前不久一客户环境做域迁移,Altiris服务器也随之需要迁移域~

 

附上官方的迁移方案,供大家参考 ,

 

Migrating a Notification Server to a New Domain

 

 

Suggested Migration Process

Prerequisites:

1. Disable the rules that would normally run in step 6 of Procedure, below, and ensure that they are

not going to run during migration. This will allow the migration of all of the Notification Servers in

any order.

2. Make sure that Duplicate Diagnostics are disabled as well.

3. To accommodate package downloads, it’s important to consider that some package download

requests will be coming from a domain that differs from the one registered on the agent’s

workstation. It will be critical to set up Agent Connectivity Credentials with a local (non-domain)

account on all Package Servers or an account that is trusted by both domains, or install IIS on the

Package Servers. Alternately, settings can be changed to download all packages from the NS, but

make sure that the additional CPU load and network traffic that this configuration can create are

appropriately considered.

4. Establish a trust relationship between the old and new domain. This will allow services to continue

and specifically reduce the potential for package service disruption.

5. If SQL is on the same computer as the NS, make sure the access accounts to SQL are accounts

that are in both domains, or use a SQL account, such as SA. If SQL is remote, make sure that a

domain account is not used to access SQL. Temporarily convert to mixed authentication mode and

configure the NS to use a native SQL login before starting the process.

6. If the old domain and new domain are not in a trust relationship, then it will be important to

remove all old domain groups and accounts from their respective NS security roles prior to

migration.

Procedure:

1. Move the Notification Server from old domain (MyDomain.com) to new domain (MyNewDomain.com)

2. Create the APP ID account and ensure that the account used is a local admin account of the NS. It can

be a new domain account (Administrator.MyNewDomain.com), but this account must have local

administrative rights on the NS.

3. Run AEXConfig /APPID to reset Notification Server to use the new application Identity.

4. Create a DNS alias (old server DNS name) for the clients to point to the NS’s current IP address.

5. Create DNS alias for ACNS devices.

6. The new agents will have to be given instructions to begin communication with the new server. This

can be accomplished in one of two ways:

a. Setup a new Software Delivery task, which runs

AEXAGENTUTIL.exe /Server:servername.dom1.com for all of the clients or,

Page 6 of 10 Migrating a Notification Server to a New Domain www.altiris.com

b. On the Advanced Settings tab of the Altiris Agent Configuration page, you can configure the

Agent to communicate with a new server, using the Alternate URL for Accessing NS option. Simply check

the box, enter the new name of the server, and click OK.

9. With the trust relationship established, all membership to NS security roles will need to be verified and

re-defined as the user accounts migrate over. Essentially, role members will have to be re-added to the

correct groups. If the old domain and new domain are not in a trust relationship, then it will be very

important to remove all old domain groups and accounts from their respective NS security roles prior to

starting the process. This will occur near step 5 of Prerequisites. Taking this step will avoid many potential

user interface issues associated with deleting role members that can’t be resolved from their respective

SIDs.

10. All existing policies will need to be reviewed for domain changes that can affect:

a. Active Directory Import

b. Network Discovery

c. Proxy Configuration

d. Inventory. Forwarding

e. Connector for Microsoft SMS

f. Connector Solution connections

11. If using user accounts are not on the local system, the following areas should be reviewed for any

changes necessary:

a. Package Delivery

b. Distribution point Credential

c. Agent Connectivity Credential (ACC)

d. Proxy Authentication accounts

e. Active Directory Import

b. Network Discovery

c. Proxy Configuration

d. Inventory Forwarding

e. Connector for Microsoft SMS

f. Connector Solution connections