Couple of days ago I had to change domain membership of a single server Sharepoint 2010 farm with separate database server. Browsing the Internet I found little data about this and most recommendations were based on backup/reinstall/restore procedure.
However, I thought I would give it a try with plain domain membership change and with switching Sharepoint 2010 service accounts. I encountered many problems and I will mentioned some of them here. Here's the procedure:
- Perform full backup of Sharepoint 2010 farm from Sharepoint Central Administration
- Create new service accounts in the destination domain
- Make sure you know your Sharepoint 2010 farm passphrase which you entered when you initially provisioned the farm
- Change the domain membership of SQL database server first (in my case the SQL database was running under LocalSystem account so I had no issues with that)
- Give the future farm account from the new domain sysadmin permissions to the SQL database engine (actually only security admin and dbcreator permissions are necessary)
- At this point your Sharepoint is not working
- Run stsadm -o setconfig db with the -connect switch to connect to your Sharepoint configuration database. You will have to use your new domain farm credentials here.
- After this step, the Central Administration site should be working, however, your Sharepoint box is still in the old domain. In my case I had the domain trust established between the old and new domains.
- Create the new Sharepoint managed accounts by selecting the accounts from the new domain: Central Administration > Security > General Security > Configure Managed Accounts
- Change the service accounts to reflect the newly added managed accounts: Central Administration > Security > Change Service Accounts
- Add your farm account to the local administrators group on the Sharepoint server
- Change Sharepoint box domain membership
- At this point, your Sharepoint sites should be accessible. However, in my case they were not working and I received 404 not found message. I realized that after I reconnected the Sharepoint farm to the configuration database, custom solutions that these sites were using were not available any more. Thankfully, I had a full farm backup and managed to restore only the farm solutions. I redeployed the solutions from the Central Administration and the sites worked!
- At one point, after a couple of iisresets and server restarts I received "The trial period has expired" error message when I opened the Sharepoint sites. Running Sharepoint Configuration Wizard again solved this issue.
- Looking at the "Central Administration > Manage services on service" I saw only a couple of services listed while I know there should be more. Running Install-SPService from Powershell re-registered these services. This is important step for Sharepoint Service Applications to work properly.
- Almost all Service Applications were started and I could access the management pages for them except the two most important ones, User Profile Synchronization service and Search service. No matter what I did I could not fix them or even restore them. I ended up creating and provisioning the new services from powershell. There aren't any user generated data in these services so recreating them was not a big issue.
This one helped me to solve Sharepoint Server Search instance reporting "Service is offline" when trying to start/provision.
This is actually about multitenancy, but has some excellent code snippets that helped me provision User Profile Synchronization and Search service.
I trully hope that these steps will help someone avoid the pain I suffered :)