March 6, 2008 at 10:41 am
All
I have a client who has decided to change their domain name!
I am wondering if anyone else has had experiance with this and looking for potential issues that may come up.
1) all security logins are domain based......so I will have to change the logins to the new names
2) re-add all security at the database level. Anyone have a good script?
3) change all of my link server security
4) DTS has alot of ftp and other processes where a name is hard coded
5) firewall changes
6) ID the SQL Server is running under....plus other SQL agent, browser...SSIS....
Anyone think of anything else?
Thanks in Advance
Eric
March 6, 2008 at 11:08 am
I think 1 and 3 (possibly) will need to be redone.
2 shouldn't matter.
4 - depends on the hard-coding.
Service accounts might need to be reset.
March 6, 2008 at 2:11 pm
The list continues to grow......
Server Security
•Local server access granted to domain user
•Local groups
•Domain Users granted to specific Local groups
•Local disk shares
•FTP access
System Programs
•SQL Server running user-id
•SQL Server Agent running ID
•SSIS Id
•SQL Server browser
•FTP access
•File copy programs ( for post exports )
•Applications running on the database machine
SQL Server internal changes
•Domain users and domain security groups (domain accounts) granted SQL login (DLSQL)
•DLSQL associated with SQL Server roles
•Link servers security hard coded security
•DTS and SSIS with hard coded security
•Jobs owned by DLSQL
•Log shipping security
•Mirroring security
•For each database under each SQL Server
o DLSQL granted database user access
o DLSQL associated with Database roles
o DLSQL associated with specific object Grants ( insert, update, select, execute, etc)
o DLSQL as DBOwners
o DLSQL is a schema owner
Other tasks
•SQL Server Backups will not contain Domain Logins from before the change.
Restores may be impacted.
•SQL Server and other system programs will need to get rebooted to use the
new domain id
•DNS will need to get flushed before programs are booted.
•Cluster setup. Don’t know if this will need changes.
•SAN Access. Don’t know on this one as well
Issues and concerns
1.There is no way to test the system before turning off the domain. Any of the above manual changes not completed may cause a job failure.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply