Community
Select to view content in your preferred language

Is it possible to join an existing ArcGIS Enterprise machine to a Windows Active Directory domain?

420
4
06-17-2025 03:50 PM
JonSwoveland
by
Frequent Contributor
‎06-17-2025 03:50 PM

The TL;DR: Does anybody know if there is a workflow to join an existing ArcGIS Enterprise machine to a Windows AD Domain? 

I've got a single-machine-deployment of ArcGIS Enterprise (Server, Portal, Data Store) running on a Windows server in AWS that is not part of an Active Directory Domain.   My goal is to move the ArcGIS Server Site to a new machine.  Esri's support has explained the only way I can move an ArcGIS Server Site to a machine with a different host name is via the join-site and migrate procedure.   Of course this requires the server directories and config-store folders be placed on a network file share available to both the existing machine and new. 

The problem with this is that the only way I could do this is to create an AD Domain server, and add both machines to the domain.  Unfortunately. adding the existing ArcGIS Enterprise machine to the AD domain complete broke ArcGIS Server.  In my haste to restore the machine from a snapshot I failed to get a copy of the logs, but there were a lot of Java RMI errors that contained the new fully-qualified host name of the machine (including the windows domain name, e.g. "hostname.domain.local").  
 I suspect the server runtime is looking for configuration filenames or values based on the FQHN, as opposed to just the hostname.  

Cheers!

0 Kudos
4 Replies
TraeTimmerman
by
Occasional Contributor
‎06-18-2025 07:52 AM

Hey @JonSwoveland ,

I wouldn't suggest altering the hostname of an ArcGIS Enterprise host. If your only objective is to migrate ArcGIS Server to a new instance, I'd agree that the join-site method is most efficient.  You should be able to share a folder on either the new or the old instance and move your config-store and directories folders to the share. Just reference the private IP in the UNC path and ensure both instances can reach the share over SMB protocol. Create a local account on the new server with identical credentials (both username and password) as your ArcGIS Server service account on the existing server as use that account when installing ArcGIS Server on the new instance. Finally, ensure the service account has permissions to the folder and share. Migrate ArcGIS Enterprise with the Join Site operation—Portal for ArcGIS | Documentation for ArcGIS ...

Hope this helps.

JonSwoveland
by
Frequent Contributor
‎06-18-2025 01:00 PM

Thanks Trae, I appreciate the input.  I did try this approach at first, but did not think about creating accounts with the same username and password. I'll try this out and see if it works. 

 

0 Kudos
JonSwoveland
by
Frequent Contributor
‎06-18-2025 01:37 PM

Initial testing is promising, thanks again for the tips!

0 Kudos
JonSwoveland
by
Frequent Contributor
‎06-25-2025 11:50 AM

Well, I was really hoping I could accept your response with the solution, albeit to move the Portal and Data Store rather than the ArcGIS Server. 

Here are the steps I took on both machines (let's call them Host_A and Host_B, with Host_A being the existing host for all ArcGIS Enterprise components, and Host_B being host I want to move Portal and Data Store to). 

  • Made sure both hosts had local user accounts named .\arcgis, and both used the same password. 
  • On Host_B, I created a shared folder named arcgistemp and assigned READ/WRITE access to the .\arcgis user.
  • Verified ArcGIS Portal Windows Service was running as the .\arcgis account.
  • Logged on to Host_A and verified I had READ/WRITE access to \\Host_B\arcgistemp
  • Stopped the Portal Service on Host_A
  • Copied the Portal content folder (C:\arcgisportal\content) to \\Host_B\arcgistemp\content
  • Started the Portal Service on Host_A
  • Using Portal Administration Directory, updated the content path to \\Host_B\arcgistemp\content

After the last step, Portal stopped responding.  I couldn't even access the Portal Administration Directory to change the content path back to C:\arcgisportal\content. 

All of the configuration files under <PORTAL INSTALL FOLDER>\framework\etc include the warning not to edit those files directly, but to use the Administration Directory (of course I tried changing them, to no avail).

I even cracked open Portal's postgres database, found, and modified the entry in the cp_items table that contains the portal content path....in binary!

Is there seriously no way to modify the Portal content path if it is set to a location that, for whatever reason, is inaccessible? 

In the end, I was able to have Host_A recovered from a snapshot, but that was not an enjoyable experience.

So, what could have caused the issue accessing the shared folder \\Host_B\arcgistemp\content?

  • DNS? I have been relying on an entry in the Windows hosts file to resolve the IP address for Host_B. Is it possible the Java environment that Portal runs in doesn't recognise this? 
  • Format of the UNC path?  I was careful to use escape characters in the Json format (e.g. \\\\Host_B\\arcgistemp\\content).
  • Permissions? I verified the Portal Windows account could access those files as a logged-in user, so I don't know what else could go wrong there.

Back to the drawing board.

0 Kudos