Search This Blog

Showing posts with label Upgrade. Show all posts
Showing posts with label Upgrade. Show all posts

Saturday, October 22, 2022

Update AD RMS Config Database using SQL Server Management Studio during Parallels Upgrade

Description:

During AD RMS Parallels Upgrade, you need to modify the restored database to point to the new database servers.

Resolution:

  1. Log on to the AD RMS configuration database server as local Administrator or another user account that is a member of the local Administrators group.
  2. Click Start, point to All Programs, point to Microsoft SQL Server 2012, and then click SQL Server Management Studio.
  3. On the Connect to Server page, ensure that the new database server name is listed in the Server name box, and then click Connect.
  4. Expand Databases, expand DRMS_Config_<RMS cluster name>_<Port>, and then expand Tables.
  5. Right-click DRMS_ClusterPolicies, and then click Open Table.
  6. In the results pane, change the value in the PolicyData column of the LoggingDatabaseServer row to the new RMS database server name.
  7. Change the value in the PolicyData column of the CertificationUserKeyStorageConnectionString row to reflect the new database server. The value should be data source=<new database server name>;integrated where <new database server name> is the name of the new database server.
  8. Repeat steps 6–7 for the value in the PolicyData column of the DirectoryServicesCacheDatabase row.
  9. Close Microsoft SQL Server Management Studio.

Active Directory Rights Management Services - Parallels Upgrade

Description:
You have an Active Directory Rights Management Services (ADRMS) being deployed in your IT Environment. You need to upgrade the version of ADRMS, the Windows OS, and also the Database with minimal downtime and minimal risk to new Windows 2019 and SQL 2019 machines.
You decided to do a Parallel Upgrade.

Resolution:

You would need to perform the following:

  1. Prepare the new Windows 2019 OS and SQL 2019 Databases on different machines. Install all the necessary patches.
  2. Back up the existing AD RMS database.
  3. Restore the AD RMS databases to a new location (new instance, new SQL server, etc.).
  4. The following SQL changes must be made on the restored databases.
    • Database: DRMS_Config
    • Table: DRMS_ClusterPolicies
    • PolicyName entries in which the PolicyData value needs to reflect the new SQL connection string information.
      • LoggingDatabaseServer
      • CertificationUserKeyStorageConnectionString
      • DirectoryServicesCacheDatabase
  5. Built a new Windows Server of the desired version for the AD RMS cluster upgrade.
  6. Add the AD RMS role.
  7. When it gets to the role configuration choose the “join an existing cluster” option.
  8. At the SQL database dialog enter the NEWLY RESTORED SQL database location, not the actual production database currently in use.
  9. Complete the role configuration using all the same settings, service accounts, etc.
  10. Edit the NTFS permissions on new AD RMS server's "C:\inetpub\wwwroot\_wmcs\certification\ServerCertification.asmx" file. Configure the same permissions as on the existing AD RMS server.


Saturday, August 28, 2021

Migrate SYSVOL from FRS to DFSR

Migration of SYSVOL from FRS to DFSR is actually quite simple.
First, you need to make sure all the Domain Controllers (DC) in the Domain are online and the AD replication and SYSVOL Replication are working normally.
After that, just need to run few of the following command in sequence:
  1. At command Prompt, type "dfsrmig /setglobalstate 1". This is to enter the Prepared state.
    • Type dfsrmig /getmigrationstate to confirm all domain controllers have reached prepared state
  2. Next at Command Prompt, type "dfsrmig /setglobalstate 2". This is to enter the Redirected state.
    • Type dfsrmig /getmigrationstate to confirm all domain controllers have reached prepared state
  3. Next at command prompt, "type dfsrmig /setglobalstate 3". This is to enter the Emilinated state.
    • Type dfsrmig /getmigrationstate to confirm all domain controllers have reached prepared state

Sunday, February 28, 2021

Upgrading Active Directory Federation Service (ADFS) Server

Description:

You want to upgrade existing ADFS and ADFS Proxy (WAP) to new version in new machines.

Resolution:

Upgrade ADFS Server
  • Export the existing SSL Certificate with Private Key
  • Import the SSL Certificate with Private Key on new ADFS and ADFS Proxy machines
  • Install the AD FS Role using Server Manager on the new machines
  • Configure AD FS using Server Manager > Will need Domain Admin Account and Service Account for ADFS
  • Move the Primary ADFS Role to the new ADFS machine
    • To check the role, please run: Get-AdfsSyncProperties
    • On the new primary machine, please run:
Set-AdfsSyncProperties -Role PrimaryComputer
    • On the old ADFS primary machine, please run:
Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName FQDNnewADFS

  • Demote the old ADFS machines 
  • Raise the ADFS Farm Behavior Level (FBL)

    • Please run the following
      • Get-AdfsFarmInformation
      • Invoke-adfsfarmbehaviorlevelraise

  • Change DNS Record to point to the new AD FS Server
  • Test access and authentication to new ADFS

https://adfs.fabrikam.com/adfs/ls/idpinitiatedsignon.aspx

Upgrade WAP Server
  • Install Web Application Proxy Role using Server Manager on the new machines
  • Configure WAP using Server Manager > Will need local administrator account on the federation servers
  • Verifying the trust with the AD FS farm
    • Navigate to Applications and Services Logs > AD FS > Admin
    • You should be able to see an event with ID 245

Search Google