powered by Jive Software

SSO and removing retiring primary AD server

We have been running spark clients with SSO for a few years and it has been working very well.

We have two domain controllers and our primary domain controller needs retiring. We plan on creating a new DC to takes its place.

My question is if I remove the primary DC that I setup as the KDC will it still work or do I need to configure kerbros on the new DC.

In my testing I have changed the krb5.ini to kdc=old secondaryserver.domain.org and things seem to be working well although the primary server hasn’t been retired.