Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Move SQL Server Machine to another Domain Expand / Collapse
Author
Message
Posted Tuesday, February 11, 2014 7:08 AM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: 2 days ago @ 3:00 PM
Points: 4,175, Visits: 4,257
I was asked what it took to move a SQL Server 2008 R2 to another Domain.

The article listed below describes the action necessary to do so:


http://dba.stackexchange.com/questions/37583/moving-sql-server-to-different-domain


Does anyone have any additional input?

Thank you.


For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/

For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Post #1540176
Posted Sunday, February 16, 2014 1:42 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, July 15, 2014 1:02 AM
Points: 4, Visits: 31
hi
Post #1541927
Posted Sunday, February 16, 2014 1:53 PM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: 2 days ago @ 3:00 PM
Points: 4,175, Visits: 4,257
Hi to you.

For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/

For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Post #1541930
Posted Monday, February 17, 2014 9:41 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 9:02 AM
Points: 1,023, Visits: 1,092
Assuming the machine-name will change, then make sure you run sp_dropserver/sp_addserver (Step L in the linked article). Definitely a gotcha step.

I've never migrated an existing database server between domains; I have renamed a server, and that causes sufficient hassles!

You don't mention if your current server is virtualised or physical?

Depending on the complexity of your current server config, I would be tempted to start with a fresh install. Again, depending on your IT infrastructure, a new OS might be a few clicks in HyperV/vSphere. Followed by MSSQL install and data migration. If you have a physical machine, then not to easy to accomplish.

Andy
Post #1542204
Posted Monday, February 17, 2014 10:31 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 4:09 PM
Points: 6,163, Visits: 13,306
Welsh Corgi (2/11/2014)
I was asked what it took to move a SQL Server 2008 R2 to another Domain.

The article listed below describes the action necessary to do so:


http://dba.stackexchange.com/questions/37583/moving-sql-server-to-different-domain


Does anyone have any additional input?

Thank you.

Moving domains for a sql server has no major headaches. Any current windows logins would need to be changed if there is no trust between the old and new domains.
You'll likely need to change the service account as well, which you should do via SQL Server configuration manager.
Since your only moving domains and not changing the server name, it should be straightforward.


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1542220
Posted Monday, February 17, 2014 1:42 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Friday, July 18, 2014 9:25 AM
Points: 1,229, Visits: 2,727
Service ID for SQLServer will need changed on the Configuration panel...

UserIDs: Need to give that service ID on the new Domain 'sa' rights...

All users using their domain ID within SQL Server will need recreated on the new domain within sql server....

If it is a clustered SQL Server there are many more steps. You don't say it is clustered so I am guessing it isnt



Post #1542274
Posted Tuesday, February 18, 2014 2:23 PM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 8:37 AM
Points: 861, Visits: 2,356
Markus (2/17/2014)
Service ID for SQLServer will need changed on the Configuration panel...

UserIDs: Need to give that service ID on the new Domain 'sa' rights...

All users using their domain ID within SQL Server will need recreated on the new domain within sql server....

If it is a clustered SQL Server there are many more steps. You don't say it is clustered so I am guessing it isnt


If you can do cleanup, the new service ID should NOT be a Windows or Domain admin.
If you run into file by file NTFS security issues, from the command line
icacls * /reset /t 

is useful - it'll set an entire (SQL Server) subdirectory tree to the same permissions as the directory you're in, if you get into a problem.

Don't forget to set your SPN's again, and make sure the new domain service account is trusted for Kerberos delegation.

Check to be sure @@SERVERNAME and SERVEROPTION('servername') report the same name after you're done.

If you've got "Force [connection] encryption on" you'll need to generate and sign a new SSL cert because the FQDN changes, and you will of course need to grant Read permission on the private key to the new service login.
Post #1542748
Posted Sunday, February 23, 2014 3:16 PM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: 2 days ago @ 3:00 PM
Points: 4,175, Visits: 4,257
Thanks for the input.

For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/

For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Post #1544313
Posted Monday, February 24, 2014 6:35 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 12:29 PM
Points: 1,211, Visits: 6,540
Be aware that if it is to a new trusted domain, if you are using SID History, some things may work until they get rid of SID History.
Also when using Kerberos, besides SPN's, you need to make sure delegation is allowed on the accounts.
So more is involved than just making sure you have new endpoints.
Post #1544470
Posted Monday, February 24, 2014 9:47 AM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: 2 days ago @ 3:00 PM
Points: 4,175, Visits: 4,257


Thank you for the responses.


For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/

For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/

Post #1544616
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse