반품
-
질문
Create a DNS host record and created a SPN instead of changing all the synchronization targets every time we upgrade to a new server -
설명
We noticed that the synchronization is dependent on the servername of the GPOADmin service. So instead of changing all the synchronization targets every time we upgrade to a new server, we have the following solution:
Create a DNS host and created a SPN, is this supported solution? -
답변
We are essentially storing a server FQDN in the synchronization, and then remapping that FQDN in DNS to whatever server you wish to synchronize with. If you are permanently replacing the old server with a new one this theoretically should work as the outgoing server would be contacting the target server at the same FQDN. This is a transparent change to the source server.
The bigger question here is how the target server would operate by itself in such a situation. Likely clients could still connect to the target server's FQDN and then it should be ok. Please note however that remapping server FQDNs in DNS has not been tested in our environment and is thus not officially supported. If you wish to do this it would be on you to resolve any DNS lookup issues that may occur.
Additionally it would be important to ensure that the SPN you create is not used by any other service accounts, and does not map to any additional GPOADmin servers. If two servers map to the same FQDN there will be communication issues that are not supported.