question

yannara avatar image
0 Votes"
yannara asked saldana-msft edited

How to survive site server total crash with backup during the upgrade

We are performing massive upgrade project, where CM site server will be upgraded with Windows 2012 -> 2019, SQL 2014 -> 2019, and CM in-console upgrade from 2006 to 2013. I know, that officially snapshots and reverting to backup source are not supported. I am planning to keep SQL and SMS services shut down as much as possible during the upgrade to disallow all the client activity.

Our main concern is, that if something happends during Windows 2012 -> 2019 upgrade and we would be forced to recover back to 2012, what would then happen to all AD & SQL authentifications, AD account etc. Because in CM, you can't delete computer account of site system, you can' rename it, you can't rejoin the site server back to the AD domain services. Would recovered 2012 system get back to domain fine? WHat will happend with computer account etc.

windows-active-directorymem-cm-generalmem-cm-site-deployment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Jason-MSFT avatar image
1 Vote"
Jason-MSFT answered yannara commented

As long as the computer account is given the same permissions, then everything will work just fine. This is exactly what happens during a full DR scenario.

Also, as long as you don't delete the existing computer account, it can be reused by simply specifying the same name during domain join.

Additionally, this is why you should always use groups to assign permissions as then it's as easy as adding the new, like-named computer account to the existing security group to match the security permissions.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So the account should be refreshed with recent version in AD, after W2012 is recovered. By version, I now mean computer account numbering (not OS ver).

0 Votes 0 ·

Not sure what you mean by "refreshed" here.

It's your choice here really, there's not one explicit path. As noted, you can reuse the existing computer account or use a new computer account as long as the computer name is the same and they have the same permissions. Granting the same permissions is the tricky part if you use a new computer account which is why you should always use a security group to grant the permissions in the first place and make the computer account a member of this group.

1 Vote 1 ·

@Jason-MSFT by refreshing, I I just ment that when I have W2012 running, the AD account is ver1. After upgrade to 2019, it might be ver2. After this, if I decide to revert from backup, how to ensure that old 2012 will work against AD account ver2 :)

But okay, I got your point, it should work, if in some problematic cases I will disjoin the pri server from AD and rejoin it back with the same name....

0 Votes 0 ·