question

RootLoop-9922 avatar image
0 Votes"
RootLoop-9922 asked HannahXiong-MSFT commented

How to remove NIS server role from all domain controllers before upgrading to Windows server 2019

o we are currently have 4 2012R2 domain controllers with IDMU (Identity Management for Unix) and NIS server role installed. For NIS server role, one DC is in master mode, other 3 DCs are in subordinate mode.

We need to upgrade all Windows domain controllers to Server2019, meaning no IDMU and NIS will be supported any more, they have been removed since Windows Server 2016.

To be able to upgrade to Server2019, the NIS server role must be removed.

If you try upgrade to Windows Server 2016 from a Windows Server that runs any of the Identity Management for Unix (IDMU) components, the upgrade will stop and you will be prompted to remove the IDMU components

According to this link When you remove the master NIS server, another subordinate server must be assigned as master

If you remove Server for NIS while it is running on a master server, you must verify that another server is assigned the tasks of the master server. If other Windows-based subordinate NIS servers are in the domains supported by the master server that you remove, you must assign one of these servers the role of master server.

So here the questions come,

  1. I can remove 3 NIS subordinate servers first and upgrade them to 2019, but what I do to upgrade the last domain controller? I have no other NIS server in the domain to assign as the master, other 3 domain controllser are now server 2019 which has no NIX server role anymore.

  2. what happens to "NIS domain" created in server2012, there is no such attributes in server 2019.

  3. I can tell now based on the work I done so far, the IDMUs have been removed from few DCs and I successfully upgraded those DCs from 2012R2 to 2019, the Unix attributes are still there in 2019 DC because RFC2307 is still being supported by server2019. Only thing I dont know what could happen is after I remove the last NIS master server from one of the 2008R2 DC. not sure if that could cause any issue.

  4. Is there any office workaround for removing NIS master servers in server2016/2019?











windows-serverwindows-active-directorywindows-server-2019
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RootLoop-9922,

Hope you are doing well.


I would like to know how things are going on your end. For any other questions, please feel free to let me know. It's my pleasure to be of assistance.

Best regards,
Hannah Xiong

0 Votes 0 ·
HannahXiong-MSFT avatar image
1 Vote"
HannahXiong-MSFT answered

Hi @RootLoop-9922,

Thanks for posting here.

Below is my response to your questions. Frankly speaking, I am not professional with this issue since I mainly focus on on-premises AD issue. I did some research and hope the findings could be of some help to you.

  1. IDMU and NIS will not be supported starting with Windows server 2016. So if we would like to upgrade all our domain controllers to Windows server 2019, IDMU and NIS should be removed.

In our case, there is no server in the domain to assign as the master. We recommend to start planning for alternatives, for example: native LDAP, Samba Client, Kerberos or other non-Microsoft options.

  1. Sorry that I have no idea what will happen to NIS domain. Maybe as discussed above, we will need to look for alternatives.

  2. If we have concerns, I would suggest you open a case with MS so that we may get a more professional assistance.
    https://support.serviceshub.microsoft.com/supportforbusiness

  3. Below are the links I would like to share with you.

https://docs.microsoft.com/zh-cn/archive/blogs/activedirectoryua/identity-management-for-unix-idmu-is-deprecated-in-windows-server

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731178(v=ws.11)?redirectedfrom=MSDN#BKMK_command

108514-image.png

Thanks a lot for your understanding and support.

Best regards,
Hannah Xiong



image.png (75.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RootLoop-9922 avatar image
0 Votes"
RootLoop-9922 answered HannahXiong-MSFT commented

Thanks for your input, I have gone through all those articles before posting here, so far I have not found any official supporting document about my case. worst case, we just have to deal with the consequences after removing NIS servers.....

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RootLoop-9922,

Thanks a lot for your feedback.

Sorry for the inconvenience caused. As mentioned, if we would like to get more professional support or if we have concerns about removing NIS servers, it is suggested that we could contact MS support for more assistance about our case.

Thanks for your understanding and support.

Best regards,
Hannah Xiong

0 Votes 0 ·