Move a server cluster to another domain
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To move a server cluster to another domain
Create a user account for the Cluster service in the new domain.
For more information, see "To create a new user account" in Related Topics.
Open Local Security Policy.
Where?
- Security Settings/Local Policies/User Rights Assignments
Grant that account the following rights:
Act as part of the operating system
Back up files and directories
Restore files and directories
Adjust memory quotas for a process
Log on as a service
Increase scheduling priority
By default, the Cluster service account inherits the following user rights as a result of being a member of the local Administrators group:
Manage auditing and security log
Debug programs
Impersonate a client after authentication
If your organization has removed these user rights from the default set of privileges assigned to the local Administrators group, you need to specifically assign these user rights to the Cluster service account.
Important
- The new Cluster service account must have administrative rights and permissions on all nodes in the cluster.
Stop the Cluster service on all nodes.
For more information, see "To stop the Cluster service" in Related Topics.
Power down all nodes except one.
Move the node to another domain.
For more information, see "To join a domain" in Related Topics.
Set the Cluster service to start manually.
For more information, see "To set the Cluster service to only start manually" in Related Topics.
Restart the node.
On the node, change the service account used by the Cluster service to log on to the domain using the user account you just created.
How?
Open Computer Management.
In the console tree, click Services.
Where? Computer Management/Services and Applications/Services
In the details pane, click Cluster Service.
On the Action menu, click Properties.
On the Log On tab, select This account, and then supply the new account and password.
Start the Cluster service.
For more information, see "To start the Cluster service" in Related Topics.
Verify that cluster node is operating correctly.
How?
Bring all resources online.
For more information, see "To bring a resource online" in Related Topics.
Ping the IP address of the cluster, the individual nodes, and any resource containing an IP address (for example, a virtual server) from all clients. That is, on each client, type the following at the command prompt:
ping xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the IP address.
Important
- At this point, you can still cancel the move by moving this node back into the old domain and starting those nodes that have not yet been moved.
Power up another node and repeat steps 5-10 to migrate the other nodes, one by one, to the new domain.
Caution
- Use this procedure only if your cluster is extremely simple; otherwise recreate your existing cluster in the new domain.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open Cluster Administrator, click Start, click Control Panel, double-click Administrative Tools, and then double-click Cluster Administrator.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Quorum resource
Checklist: Installing a Local Quorum resource
Create a new user account
Stop the Cluster service
Join a domain
Set the Cluster service to only start manually
Start the Cluster service
Bring a resource online