Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, November 2, 2007 4:25 PM
Help! Last not we had to re-IP one of our Windows 2003 Domain Controllers that is running DHCP. After changing the IP address for the Domain Controller in DNS and making the IP change to the DC we were able to go out and add the Domain Controller to the list of "authorized" DHCP servers on our Root DC with the new IP address but when we tried to unauthorize the entry for the DC that specified the old IP address we get a message back indicating that "There is no such object on the server." So... what we currently have is a list of authorized DHCP server with two entries in the list with different IP addresses. We would really appreciate any help in getting this old DHCP server out of the list.
All replies (2)
Tuesday, November 6, 2007 11:03 PM âś…Answered | 5 votes
I am assuming that the problem occured due to the fact that the ip address was changed prior to the unauthorization process. The error is probably caused because of the direct ties between AD and DNS. Since DNS couldn't verify the server name by ip address, it shows it as a missing object.
On a Domain Controller, open an mmc and add the snap-in ADSI Edit.
Right click on ADSI Edit and click connect to.
In connection settings, connection point, select or type a Distinguished Name or Naming Context. Enter CN=NetServices,CN=Services,CN=Configuration,DC=Your Domain,DC=com then click ok.
Expand the default naming context, highlight the path in the left pane, and you should see CN=DhcpRoot on the right.
Double click it, and edit the dhcpServers attribute to reflect the correct computers.
Restart your dhcp service. Then verify your list in Manage Authorized Servers... you may have to click the refresh button.
Cheers
Note: This Post was meant to simplify the text in the above post.
Monday, November 5, 2007 6:59 PM
I thought I would add something to my own post. Not sure of the root problem but apparently when we change IP addresses in DNS and on the server itself, something got hosed up inside Active Directory and the only way to fix the issue was to go into ADSIEDIT.MSC and manually remove entries. The symptoms we observed inside ADSIEDIT was the fact that we had an old entry that contained the FQDN as part of the distinguished name and a new, second entry that contained the server's IP address in place of the FQDN as part of the distinguished name in Active Directory. To get things corrected we had to delete entries in AD using ADSIEDIT and also through the DHCP Authorized Servers applet to remove both the old and new entries and then re-add the server to the approved DHCP servers list. When we cleared all traces of the server from Authorized Servers applet we were then able to re-add the server to the approved servers list and this time the server was correctly added so the FQDN was a part of the distinguished name. When using the ADSIEDIT. MSC applet we had to drill down withing CONFIGURATION and then inside CN=Services then down inside CN=NETServices. At this point this is where we saw the entry containing the FQDN and a second entry containing the IP address under the name column.
If anyone else has a better understanding of why this is happening on an IP address change I would appreciate any additional information as to how one might be able to prevent it from happening again.