June 26, 2015 at 10:10 am
Our company was acquired by another company a couple years back and they are now telling us that they'll be switching us over to their domain in the near future.
Our 30+ SQL Servers (2005, 2008, 2012, and 2014) are all configured to use both SQL and windows authentication, which use primarily windows authentication for access in the form of AD groups, specific service accounts, etc.
If the existing domain becomes "unavailable" my understanding is SQL Server won't be able to authentication anyone, and if it's crashes/restarted it won't even be able to start up (as the service account would be tied to the non-existent domain).
So basically everything windows auth-related would need to change from:
OLDDOMAIN\account
NEWDOMAIN\account
How on earth do I go about changing every SQL server to just "accept" the new domain?
Has anyone else out there had to go through this?
Any gotchas/recommendations?
______________________________________________________________________________Never argue with an idiot; Theyll drag you down to their level and beat you with experience
June 29, 2015 at 6:54 am
editied
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
June 29, 2015 at 7:16 am
the service accounts will need to be changed in the initial phase, this should be done via sql server configuration manager.
Once the instances are online you may start to script out logins and then recreate them, this will be necessary as the new windows accounts SIDs will no longer match the original windows SIDs you'll end up with orphaned database users.
Once the new windows logins have been created you may then loop through each database user and use the ALTER USER command to change the database user mapping, like so
ALTER USER [OLDDomain\bob] WITH NAME = [NEWDomain\bob], LOGIN = [NEWDomain\bob]
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
August 5, 2015 at 1:26 pm
We used some type of purchased tool that would migrate everything server wise to a new domain. It would see the domain users within SQL Server and then create new IDs with the same access within SQL Server as it migrated the server to the new domain. I cannot remember the tool though as that was in 2010.
August 7, 2015 at 12:30 pm
Both good recommendations, I really appreciate it!
______________________________________________________________________________Never argue with an idiot; Theyll drag you down to their level and beat you with experience
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply