What's involved with switching an SQL server to a new domain? Holds Citrix XenDesktop database RRS feed

  • General discussion

  • We had built out a new domain, and joined an SQL server to it, then created a Citrix XenDesktop database on it. 

    A decision was made to abandon this new domain, so I must join this server to the old, existing domain.  Of course, joining the Windows server itself to a new domain is straightforward, but how that affects SQL or databases on it I have no idea.

    Of course I will check with Citrix on any vendor-specific steps, but I expect they'll tell me to call Microsoft.  I assume most things will need done on the SQL server itself.  I've never done this before so would need a very detailed step-by-step walkthrough on it.  XenDesktop environment is virtual machines, so doing this properly is *very* critical.

    All I can find from Microsoft is this weird article, which to me doesn't seem to give a step by step how-to:   


    • Edited by dilbert2015 Thursday, February 11, 2016 9:51 PM
    Thursday, February 11, 2016 4:38 PM

All replies

  • Changing the domain name does not effect the SQL Server Service.  If you are using Windows authentication, then you need to change all the logins associated with the old domain to the new domain.

    Thursday, February 11, 2016 8:18 PM
  • So are you saying that it should be as easy as just joining the server itself (OS) to the other domain ??    SQL doesn't embed the domain name anywhere in its files/reg entries, etc?

    As far as logins, I'm sure I took the default during installation, which is "Windows Auth", is it not ? When I login via Mngmt Studio, it's set to Windows Auth.   As well as, during my Citrix delivery controller install, before it created the database it warned that "Windows Auth is required; you can't authenticate if you configured an explicit username and password on the SQL server".

    So obviously, my Citrix delivery controllers do write to the database.   But where they store their login credentials to the SQL server though, I don't know.  All the Citrix services on the delivery controller itself seem to all show Log On as network service.  When I look in SQL Mngmt Studio, Security, Users, I see MYDOMAIN\MYDDC1$ , where MYDDC1 is the hostname of my delivery controller.  These also appear under the SQL instance itself under Logins.  I did not create these manually so Citrix delivery controller install had to have.  And that domain is the correct one.(where I'll be joining the SQL Server.  I have a domain trust set up)    

    For the SQL  Instance, under Logins, I also see the domain admin account for BOTH domains.

    For the SQL  Instance, these MYDDC1 entries have only the "public" server role.

    On the Citrix database, these MYDDC1 entries have the following membership:

    • Edited by dilbert2015 Thursday, February 11, 2016 10:28 PM
    Thursday, February 11, 2016 9:51 PM
  • No. There is nothing in SQL Server referencing the domain other than security.  If the services are running under a domain account, you need to change those.

    You will need to resetup security on the new domain to match the old logins/security for Windows AD authentication.

    Friday, February 12, 2016 1:05 PM
  • Thanks Tom.   I'm sure the Citrix services are using "Log On as network service" as stated above.

    You will need to resetup security on the new domain to match the old logins/security for Windows AD authentication. >>  Unclear what you mean.  Can you elaborate or give an example?   There are a couple domain accounts listed in Logins, and they are duplicated there, from both domains.  (all users in our two domains are a mirror copy...I had migrated them using Microsoft's AD migrator)   I believe this is what you're getting at?

    And I'm an SQL newbie, but from my description above, doesn't it appear that the servers themselves (versus a domain account) were given access on a SERVER (versus user) level to both the SQL instance and the Citrix database?  I wasn't even aware one could do that, but then again the install did it, I didn't.  Found this article which seems to confirm it: http://support.citrix.com/article/CTX127998    Those servers (MYDDC1, MYDDC2) are also already joined to the new domain.   

    • Edited by dilbert2015 Friday, February 12, 2016 3:13 PM
    Friday, February 12, 2016 2:49 PM
  • Please see:


    Run the stored proc and then search/replace the output with the old domain name and replace with the new domain name.

    Monday, February 15, 2016 1:30 PM
  • Thank you.  However, since that article is about working between TWO servers, and again I have only one server (that's changing domains), my notes to adjust their directions are as follows.  Please advise if you disagree:

    Method 3: Create a log in script that has a blank password
    Start Management Studio.  In a query window, run the script provided.
    Run the revlogin statement.   (still in a query window?)
    Close and reopen Management Studio.
    In a query window,, run the output script that the revlogin procedure created.


    Tuesday, February 16, 2016 3:33 PM
  • Run the script in the above link. 

    Search/Replace output of stored proc "OldDomain" with "NewDomain". 

    Run output script.

    Tuesday, February 16, 2016 3:38 PM