Subscribe

moving a Netapp Filer from an old domain to a New Domain

[ Edited ]

Hello Guys,  

 

 

we using NetApp 2552 storage (8.2.2P1 -7-Mode) and we are moving a Netapp Filer from an old domain to a New Domain

Our domain server is Windows 2012 R2  Server and all the security and permission are handled by the Active Directory. And there is no storage level security or permission used.

Around 200+ users are accessing the storage (via- cifs protocol)

Please provide me some helpful tips on details for the procedure on what to do if we are going to change our domain. And let me know what will be the expected impacts or problems and how can I resolve it.

Need to take any backup (Configuration files)

What about SID, is it change?

User face any files access and permissions issues?

 

 

Re: moving a Netapp Filer from an old domain to a New Domain

Hi Anand,

 

Did you migrated or replicated all the AD settings from old Domain controller to new DC ? If yes then just follow the steps below to change you Netapp controller to new domain 

 

 

Please note changing domain of a filer will have disruption to you storage accessed through network ( NAS ) make sure No open files at the time of change because it may cause file corruption. Recommended to perform this during off-peak hours.

After change ask users to remount the shares using new fully qualified domain name or can just use the Filer name followed by share name 

Remember before proceeding make sure you have a Windows account with administrative privileges handy of the new Domain server

 First terminate the CIFS
    
Netapp7> cifs terminate

   Now run the cifs setup 

Netapp7> cifs setup

    Now follow the prompts below and choose

    Do you want to delete the existing filer account information? [no] Yes

   Note: You must delete your existing account information to reach the DNS server entry prompt.


    After deleting your account information, you are given the opportunity to rename the storage system:

    The default name of this filer will be 'Netapp7'.

    Do you want to modify this name? [no]:

    Keep the current storage system name by pressing Enter; otherwise, enter yes and enter a new storage system name.

    Data ONTAP displays a list of authentication methods:

    Data ONTAP CIFS services support four styles of user authentication. Choose the one from the list below that best suits your situation.
    (1) Active Directory domain authentication (Active Directory domains only)
    (2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
    (3) Windows Work group authentication using the filer's local user accounts
    (4) /etc/passwd and/or NIS/LDAP authentication

It chooses the domain 1 by default 

 Selection (1-4)? [1]:

Now enter the new domain Name

What is the name of the Active Directory domain? [netapp.com]: testfiler.com

        In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.

Would you like to configure time services? [y]: n

        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the testfiler.com domain.


Enter the name of the Windows user [Administrator@testfiler.com]: administrator
Password for Administrator@testfiler.com:

    Respond to the remainder of the cifs setup prompts; to accept a default value, press Enter.

    Upon exiting, the cifs setup utility starts CIFS.

    Confirm your changes by entering the following command:

    Netapp7> cifs domaininfo

 

You will be able to see your controller connected to the new domain

 

 

 

 

Thanks,

Nayab

 

 

****If my reply helped you to solve the issue, Please help to mark it as solution to help others****

Re: moving a Netapp Filer from an old domain to a New Domain

[ Edited ]

As you have a 2552 with 8.2.2P1 I am guessing you are running cDOT - if so,  then yo can use this process.

 

https://kb.netapp.com/support/index?page=content&id=1014356&actp=LIST https://kb.netapp.com/support/index?page=content&id=1014356&actp=LIST 

 

Sorry, I just noticed you are running 7 mode so page 61 of the attached doc should do the trick.

 

Re: moving a Netapp Filer from an old domain to a New Domain

Moving the filer to the new domain is the easy part.  Doing it in a way that still allows the users to access their files is the interesting part.  As you mentioned, the SIDs in the file system ACLs will all belong to the user's accounts in their old domain.  You may want to leverage ADMT with SidHistory if possible to avoid having to re-ACL your file systems.  

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.