Network Storage Protocols Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network Storage Protocols Discussions

Start a New Post

question regarding changing dns server entries to point to new AD DCs

daniel_kaiser
‎2011-02-07 08:12 AM

Hi,

We recently built two additional 2008 R2 domain controllers and wanted to know the best route to reconfigure DNS/Cifs to use these servers for DNS/Authentication since we're trying to phase out the two "old" ones (2003 servers).

1.  Do I just change the DNS servers listed to the two new ones.  Any restarting of services that I need to be aware of?

2.  On the CIFS interface (NetApp System Manager), I don't see an option to edit the connected Domain controllers, nor the Connected LDAPS systems (same as the Domain Controllers).  I assume that I'll have to go through CIFS setup in order to reconfig it?  Is that correct?  Any help is greatly appreciated.  Thanks.

Dan

0 Kudos
View By:
1 ACCEPTED SOLUTION

columbus_admin
‎2011-02-07 09:33 AM
In response to daniel_kaiser

The only thing I would watch out for using prefdc is that if the first DC in the list goes down, you have a slight timeout lag while the filer tries to authenticate.  As you only have two DCs, I would not think this would be an issue.

prefdc does indeed only require the netBIOS name, where ldap should have an FQDN.

We use a Unix LDAP, so I am not 100% sure about the Windows LDAP configurations..  We use ours for multiprotocol access...if you don't have users actively authenticating to the filer over LDAP I would avoid it as it requires clear-text passwords(last I had read up on it anyway) to be sent.  You can use Windows groups to manage your authentication access, just an FYI(obviously I don't know all your reqs!)

As to your other post...sorry we don't have any 2008 DCs currently, only 2003, so I don't have any frame of reference to help you there.

- Scott

View solution in original post

0 Kudos
7 REPLIES 7

columbus_admin
‎2011-02-07 09:05 AM

Hi Daniel,

    For the DCs being used for authentication, they should be identified automatically.  Run "cifs domaininfo" and make sure you see all four DCs.  If not, you need to check your AD sites and services to see if you have a site configured specifically for that subnet. However your ldap is an options setting, run "options ldap" to see your settings.

These should be the two you are most interested in.  To enter two servers on the ldap.servers line use options ldap.servers "server1.ad,server2.ad"

ldap.servers                           
ldap.servers.preferred

To the DNS entries, you can have three entries live at any one time to my knowledge, so you could add one of your new DNS servers to the top of the list and the run "dns info".  Do not worry if the DNS server shows DOWN, this is very misleading.  DOWN could mean that you have not had enough requests to round robin over to the second server.  But if it says UP and has a recent last polled, you know you have a good connection.  At that point you could remove one of your old DNS servers, add the second new one to the top and repeat the process.

There should be no restart needed for either of these operations.  I have done both over 50 times and never had to restart anything.

0 Kudos

daniel_kaiser
‎2011-02-07 09:17 AM
In response to columbus_admin

Hey Columbus_admin,

I ran cifs domaininfo and do see all of the DCs listed.

Does it hurt or make sense if I added my two new 2008 DCs as Preferred addresses instead of letting the system automatically set the Favored address list.  If I were to go this route, should I also do the ladap.servers.preferred command too.

For the cifs prefdc command, do I just specify the NetBIOS domain name and for ldap.servers.preferred, I assume I use the FQDN...right?

0 Kudos

columbus_admin
‎2011-02-07 09:33 AM
In response to daniel_kaiser

The only thing I would watch out for using prefdc is that if the first DC in the list goes down, you have a slight timeout lag while the filer tries to authenticate.  As you only have two DCs, I would not think this would be an issue.

prefdc does indeed only require the netBIOS name, where ldap should have an FQDN.

We use a Unix LDAP, so I am not 100% sure about the Windows LDAP configurations..  We use ours for multiprotocol access...if you don't have users actively authenticating to the filer over LDAP I would avoid it as it requires clear-text passwords(last I had read up on it anyway) to be sent.  You can use Windows groups to manage your authentication access, just an FYI(obviously I don't know all your reqs!)

As to your other post...sorry we don't have any 2008 DCs currently, only 2003, so I don't have any frame of reference to help you there.

- Scott

View solution in original post

0 Kudos

daniel_kaiser
‎2011-02-07 09:37 AM
In response to columbus_admin

Scott, Thanks for the help.  Hopefully one day I can actually contribute more to the community versus asking

0 Kudos

columbus_admin
‎2011-02-07 09:58 AM
In response to daniel_kaiser

Daniel,

   Sorry I spaced out on that one....prefdc requires an IP, not a netbios or FQDN...don't want to mislead you!

0 Kudos

daniel_kaiser
‎2011-02-07 09:19 AM
In response to daniel_kaiser

Oh and one more thing.  I'm noticing the same errors or warning messages on my 2008 DCs that someone else mentioned here.

http://communities.netapp.com/message/29921#29921

0 Kudos

daniel_kaiser
‎2011-02-07 09:03 AM

I just did some quick reading read through of the Ontap 7.3 file access and protocols management guide, and i think that I don't need to run CIFS setup since that's primary only required if I want to join a different domain, etc.

So from my understanding, if I just wanted to change the preferred domains then I'll just need to run "prefdc add" command.

Can someone validate the steps that I'm planning to take in order to switch our array (OnTap 7.3.2) to use different DNS servers and different DCs for (Connected Domain Controllers & Connected LDAPS)

1.  Change the DNS servers listed to the two new ones.  Any restarting of services or user interruption that i should be aware of?

2.  Run cifs prefdc add domain_name ipaddress1 and ipaddress2

3.  Run cifs resetdc domain_name

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

View All
NetApp Insights to Action
I2A Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public