How to remove NIS server role from all domain controllers before upgrading to Windows server 2019

Root Loop 1 Reputation point
2021-06-23T04:10:12.72+00:00

o we are currently have 4 2012R2 domain controllers with IDMU (Identity Management for Unix) and NIS server role installed. For NIS server role, one DC is in master mode, other 3 DCs are in subordinate mode.

We need to upgrade all Windows domain controllers to Server2019, meaning no IDMU and NIS will be supported any more, they have been removed since Windows Server 2016.

To be able to upgrade to Server2019, the NIS server role must be removed.

If you try upgrade to Windows Server 2016 from a Windows Server that runs any of the Identity Management for Unix (IDMU) components, the upgrade will stop and you will be prompted to remove the IDMU components

According to this link When you remove the master NIS server, another subordinate server must be assigned as master

If you remove Server for NIS while it is running on a master server, you must verify that another server is assigned the tasks of the master server. If other Windows-based subordinate NIS servers are in the domains supported by the master server that you remove, you must assign one of these servers the role of master server.

So here the questions come,

  1. I can remove 3 NIS subordinate servers first and upgrade them to 2019, but what I do to upgrade the last domain controller? I have no other NIS server in the domain to assign as the master, other 3 domain controllser are now server 2019 which has no NIX server role anymore.
  2. what happens to "NIS domain" created in server2012, there is no such attributes in server 2019.
  3. I can tell now based on the work I done so far, the IDMUs have been removed from few DCs and I successfully upgraded those DCs from 2012R2 to 2019, the Unix attributes are still there in 2019 DC because RFC2307 is still being supported by server2019. Only thing I dont know what could happen is after I remove the last NIS master server from one of the 2008R2 DC. not sure if that could cause any issue.
  4. Is there any office workaround for removing NIS master servers in server2016/2019?
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
{count} votes

3 answers

Sort by: Most helpful
  1. Anonymous
    2021-06-23T08:26:54.857+00:00

    Hi @Root Loop ,

    Thanks for posting here.

    Below is my response to your questions. Frankly speaking, I am not professional with this issue since I mainly focus on on-premises AD issue. I did some research and hope the findings could be of some help to you.

    1. IDMU and NIS will not be supported starting with Windows server 2016. So if we would like to upgrade all our domain controllers to Windows server 2019, IDMU and NIS should be removed.

    In our case, there is no server in the domain to assign as the master. We recommend to start planning for alternatives, for example: native LDAP, Samba Client, Kerberos or other non-Microsoft options.

    1. Sorry that I have no idea what will happen to NIS domain. Maybe as discussed above, we will need to look for alternatives.
    2. If we have concerns, I would suggest you open a case with MS so that we may get a more professional assistance.
      https://support.serviceshub.microsoft.com/supportforbusiness
    3. Below are the links I would like to share with you.

    https://learn.microsoft.com/zh-cn/archive/blogs/activedirectoryua/identity-management-for-unix-idmu-is-deprecated-in-windows-server

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731178(v=ws.11)?redirectedfrom=MSDN#BKMK_command

    108514-image.png

    Thanks a lot for your understanding and support.

    Best regards,
    Hannah Xiong

    1 person found this answer helpful.
    0 comments No comments

  2. Root Loop 1 Reputation point
    2021-06-24T19:55:44.153+00:00

    Thanks for your input, I have gone through all those articles before posting here, so far I have not found any official supporting document about my case. worst case, we just have to deal with the consequences after removing NIS servers.....


  3. Sajid Mumtaz 66 Reputation points
    2024-03-07T15:34:27.69+00:00

    @Root Loop Are you done with this? How you did it if you can give some detail about it.

    When you say upgrading, does this mean that you are upgrading the OS direct rather than installing a new Domain Controller as subordinate?

    DC has unix attributes in Attribute Editor that can be used for NIS.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.