SQL Server Performance

Moving server to a new network domain - Issues ?

Discussion in 'SQL Server 2008 General DBA Questions' started by davidfarr, Mar 2, 2011.

  1. davidfarr Member

    We are currently in the process of moving the company servers to a new network domain. We currently have both the old and new domains on the network set up as trusted domains of each other. Eventually after everything is migrated, we will discontinue the old domain.
    We will soon need to move the SQL Server 2008 R2 server to the new domain. Some issues that I am already aware of are;
    Windows logins - I assume that SQL server logins would be unaffected by this change but that Windows logins would need to be re-created. Correct ?
    Services startup - All my SQL Server services are currently started/stopped under authority of a domain username. I would need to edit these service properties to change the service username and password. Correct ?
    Reporting Services - All reporting services permissions that are Windows user based would need to be reconfigured according to the new domain users. Are there any other critical configurations (apart from user permissions) that I should consider to ensure a successful migration ?
    SQL server master key, encryption keys and database keys - I have no idea how a change in domains could affect these keys. I am especially concerned that the key might no longer be valid on a new domain. I do have backups of all keys, but if a key becomes invalid on a new domain then even a backup is not going to save me if there is a problem. Any advice on the implications here would be greatly appreciated.
  2. satya Moderator

    Just clarify one bit here that, are you hosting the databases on new servers in the new domain or using same hardware by changing the DOMAIN on existing servers.
  3. davidfarr Member

    We are changing the domain on existing servers, nothing more. It is the same hardware and same installed instance.
    I have since learned that changing the SQL Server service account (from OldDomainServiceUser to NewDomainServiceUser) does affect the master key as described in the link below. It appears that I will need to regenerate a new master key under the new service account and keep a backup of the new key.
    http://msdn.microsoft.com/en-us/library/ms187788.aspx
  4. satya Moderator

    It is one of the best practice to discard (DELETE) the previous key and recreate a fresh one when the dOMAIN is changed, that will have good affect of new changes.

Share This Page