-1

My organization currently is migrating Windows 2003 server domain controllers to Windows 2008. The process may finish in next half year or so.

Meanwhile we also want our Oracle database (on AIX 7.1) to integrate AD by using Kerberos protocol. I checked the reference document from Oracle, and apparently one of the step is to extract keytab file of certain domain account by running ktpass.exe command from domain controller server to get the secret key.

Now my question is if the domain controller is migrated to 2008R2 from 2003, will the secret key in keytab file be changed, I have to redo my Oracle integration again?

Thanks!

hardywang
  • 113
  • 6
  • I dont understand at 100% your question. You can add another domain controller and keep for test the 2003 still alive until your Oracle migration is finished, both AD server will sync. – yagmoth555 Jan 22 '16 at 15:36
  • @yagmoth555 I don't have control over domain controller servers. I just try to live with the current situation. I think I am very curious to know if there is any difference of keytab file generated from Win2003 and Win2008R2 of the same AD user account. – hardywang Jan 22 '16 at 16:14
  • 1
    When another DC is integrated the AD's database is just synced between them. The id should not change. – yagmoth555 Jan 22 '16 at 17:01

1 Answers1

1

No, the keytab file won't be changed and will continue to work.

However, the keytab file should be changed so that you may use modern encryption ciphers. Server 2003 does not support AES, while 2008 and above do.

84104
  • 12,698
  • 6
  • 43
  • 75