May 5, 2005 at 2:18 pm
What kind of SQL Server issues might I encounter in a Conversion from NT domains to MS Active Directory? The deployment plan is as follows:
STEP 1: Shutdown NT XXX domain Primary Domain Controller
STEP 2: Upgrade Backup Domain Controller to Active Directory
STEP 3: Insert additional new server running Active Directory into Active Directory Tree.
Are we missing any Steps?
Help? I am the DBA supporting and have the feeling that I'm on the tracks and I hear a train!
May 5, 2005 at 3:46 pm
We had several domain migrations. I was resposible only for SQL Server transition, not for the actual domain transition. The move to Active Directory as compared to just domain transition was different only that new Windows logins and Groups confirming new naming convention standards were created for Windows users. In your case it is not probably the case.
What about your domain name? The biggest issue is when the domain name changes. SQL Server Integrated logins are different in this case and everything that is in the security context of othose logins had to be changed. I did not get it then and it may have being changed with the SQL Server service packs. I am always under impression that everything security is tracked by SID, but we had a following issue: for example the jobs running in the security context of integrated OldDomain\WindowsUser did not run after domain migration with the error message of non-existent login. We had to re-add NewDomain\WindowsUser and reset the job security context. The funny thing was that Windows SIDs were migrated, no problem, so NewDomain\WindowsUser had the same SID as OldDomain\Windows user.
Another issue if the domain name will be changed may be connection strings and fully qualified domain server names.
So watch Integrated logins, jobs, SQL Server startup accounts and policies. It is more room for policies in Active Directory and the default policies may be not what you expect. For example the password expiration policy. Make sure you startup and application accounts have Password Never Expires in Active Directory.
Yelena
Regards,Yelena Varsha
May 6, 2005 at 6:55 am
We've been promised that the domain name won't change. Hopefully, after the domain migration we won't get the error message of non-existent login.
Thanks
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply