This step-by-step article describes the steps you must use to change domains for an existing SQL Server 2000 Failover Cluster. Important
Before you change the Cluster Domain, take the SQL Server resource offline by using the Cluster Administrator. After you take the SQL Server resource offline, you are ready to move the cluster to a new domain by using the guidelines in the following Microsoft Knowledge Base Article:
How to move a Windows Cluster Server from one domain to another
If you have other clustered servers, you must determine what requirements they have before you move the cluster.back to the top Step 1: SQL Server 2000 Setup program
After you move the Microsoft Cluster Server (MSCS) to the new domain, start the SQL Server 2000 Setup program.
back to the top Step 2: Cluster AdministratorImportant
- In the SQL Server Introduction dialog box, click Next.
- In the text box that is located on the Computer Name dialog box, type the virtual server name of the Virtual SQL Server you are moving to a new domain. If you have multiple servers, decide which server you want to move first. Click to select the Virtual Server option, and then click Next.
- In the Installation Selection dialog box, click to select Advanced Options, and then click Next.
- In the Advanced Options dialog box, Maintain a Virtual Server for Failover Clustering is selected. Click Next.
- In the Failover Clustering dialog box, click to select the existing IP address. Make sure that the IP address you select is the old one, and then click Remove.
- In the IP address: text box, type the new IP address for the new domain, and then click Add. Click Next.
Important If your domain move does not require you to change the IP address of the server, you do not have to remove and re-add the current address. Just click Next.
- Unless you have to modify the Cluster Definition, click Next.
- In the input text boxes, type the new:
- User Name
- Domain Name
- Click Next.
- Click Finish.
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
back to the top
- Start the Cluster Administrator.
- Verify that the Virtual SQL Server you reconfigured in step 1 contains only one SQL Server IP Address resource, if the group contains more than one resource:
- Verify the resource properties of each IP Address resource.
- Delete the resource that is configured for the OLD IP Address.
- Run regedt32, do not use regedit, and then navigate to this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Cluster for a default Virtual SQL Server HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\%Instance Name%\Cluster for a Virtual SQL Server with a named instance where %Instance Name% would be the name of the instance being modified.
- Modify the ClusterIPAddr value to only contain the current valid IP Address for the Virtual SQL Server
- While SQL Server 2000 Virtual Server is offline use the Control Panel applet to change the virtual SQL Servers startup accounts to the new domain account for the SQL Server and SQL Agent.
Note Create the SQL Server startup accounts. Make sure that you add the appropriate permissions and user rights to the SQL Server startup accounts.
To enable the SQL Server service account to establish SPNs correctly on startup, follow these steps:
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
- Click Start, click Run, type Adsiedit.msc, and then click OK.
- In the ADSI Edit window, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN=AccountName, and then click Properties.
- DomainName represents the name of the domain.
- RootDomainName is a placeholder for the name of the root domain.
- AccountName represents the account that you specify to start the SQL Server service.
- If you have specified Local System to start the SQL Server service, AccountName represents the account that you use to log on to Microsoft Windows.
- If you have specified a domain user account for the SQL Server service, AccountName represents the domain user account.
- In the CN=AccountName Properties dialog box, click the Security tab.
- On the Security tab, click Advanced.
- In the Advanced Security Settings dialog box, make sure that the SELF user is listed under Permission entries. If the SELF user is not listed, click Add, and then add the SELF user.
- Under Permission entries, click SELF, and then click Edit.
- In the Permission Entry dialog box, click the Properties tab.
- On the Properties tab, click This object only in the Apply onto list, and then make sure that the following permissions are selected under Permissions:
- Read servicePrincipalName
- Write servicePrincipalName
- Click OK three times, and then close the ADSI Edit window.
How to change the SQL Server or SQL Server Agent Service account without using SQL Enterprise Manager in SQL Server 2000
- Bring the Virtual SQL Server you reconfigured in step 1 online.
- Repeat step 1 and step 2 for any other Virtual SQL Servers that are installed on the cluster.
Migrations to Windows Server 2003 Service Pack 1 domains
The migration process for Windows Server 2003 Service Pack 1(SP1) domains is the same as the migration process for Windows 2000 domains. However, there is one exception. If the SQL Server clients are using Microsoft Distributed Transaction Coordinator (MS DTC) for communications and are not at least running Windows Server 2003 SP1, you must change the security settings for MS DTC. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
New functionality in the Distributed Transaction Coordinator service in Windows Server 2003 Service Pack 1 and in Windows XP Service Pack 2
MSDTC fails to mutually authenticate when computers do not run in the same domain
Additionally, the Windows Server 2003 SP1 nodes should have the following hotfix rollup package installed:
Availability of Windows Server 2003 Post-Service Pack 1 COM+ 1.5 Hotfix Rollup Package 8