Changing netmask from /24 to /16 on a Windows 2003 domain
I have a Windows 2003 domain using 192.168.0.0/24 with all static addresses (no dhcp). I want to move to 192.168.0.0/16 because we need more addresses. I understand that we need to change netmask from all computer from 255.255.255.0 to 255.255.0.0
My questions are:
Is there a way to not change netmask of all computer and changing our domain controller to 192.168.0.0/16?
What change need to be done on DNS side (Active Directory) to be able to handle the new subnet?
Solution 1:
If you have enough computers that a /24
isn't large enough it is seriously time to start switching over to DHCP.
If the addresses are set, there is no magic where you can set some single setting on the domain controller.
You could possibly build some kind of startup script that used the various command line tools to get the current settings and update them. This could result in broken systems without network access if you don't get it exactly right though.
If didn't mind performance issues you could setup your router to perform a proxy-arp so you don't have to change every system at once. The ability and procedure for this depends on what router you have.
As for DNS, you probably will just need to either additional /24
reverse zones, or remove your existing zone and add a /16
. I am not aware of anyway to convert from a /24
to /16
on Windows.
My main concern is, if I change servers' masks from 255.255.255.0 to 255.255.0.0 do you think everyone will still be able to communicate? ... I just want to have time to do it, without having to shutdown the whole network.
Assuming you don't have any other usage in the 192.168.0.0/16
network, then you could start changing masks on systems. Just keep that until the masks are change on all systems, then systems with an IP address 192.168.0.0 - 192.168.0.255
and a /24
mask will not be able to communicate with machine with an address 192.168.1.0 - 192.168.255.254
and the /16
mask. So, you should probably re-number quickly, and you not actually use any of the new address space until you are done.
Solution 2:
You need to be using DHCP. (When asked "How many computers do you have in a network before you use DHCP?" I always respond "More than 1.")
As long as you keep the default gateway device's address and the addresses of all your servers in the 192.168.0.0/24 network you simply can change the servers' subnet masks to 255.255.254.0 (/23) and start using addresses from 192.168.0.255 to 192.168.1.254 on client computers immediately. (This assumes that only the servers in the 192.168.0.0/24 range need to be able to communicate with the new devices in the "high addresses".) You can do this without making any changes to the existing statically-configured devices.
Once you've done this you can setup a DHCP server for the entire 192.168.0.0/23 network and begin to move the static devices to DHCP (whereupon they will get the new subnet mask).
You should create a 192.168.1.0 DNS reverse lookup zone and change the subnet object in your Active Directory from 192.168.0.0/24 to 192.168.0.0/23. Then you'll be in business.
Edit:
I'm a DHCP maniac. I love DHCP. I use DHCP reservations for all machines with "fixed" IP addresses (both machines that actually obtain their addresses from their reservations via DHCP and machines that truly have static IP addresses configured because they won't or can't use DHCP). I don't believe in the "IP address spreadsheet". The DHCP servers are the canonical reference for IP allocation.
(It does irritate me that Microsoft's DHCP server repeatedly logs errors about scopes that are nearly out or exhausted of IP addresses. I appreciate their concern but I'd love to be able to selectively disable this logging for scopes. I put everything into DHCP, including /30 subnets used between routers or subnets where the entire address space is excluded from address distribution but otherwise needs to be tracked. Getting log entries about these subnets is annoying.)