About Domain Configuration and Management

A domain is a logical grouping of network servers and other computers that share common security and user account information. Within domains, you create one user account for each user. Users then log on to a domain, not to  individual servers within the domain.

A domain is the administrative unit of SunLink Server directory services. The term, domain, does not refer to a single location or specific type of network configuration. Computers in a single domain can share physical proximity on a small local area network (LAN) or can be located in different corners of the world, communicating over any number of physical connections, including dial-up lines, ISDN, fiber, Ethernet, Token-Ring, frame relay, satellite, and leased lines.

Every SunLink Server system in a Windows NT network must be given one of the following roles in the domain:

• Primary domain controller (PDC) - A PDC distributes user account information to backup domain controllers and validates network logon requests. There can be only one primary domain controller per domain. If you were to configure a server as a primary domain controller in an existing domain, you'll wind up with two domains that have the same name, and neither would operate properly.

• Backup domain controller (BDC) - A BDC receives user account information from the primary domain controller and validates network logon requests. Using the Windows NT Server Manager tool, you can promote a BDC to primary if the primary domain controller is not accessible. Note, however, that the primary domain controller must be the first server that is installed in a domain, and it must be up and running before you install a backup domain controller.

When you installed your SunLink Server system, the installation program installed the system as a primary domain controller. As administrator, you can change the role of the server.

In addition to setting up the SunLink Server system as a PDC, the installation defaults specify:

• The server name is the host name of the Solaris system.

• The server domain name is hostname_dom.

• The default password for the Administrator account is password.

You can change any of the defaults by using the instructions in the next few sections.

Keep in mind that the instructions in this book are for SunLink Server systems only. For native Windows NT servers, you use the utilities provided in Windows NT Server Tools, Windows NT Administrative Tools, or Windows NT Server to promote and demote domain controllers; synchronize backup domain controllers with the primary domain controller; add, remove, and rename domain computers; and manage domain security, including account policy, audit policy, and trust relationships. Because these Windows NT tools are also effective with the SunLink Server program, it is advisable to use them for most domain configuration tasks.

Adding, Removing, Renaming, and Moving Computers Within a Domain

You created a new domain within your Windows NT network when you installed the SunLink Server program, which automatically designated the system as a PDC. You can add other computers to the domain.

Before a computer running SunLink Server, Windows NT Server, or Windows NT Workstation software can be a domain member and participate in domain security, you must add it to the domain. When you add a computer to a domain, the SunLink Server program creates a computer account for it. If the added computer is a BDC, it requests a copy of the domain directory database.

Adding a Domain Workstation or Server Computer

To add a computer to a domain, you must be logged on to a user account that has the appropriate user privileges. With the appropriate privileges, you can add workstations and servers to domains after installation.

To add a SunLink Server computer to a domain, you can use either SunLink Server Manager or the joindomain command. You must be logged on as root; and, to reconfigure a SunLink Server computer to be a backup domain controller in an existing domain without reloading the server software, you must furnish the Windows NT password for the target domain's Administrators or Account Operators group. The primary domain controller must be running in the domain that is being joined.

Removing a Computer From a Domain

You can remove workstations, backup domain controllers, and member servers from a domain--but you cannot remove the primary domain controller until you promote a backup domain controller to a PDC.

When you remove a computer running Windows NT Workstation or Windows NT Server as a member server from a domain served by a SunLink Server domain controller, use Windows NT Server Manager to delete the computer's account from the directory database so that the computer cannot participate in domain security.

After a computer account has been removed from the domain, a user of the computer must move the computer to a new workgroup or domain using the Network option in the Windows NT Server Manager tool.

To remove a native Windows NT backup domain controller from a domain, you must delete the computer account and reinstall Windows NT Server or Windows NT Workstation on that computer, indicating the new domain. Do not continue to use a backup domain controller that has been removed from a domain until you have reinstalled the operating environment software. For a SunLink Server backup domain controller, however, you do not need to reinstall the software.

Changing the Name of a Domain or Server

You can locally change the domain name for every computer in a domain, move computers from one domain into another, or change the name of the server itself. To do so, you use either the SunLink Server Manager tool (see the following procedure) or the setdomainname or setservername command at the SunLink Server command line prompt. (For information about the commands, type man setdomainname or man setservername at the SunLink Server command prompt.)

Moving a Computer to a Different Domain

To change the domain to which a SunLink Server computer belongs, you use either the SunLink Server Manager tool or the joindomain command locally at the system prompt. (For information about the joindomain command, type man joindomain at the SunLink Server command prompt.)

To move a workstation or member server from one domain served by a SunLink Server domain controller to another by way of the joindomain command, you must first locally remove the computer from the old domain and then, also locally, add it to the new one. If you use the SunLink Server Manager tool, the removal is taken care of automatically.

Note that while a native Windows NT BDC cannot change domains unless Windows NT Server is reinstalled, SunLink Server BDCs can change domains without requiring the software to be reinstalled.

How to Rename a Server or Domain

1. Using SunLink Server Manager, log on to the SunLink Server system whose domain name or server name you want to change.

