Before you start the upgrade installations, follow the pre-upgrade steps below to prepare each server set for upgrade.
|
Steps |
Details |
|---|---|
|
Backup the AD LDS instance |
Open the Health Check Utility and run the AD LDS Instance Backup check to create a backup of your current AD LDS instance. |
|
Make a deployment plan |
Make a deployment plan for upgrading the Administration servers and user interfaces (assistant administrator client computers). For more information, see Planning a DRA Upgrade. |
|
Dedicate a secondary server to run a previous DRA version |
Optional: Dedicate a secondary Administration server to run a previous DRA version as you upgrade a site. |
|
Make required changes for this MMS |
Make any necessary changes to the delegation, configuration, or policy settings for this MMS. Use the primary Administration server to modify these settings. |
|
Synchronize the MMS |
Synchronize the server sets so each Administration server contains the latest configuration and security settings. |
|
Back up the primary server registry |
Back up the registry from the primary Administration server. Having a backup of your previous registry settings allows you to easily recover your previous configuration and security settings. |
|
Convert gMSA to DRA user accounts |
Optional: If you are using a group-managed service account (gMSA) for the DRA Service account, change the gMSA account to a DRA user account prior to upgrade. Post upgrade, you will need to change the account back to a gMSA. |
NOTE:If you need to restore the AD LDS Instance, do the following:
Stop the current AD LDS Instance in Computer Management > Services. This will have a different title: NetIQDRASecureStoragexxxxx.
Replace the current adamnts.dit file with the backup adamnts.dit file as indicated below:
Current file location: %ProgramData%/NetIQ/DRA/<DRAInstanceName>/data/
Backup file location: %ProgramData%/NetIQ/ADLDS/
Restart the AD LDS instance.
Dedicating one or more secondary Administration servers to run a previous DRA version locally at a site during upgrade can help minimize downtime and costly connections to remote sites. This step is optional and allows assistant administrators to use a previous DRA version throughout the upgrade process, until you are satisfied that your deployment is complete.
Consider this option if you have one or more of the following upgrade requirements:
You require little or no downtime.
You must support a large number of assistant administrators, and you are not able to upgrade all client computers immediately.
You want to continue supporting access to a previous DRA version after you upgrade the primary Administration server.
Your environment includes an MMS that spans across multiple sites.
You can install a new secondary Administration server or designate an existing secondary server running a previous DRA version. If you intend to upgrade this server, this server should be the last server you upgrade. Otherwise, completely uninstall DRA from this server when you successfully finish your upgrade.
Installing a new secondary Administration server at a local site can help you avoid costly connections to remote sites, and ensures your assistant administrators can continue using a previous DRA version without interruption. If your environment includes an MMS that spans across multiple sites, you should consider this option. For example, if your MMS consists of a primary Administration server at your London site and a secondary Administration server at your Tokyo site, consider installing a secondary server at the London site and adding it to the corresponding MMS. This additional server allows assistant administrators from the London site to use a previous DRA version until the upgrade is complete.
You can use an existing secondary Administration server as the dedicated server for a previous DRA version. If you do not plan to upgrade a secondary Administration server at a given site, you should consider this option. If you cannot dedicate an existing secondary server, consider installing a new Administration server for this purpose. Dedicating one or more secondary servers to run a previous DRA version allows your assistant administrators to continue using a previous DRA version without interruption until the upgrade is complete. This option works best in larger environments that use a centralized administration model.
Before you back up the previous DRA version registry or begin the upgrade process, ensure you synchronize the server sets so each Administration server contains the latest configuration and security settings.
NOTE:Ensure you made all necessary changes to the delegation, configuration, or policy settings for this MMS. Use the primary Administration server to modify these settings. Once you upgrade the primary Administration server, you cannot synchronize delegation, configuration, or policy settings to any Administration servers running previous DRA versions.
To synchronize your existing server set:
Log on to the primary Administration server as the Built-in Admin.
Open the Delegation and Configuration Console and expand Configuration Management.
Click Administration servers.
In the right pane, select the appropriate primary Administration server for this server set.
Click Properties.
On the Synchronization schedule tab, click Refresh Now.
Verify the successful completion of the synchronization, and that all secondary Administration servers are available.
Backing up the Administration server registry ensures that you can return to your previous configurations. For example, if you must completely uninstall the current DRA version and use the previous DRA version, having a backup of your previous registry settings allows you to easily recover your previous configuration and security settings.
However, be careful when editing your registry. If there is an error in your registry, the Administration server may not function as expected. If an error occurs during the upgrade process, you can use the backup of your registry settings to restore the registry. For more information, see the Registry Editor Help.
IMPORTANT:The DRA server version, Windows OS name and managed domain configuration must be exactly the same when restoring the registry.
IMPORTANT:Before upgrading, back up the Windows OS of the machine that is hosting DRA or create a virtual machine snapshot image of the machine.
To back up the Administration Server registry:
Run regedit.exe.
Right-click the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mission Critical Software\OnePoint node, and select Export.
Specify the name and location of the file to save the registry key, and click Save.