Today i had a situation to change the domain of all my filers due to a major acquisition in my company.
Please note changing domain of a filer will have disruption to you storage accessed through network ( NAS ) make sure No open files at the time OF change cause it may cause corruption to the files but your LUNS will be just fine. Recommended to perform this during off-peak hours.
After change ask users to remount the shares using new fully qualified domain name or can jus use the Filer name followed by share name
Remember before proceeding make sure you have a Windows account with administrative privileges handy.
First terminate the CIFS
Nayab> cifs terminate
Then run the cifs setup
Nayab> cifs setup
Now follow the prompts below and choose
Do you want to delete the existing filer account information? [no]
Delete your existing account information by entering yes at the prompt.
Note: You must delete your existing account information to reach the DNS server entry prompt.
After deleting your account information, you are given the opportunity to rename the storage system:
The default name of this filer will be 'Nayab'.
Do you want to modify this name? [no]:
Keep the current storage system name by pressing Enter; otherwise, enter yes and enter a new storage system name.
Data ONTAP displays a list of authentication methods:
Data ONTAP CIFS services support four styles of user authentication. Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Work group authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
It chooses the domain 1 by default
Selection (1-4)? [1]:
Now enter the new domain Name
What is the name of the Active Directory domain? [nayab.corp]: nayabrs.corp
In Active Directory-based domains, it is essential that the filer's
time match the domain's internal time so that the Kerberos-based
authentication system works correctly. If the time difference between
the filer and the domain controllers is more than 5 minutes,
authentication will fail. Time services are currently not configured
on this filer.
Would you like to configure time services? [y]: n
In order to create an Active Directory machine account for the filer,
you must supply the name and password of a Windows account with
sufficient privileges to add computers to the NAYABRS.CORP domain.
Enter the name of the Windows user [Administrator@NAYABRS.CORP]:
Password for Administrator@NAYABRS.CORP:
Respond to the remainder of the cifs setup prompts; to accept a default value, press Enter.
Upon exiting, the cifs setup utility starts CIFS.
Confirm your changes by entering the following command:
Nayab> cifs domaininfo
cifs domaininfo
NetBios Domain: NAYAB
Windows 2003 Domain Name: nayab.corp
Type: Windows 2003
Filer AD Site: Singapore
Current Connected DCs: \\DOMAINC01
Total DC addresses found: 4
Preferred Addresses:
None
Favored Addresses:
192.168.2.34 DOMAINC01 PDC
192..168.3.35
92.168.2.20 PDC
PDC
Other Addresses:
192.254.52.71 BDC
Connected AD LDAP Server: \\domainc02.nayab.corp
Preferred Addresses:
None
Favored Addresses:
192.168.2.34
domain02.nayab.corp
192..168.3.35
domainc02.nayab.corp
192.168.2.20
domainc01.nayab.corp
Other Addresses:
None
Please note changing domain of a filer will have disruption to you storage accessed through network ( NAS ) make sure No open files at the time OF change cause it may cause corruption to the files but your LUNS will be just fine. Recommended to perform this during off-peak hours.
After change ask users to remount the shares using new fully qualified domain name or can jus use the Filer name followed by share name
Remember before proceeding make sure you have a Windows account with administrative privileges handy.
First terminate the CIFS
Nayab> cifs terminate
Then run the cifs setup
Nayab> cifs setup
Now follow the prompts below and choose
Do you want to delete the existing filer account information? [no]
Delete your existing account information by entering yes at the prompt.
Note: You must delete your existing account information to reach the DNS server entry prompt.
After deleting your account information, you are given the opportunity to rename the storage system:
The default name of this filer will be 'Nayab'.
Do you want to modify this name? [no]:
Keep the current storage system name by pressing Enter; otherwise, enter yes and enter a new storage system name.
Data ONTAP displays a list of authentication methods:
Data ONTAP CIFS services support four styles of user authentication. Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Work group authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
It chooses the domain 1 by default
Selection (1-4)? [1]:
Now enter the new domain Name
What is the name of the Active Directory domain? [nayab.corp]: nayabrs.corp
In Active Directory-based domains, it is essential that the filer's
time match the domain's internal time so that the Kerberos-based
authentication system works correctly. If the time difference between
the filer and the domain controllers is more than 5 minutes,
authentication will fail. Time services are currently not configured
on this filer.
Would you like to configure time services? [y]: n
In order to create an Active Directory machine account for the filer,
you must supply the name and password of a Windows account with
sufficient privileges to add computers to the NAYABRS.CORP domain.
Enter the name of the Windows user [Administrator@NAYABRS.CORP]:
Password for Administrator@NAYABRS.CORP:
Respond to the remainder of the cifs setup prompts; to accept a default value, press Enter.
Upon exiting, the cifs setup utility starts CIFS.
Confirm your changes by entering the following command:
Nayab> cifs domaininfo
cifs domaininfo
NetBios Domain: NAYAB
Windows 2003 Domain Name: nayab.corp
Type: Windows 2003
Filer AD Site: Singapore
Current Connected DCs: \\DOMAINC01
Total DC addresses found: 4
Preferred Addresses:
None
Favored Addresses:
192.168.2.34 DOMAINC01 PDC
192..168.3.35
92.168.2.20 PDC
PDC
Other Addresses:
192.254.52.71 BDC
Connected AD LDAP Server: \\domainc02.nayab.corp
Preferred Addresses:
None
Favored Addresses:
192.168.2.34
domain02.nayab.corp
192..168.3.35
domainc02.nayab.corp
192.168.2.20
domainc01.nayab.corp
Other Addresses:
None
Do we need to put and entry in new
ReplyDeletedomain servers
I am glad you take pride in what you write. This makes you stand way out from many other writers that push poorly written content. pasadena moving companies
ReplyDelete