Follow by Email

Tuesday, June 3, 2014

Moving a Netapp Filer from an old domain to a New Domain

Today i had a situation to change the domain of all my filers due to a major acquisition in my company.

Please note changing domain of a filer will have disruption to you storage accessed through network ( NAS ) make sure No open files at the time OF change cause it may cause corruption to the files but your LUNS will be just fine. Recommended to perform this during off-peak hours.

After change ask users to remount the shares using new fully qualified domain name or can jus use the Filer name followed by share name

Remember before proceeding make sure you have a Windows account with administrative privileges handy.

 First terminate the CIFS
   
Nayab> cifs terminate

   Then run the cifs setup

Nayab> cifs setup

    Now follow the prompts below and choose

    Do you want to delete the existing filer account information? [no]

    Delete your existing account information by entering yes at the prompt.

    Note: You must delete your existing account information to reach the DNS server entry prompt.

    After deleting your account information, you are given the opportunity to rename the storage system:

    The default name of this filer will be 'Nayab'.
    Do you want to modify this name? [no]:

    Keep the current storage system name by pressing Enter; otherwise, enter yes and enter a new storage system name.

    Data ONTAP displays a list of authentication methods:

    Data ONTAP CIFS services support four styles of user authentication. Choose the one from the list below that best suits your situation.
    (1) Active Directory domain authentication (Active Directory domains only)
    (2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
    (3) Windows Work group authentication using the filer's local user accounts
    (4) /etc/passwd and/or NIS/LDAP authentication

It chooses the domain 1 by default

 Selection (1-4)? [1]:

Now enter the new domain Name

What is the name of the Active Directory domain? [nayab.corp]: nayabrs.corp

        In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.

Would you like to configure time services? [y]: n

        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the NAYABRS.CORP domain.
Enter the name of the Windows user [Administrator@NAYABRS.CORP]:
Password for Administrator@NAYABRS.CORP:

    Respond to the remainder of the cifs setup prompts; to accept a default value, press Enter.

    Upon exiting, the cifs setup utility starts CIFS.

    Confirm your changes by entering the following command:

    Nayab> cifs domaininfo



cifs domaininfo
NetBios Domain:           NAYAB
Windows 2003 Domain Name: nayab.corp
Type:                     Windows 2003
Filer AD Site:            Singapore

Current Connected DCs:    \\DOMAINC01
Total DC addresses found: 4
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.2.34    DOMAINC01         PDC
                          192..168.3.35
                           92.168.2.20                  PDC
                                               PDC
Other Addresses:
                          192.254.52.71                    BDC

Connected AD LDAP Server: \\domainc02.nayab.corp
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.2.34
                           domain02.nayab.corp
                          192..168.3.35
                           domainc02.nayab.corp
                          192.168.2.20
                           domainc01.nayab.corp
Other Addresses:
                          None


  




1 comment:

  1. Do we need to put and entry in new
    domain servers

    ReplyDelete