We currently are on Domain A. In June we will start to migrate to a new domain (Domain G).
Is there a process on how to reconfigure a current BO 4.1 install on Domain A, to the new Domain G, or do I have to install BO 4.0 on a sever currently in Domain G?
Any thoughts or ideas are appreciated.
Thanks
Krysta
KMerrills (BOB member since 2010-08-27)
You can move the existing server to the new Domain. Here are some general steps:
Alias all existing AD users with Enterprise aliases. This is very important. What this does is makes sure that when you remove the mapped AD group from the Authentication page of the CMC that none of the users are removed from the system. If you don’t do this, and you remove the group, it will remove all of your existing users from the system. If the users are removed, all of the users personal documents are deleted. You probably don’t want this. Aliasing the users with Enterprise aliases means that if you remove the mapped AD group that the users and their personal documents stay on the system.
On the new domain, create a new group in Active Directory. Assign all of your Business Objects users to this group. Hopefully you are using the same naming convention for your users.
Move the Business Objects server to the new domain.
Reconfigure AD Authentication for the new domain. Use the group created in step 2 for AD Authentication. Make sure that you select the option to “Assign each new AD alias to an existing User Account with the same name.” This should result in all of your new AD aliases being tied to the existing Enterprise aliases of the same name. Your users should then be able to authenticate using AD Authentication.
Note 1. You should probably leave all of the Enterprise Aliases in place when you are done as it protects your users from ever being removed from the system if something happens on the domain. In fact I think it is a best practice to have all accounts tied to Enterprise aliases when using AD Authentication.
Note 2. If you are not using the same naming convention for you users on the new domain then you will have to go into the CMC after you have configured AD Authentication on the new domain and manually map your users to the appropriate Enterprise alias.
clarence (BOB member since 2005-11-18)
Clarence,
Thank you for your input. Other than the user portion of the move, there is no setting or file in BO that needs to be modified to point to the new domain?
I now that I will need to change the following files to point to the new domain (BIlaunchpad.properties, global.properties, bscLogin.conf, and krb5.ini) and change the service accounts in the CCM for SIA and Tomcat settings. So the domain is not hard coded in any additional files other than the ones I listed above?
Thanks
KMerrills (BOB member since 2010-08-27)
Just treat the server like a new server being setup with AD Authentication once it is on the new domain. If you would have had to create or edit the file to setup AD Authentication the first time, then you will have to modify/replace the file when configuring for the new domain. Aside from that there shouldn’t be any other files that refer to the old domain.
clarence (BOB member since 2005-11-18)
Steps 1, 2 and 3 have been completed.
I logged into the CMC, went to authentication and tried to change the values (AD Administrator Name, Default AD Domain, and Server Principal Name) for the new domain and the settings will not save. Any ideas? Thank you.
KMerrills (BOB member since 2010-08-27)
Did you remove Groups before changing AD?
jliivak (BOB member since 2014-07-31)