AD migration - keep BO working

BO 4.2 setup on windows with AD module (+SSO)
For some reason there will happen a migration from one AD domain to another (2 way trust between them is set) and Im thinking ho to proceed to keep everything working (user authorizations, looots of recurring instances, etc…)

let’s reuse this setup

and is expected that: userA@DOMAIN1.COM will be created as userA@DOMAIN2.COM

userA@DOMAIN1.COM is part of group: DOMAIN1\group1
userA@DOMAIN2.COM is part of group: DOMAIN2\group1

BO resources are linked to ad groups like:
DOMAIN1\group1 - Acesslevel

(and all BO accounts have its own Enterpise alias and assigned AD account from DOMAIN1)

I am thinking if we change/add to resources to
DOMAIN1\group1 - Acesslevel
DOMAIN2\group1 - Acesslevel

  • then for BO account will be assigned -hopefully automatically- AD account from DOMAIN2
  • changed properly the kerberos setup…

If it should work…this way… ??
Does anyone have a experince with this scenario? THIA

I think from just the granting the users access to Business Objects and the Public folders (don’t forget the universes too) what you have proposed should work just fine.

I think where you may run into problems may be their access to their personal folders. I suspect that Business Objects, by default, is going to treat userA@DOMAIN1.COM as one user and userA@DOMAIN2.COM as a different user. This will result in userA@DOMAIN2.COM not being able to access the reports in their personal folder or Inbox. The user will see this as a broken system. You may be able to assign both userA@DOMAIN1.COM and userA@DOMAIN2.COM to the same Enterprise Alias but I don’t think this will happen automatically.

Disclaimer: This is all conjecture as I have not gone through this particular scenario.