Monday, December 21, 2009
Changing Domains and/or Domain Names with SMS 2003 and SCCM 2007
In SMS 2003 there are two security modes: Standard Security mode and Advanced Security mode. So what's the difference? Standard Security mode uses user accounts to run services, configure computers and connect between computers, whereas Advanced Security mode relies on Active Directory.
In System Center Configuration Manager (SCCM 2007) we also have two modes but they work a little bit different. The first is Mixed Mode which is analogous to Advanced Security mode in SMS 2003, and the second is Native Mode which takes the level of security even higher by integrating with a public key infrastructure (PKI) to help protect communication by using certificates.
Now unless you already know the answer to our original question about changing domains you're probably wondering what all this has to do with anything. The answer to that is because you can change domains in some modes but not others. If you're running SMS 2003 in Standard Security mode then yes, you can change domains. If you're running SMS 2003 in Advanced Security mode then no, you cannot change domains. So where does SCCM 2007 fit in all of this? Well, considering that with SCCM 2007 security starts with Mixed Mode (which is basically SMS 2003 Advanced Security mode) then that would tell us that changing domains in SCCM2007 is not supported at all.
Here's a chart that should help make this a little more clear:
I can't imagine too many folks running SMS 2003 in Standard Security mode these days so discarding that, what if you have to change the domain name? Unfortunately, if you find yourself in this scenario your only real recourse is a removal and reinstallation of the site. Not ideal, I know, but that's the reality of the situation so you'll want to take careful consideration of this when initially planning your hierarchy.