   For instructions, see "How to Log On Using SunLink Server Manager". To make any changes, you must be logged on as root.

2. From the Action menu, select Properties.

   The Properties window appears, listing the SunLink Server system's server name, the domain name, and the system's role in the domain--either PDC or BDC. If the system is a BDC, the name of the domain's PDC is also listed.

   ---

   Note -

   The SunLink Server Manager tool does not allow you to change the domain role of a system within its current domain. You use the Windows NT Server Manager tool for those tasks. If you are changing the system's domain, however, you may also designate its new role within the new domain. See the section, "How to Move a Server to Another Domain".

   ---

3. In the Properties window, click Change (or OK to cancel the operation and dismiss the window).

   A Properties dialog box similar to the following appears.

   

4. In the appropriate text fields of the Properties dialog box, change the server name, the domain name, or both, according to the following guidelines:

   • Server name - If you are changing the server name of a BDC, you must add the new computer account to the directory database before deleting the old computer account from the directory database by way of the Windows NT Server Manager (see Windows NT Server Manager's online help for instructions).

     Note that merely changing the name of the server does not permit you also to change its role.

   • Domain name - To complete a change to the name of a domain served by a SunLink Server domain controller, you must use this procedure on every SunLink Server computer within the domain, then use the Network option in the Windows NT Control Panel to change the domain name on every Windows NT Workstation and Windows NT Server computer within the domain. For Windows 95 clients, you change the name of the Windows NT domain in the Network Properties of Microsoft Network Client. You must then reestablish existing trust relationships. While changing domains, you may also designate a new role for the server within its new domain.

     A domain name can be up to 15 characters long and can contain any combination of the following characters: a-z A-Z 0-9 ~ ! # $ % ^ & _ ( ). -

5. Enter the required PDC/BDC, user name, and password information into the appropriate text fields, according to the following guidelines:

   • Server name - If you are only changing the name of the server, enter the new name and leave all other text fields as is.

   • Domain name - When you change the name of the server's domain, you must indicate what role it will serve in the new domain: PDC or BDC. If PDC, click the button next to Primary Domain Controller (PDC) and furnish the new Administrator password in both password text fields. If BDC, click the button next to Backup Domain Controller (BDC), enter the name of the PDC in the new domain, and furnish the PDC's Administrator account user name and password.

6. Click OK to proceed, or click Cancel to abandon the procedure and leave the server name and domain name unchanged.

   If you continue the procedure by clicking OK, the system will display an alert notifying you that the SunLink Server program must be restarted for the changes to become effective.

   

7. Choose Yes to have the SunLink Server Manager tool restart the program automatically and immediately, or No to cancel the entire operation.

   If you choose Yes, the SunLink Server program will be stopped and then started automatically. If you choose No, no changes will take effect.

How to Move a Server to Another Domain

1. Using SunLink Server Manager, log on to the SunLink Server system whose domain name or server name you want to change.

   For instructions, see "How to Log On Using SunLink Server Manager". To make any changes, you must be logged on as root.

2. From the Action menu, select Properties.

   A Properties window appears, listing the SunLink Server system's server name, the domain name, and the system's role in the domain--either PDC or BDC. If the system is a BDC, the name of the domain's PDC is also listed.

   ---

   Note -

   The SunLink Server Manager tool does not allow you to promote or demote the system to PDC or BDC within its current domain. You use the Windows NT Server Manager tool for those tasks. But by changing the system's domain name--and therefore assigning it to a new domain--you can also designate its new role within the new domain.

   ---

3. In the Properties window, click Change (or OK to cancel the operation and dismiss the window).

   A Properties dialog box similar to the following appears.

   fs

4. In the appropriate text field of the Properties dialog box, change the server's domain name according to the following guidelines:

   • By changing the domain name of the server, you are effectively reassigning it to the domain whose name you enter.

   • By changing domains, you may also designate a new role for the server within its new domain.

   • A domain name can be up to 15 characters long and can contain any combination of the following characters: a-z A-Z 0-9 ~ ! # $ % ^ & _ ( ). -

5. Enter the required PDC/BDC, user name, and password information into the appropriate text fields, according to the following guidelines:

   • When you change the server's domain, you must indicate what role it will serve in its new domain: PDC or BDC.

     • If PDC, click the button next to Primary Domain Controller (PDC) and furnish the new password for the server's new role in both password text fields. Note that you cannot assign more than one PDC to a single domain; you must demote the former PDC to a BDC when creating a new PDC.

     • If BDC, click the button next to Backup Domain Controller (BDC), enter the name of the PDC that exists in the new domain, and furnish that PDC's Administrator account user name and password.

6. Click OK, or click Cancel to abandon the procedure and leave the domain name unchanged.

   If you continue the procedure by clicking OK, the system will alert you that the SunLink Server program must be restarted for the changes to become effective.

   

7. Choose Yes to have the SunLink Server Manager tool restart the program automatically and immediately, or No to cancel the entire operation.

   If you choose Yes, the SunLink Server program will be stopped and then started automatically. If you choose No, no changes will take effect.