locked
Joining Production SQL Server to a domain RRS feed

  • Question

  • Hello everyone, 

    I have a client that has been running a SQL Server outside of the domain for a couple months or years. 

    SQL Server 2008, on Win 2008 R2.

    The SQL Server in questions hosts 3 databases and it is currently in production. 

    His Security Admin guys kept him from adding the server to the domain. They see it as a potential risk to the network. 

    There's now a need to have the server added to the domain so we can have the server clustered and mirrored, which will not work with a server outside of the domain. 

    Do you guys see an issue with adding a current standalone production server to the domain?

    Let me know your thoughts. 


    --- Best Regards, Igor Santos Twitter: @sqlsantos Blog: sqlsantos.wordpress.com

    Wednesday, June 19, 2013 3:15 PM

Answers

  • If I am not wrong this question would be better answered in Active directory forum. Just assuming.

    Anyways when ur server comes in Domain lot of things will be restricted by AD policy so you have to check ur

    1. Connections coming to sql server( they might face error)

    2. Current SQL server logins( SSPSI handshake error)

    3. Trust with other domains while communicating

    3.A user might be Admin in local server but he might not be able to perform some Win server related activities for server in domain due to policy

    These were which i faced ...hope it helps

    But is most cases process would be smooth


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    Wednesday, June 19, 2013 3:37 PM

All replies

  • If I am not wrong this question would be better answered in Active directory forum. Just assuming.

    Anyways when ur server comes in Domain lot of things will be restricted by AD policy so you have to check ur

    1. Connections coming to sql server( they might face error)

    2. Current SQL server logins( SSPSI handshake error)

    3. Trust with other domains while communicating

    3.A user might be Admin in local server but he might not be able to perform some Win server related activities for server in domain due to policy

    These were which i faced ...hope it helps

    But is most cases process would be smooth


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    Wednesday, June 19, 2013 3:37 PM
  • Hello,


    You can use the following considerations to strength security on the SQL Server instance and avoid creating security risks on the domain:

    • Use a local user account or a domain account as SQL Server service account instead of using accounts like Local System.
    • Configure SQL Server to use Windows Authentication only, if possible.
    • Uninstall features and tools that are not used. Remove Books Online.
    • Disable MSDTC and SQL Server Agent, if possible.
    • Remove named pipes protocol, if TCP/IP is the protocol used by clients/applications.
    • Use complex passwords.


    Hope this helps.


    Regards,

    Alberto Morillo
    SQLCoffee.com



    Wednesday, June 19, 2013 4:09 PM