create a 192.168.1.0 DNS reverse lookup zone and change the subnet object in your Active Directory from 192.168.0.0/24 to 192.168.0.0/23. Then you'll be in business.

Edit:

I'm a DHCP maniac. I love DHCP. I use DHCP reservations for all machines with "fixed" IP addresses (both machines that actually obtain their addresses from their reservations via DHCP and machines that truly have static IP addresses configured because they won't or can't use DHCP). I don't believe in the "IP address spreadsheet". The DHCP servers are the canonical reference for IP allocation.

(It does irritate me that Microsoft's DHCP server repeatedly logs errors about scopes that are nearly out or exhausted of IP addresses. I appreciate their concern but I'd love to be able to selectively disable this logging for scopes. I put everything into DHCP, including /30 subnets used between routers or subnets where the entire address space is excluded from address distribution but otherwise needs to be tracked. Getting log entries about these subnets is annoying.)

Share:
5,703
David
Author by

David

Updated on September 18, 2022

Comments

  • David
    David over 1 year

    I have a Windows 2003 domain using 192.168.0.0/24 with all static addresses (no dhcp). I want to move to 192.168.0.0/16 because we need more addresses. I understand that we need to change netmask from all computer from 255.255.255.0 to 255.255.0.0

    My questions are:

    1. Is there a way to not change netmask of all computer and changing our domain controller to 192.168.0.0/16?

    2. What change need to be done on DNS side (Active Directory) to be able to handle the new subnet?

    • Nic
      Nic about 12 years
    • Mathias R. Jessen
      Mathias R. Jessen about 12 years
      From a /24 to a /16? Why not a /23 or /22? I seriously doubt you need 64770 additional IP addresses overnight :P A quick question, all of your hosts are connected in the same network segment? And they will continue to be so?
    • David
      David about 12 years
      /16 is just standard to me (refering to old CLASS B addresses). And yes all hosts are connected in the same network segment and they will continue to be.
    • John Gardeniers
      John Gardeniers about 12 years
      I'll just point out that this would have been a trivial task had you used DHCP.
    • Spence
      Spence about 12 years
      @JohnGardeniers: I agree re: it being a trivial task if DHCP was already in use, but it's still fairly trivial to migrate to a /23 and start using the next contiguous /24 immediately.
    • John Gardeniers
      John Gardeniers about 12 years
      @Evan, I feel that long before a /24 subnet needs expanding DHCP should already have been implemented, even if through the use of reservations if all those machines really require fixed IP addresses.
  • David
    David about 12 years
    My main concern is, if I change servers' masks from 255.255.255.0 to 255.255.0.0 do you think everyone will still be able to communicate (as we have SQL server, Active directory, DNS) ? Also, I know what I need to change netmask on all computer, I just want to have time to do it, without having to shutdown the whole network.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is major network mask and subnet mask
What is the difference between a subnet mask and a netmask?
What significance does the subnet mask have for a public IP address?
Hazards of increasing network size by changing the netmask
windows 7 block UDP broadcast message
how to get subnet from ip address in java
No reply on ping 224.0.0.1
How can i calculate ip address range from subnet mask
How to match IP address by using 'findstr'? Or any other method of batch in windows
Find IP of computer, find IPs of all computers on LAN