We just did this with our FAS940Cs in
January. There are two gotchas that I'm aware of:
First, the rollback procedure is *NOT*
just adding it back to the NT4 domain. There isn't a roll-back procedure
documented anywhere that I or NetApp support could find. Here's what
NetApp came up with:
1. Backup cifsconfig_share.cfg file
2. Delete all /etc/cifs* files
3. Run cifs terminate on filer
4. Delete machine account in AD
5. Delete machine account in NT 4.0
6. Wait to ensure that both account
deletions have been replicated to all DC's in both domains
7. Create new machine account in NT
4.0
8. "Enter ""priv set
diag"" on filer console"
9. "Run ""registry deltree
auth"" on filer console"
10. Run cifs setup to add system back
to NT 4.0 domain
11. Replace new cifsconfig_share.cfg file
with backup from above
12. Restart cifs for all original shares
to be recreated
13. Verify membership of BUILTIN\Administrators
group
We ran into some very strange cross-domain
access behavior if we didn't follow this procedure. I was fortunate
enough to have a test filer to get this procedure down before migrating
my production systems. We had absolutely no problems with the migration,
but I'm not leaving my cheeks in the wind!
Second, there is a bug related to nested
groups when hitting NTFS qtrees from NFS clients (18984). We hit
this and will be upgrading to 7.0.4 (from old 6.5.something) in two weeks.
We didn't have a single problem during
the migration at all. We haven't done a lot w/ GPO on our filers
so I can't add anything there.
Local groups continue to work just as
they did in NT 4.0. Some membership changes and re-ACLing needs to
be done before the NT domain is fully decommissioned, but other than that
there's no change.
Jeff Mery - MCSE, MCP
National Instruments
-------------------------------------------------------------------------
"Allow me to extol the virtues of the Net Fairy, and of all the fantastic
dorks that make the nice packets go from here to there. Amen."
TB - Penny Arcade
-------------------------------------------------------------------------
"Andrew Clark"
<andrew.clark@mail.com>
Sent by: owner-toasters@mathworks.com
03/30/2006 08:17 AM
|
|
To
| toasters@mathworks.com
|
|
cc
|
|
|
Subject
| Adding Filers to Win2K3 Domains |
|
Chaps
I am about to finally leave my NT4 domain for the brave
new world of Win2K3. I have FAS3020Cs and would like to know of any gotchas
I should be aware of.
Any GPO settings
Local Groups
That sort of thing.
I have done some research but haven't really thrown up
any information.
Very many thanks
Andy Clark
--
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/