none
Changing Windows domain name, how effect SQL Server Security Infrastructure? RRS feed

  • Question

  • We have a server that has an instance of SQL Server 2008 and the windows domain name will be changing from AB to AB02.  This server is also the publisher to a merge replication environment.  What concerns do we need to be worried about?  Especially the security infrastructure, for example we have Logins AB\Username, after the windows domain name change will scripts need to be ran to change the logins to AB02\Username or will this automatically happen?  Will any additional changes need to be made for the database users and roles?

     

    SSMS allows the ability to change the logins and users name, would this approach be acceptable?  For example change Login AB\Name to AB02\Name?

     

    Thanks in advance,

    Toni

    Thursday, December 8, 2011 6:20 PM

Answers

  • Hi Toni,

    As you can image, the instance name and Windows login name need to be renamed if the domain is changed. You can look into the articles to rename computer name and login name. The service account is required to change if it is a domain account.

    Moreover, SQL Server is not allowed to rename the computer if the replication is implemented without log shipping. You may need to remove the replication and reform it after you completed the task.

    For more information, please pay attention to this thread on this topic: Change AD domain membership of a Server 2008 running MS SQL 08.


    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Stephanie Lv

    TechNet Community Support

    • Marked as answer by Stephanie Lv Thursday, December 15, 2011 9:25 AM
    Monday, December 12, 2011 2:12 AM

All replies

  • This change will cause you a whole lot of pain.  Logins will need to be changed, role memberships will need to be updated, merge replication will need to be reconfigured.  None of this will be done automatically.
    Jeff Wharton
    MSysDev (C.Sturt), MDbDsgnMgt (C.Sturt), MCT, MCPD, MCITP, MCDBA
    Blog: Mr. Wharty's Ramblings
    MC ID: Microsoft Transcript

    Please mark answered if I've answered your question and vote for it as helpful to help other user's find a solution quicker
    Friday, December 9, 2011 1:32 AM
  • adding to what Jeff has said when you change the service account that your instance of SQL is running under make sure that you use the configuration manager for the new domain account. Also make sure that your new domain account has the appropriate permissions to continue on working as they are now.

    If you have the ability to I would look at doing first in a test environment to ensure that you have not missed anything. Make sure you do your preparation and have your check list to ensure you have covered all of your bases.

    I hope this helps


    Warwick Rudd
    MCT MCITP SQL Server 2008 Admin
    My Blog
    -------------------------------------------------------
    Please mark as Answered if I have answered your question
    Please vote if this was useful
    -------------------------------------------------------
    Movember is here. Show your support for Mens Health
    by making a donation here - Movember
    Friday, December 9, 2011 1:36 AM
  • Thank you for the replies, does anyone know of a KB article or any other resource that would give step by step details on what exactly needs to be done to modify the SQL Server Security Infrastructure to handle the new domain name change? 

    Thanks,

    Toni


    Toni
    Friday, December 9, 2011 5:43 PM
  • Hi Toni,

    As you can image, the instance name and Windows login name need to be renamed if the domain is changed. You can look into the articles to rename computer name and login name. The service account is required to change if it is a domain account.

    Moreover, SQL Server is not allowed to rename the computer if the replication is implemented without log shipping. You may need to remove the replication and reform it after you completed the task.

    For more information, please pay attention to this thread on this topic: Change AD domain membership of a Server 2008 running MS SQL 08.


    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Stephanie Lv

    TechNet Community Support

    • Marked as answer by Stephanie Lv Thursday, December 15, 2011 9:25 AM
    Monday, December 12, 2011 2:12 AM