By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Change OU of fsx for windows file server

0

Is it possible to change the OU of the fsx for windows file server?

I would like to know if my fsx is associated with the self managed ad, can I change the OU anytime?

any help is appreciated.

Topics
Storage
Tags
Amazon FSx for Windows File Server
Language
English
rePost-User-3933872
asked a year ago550 views
1 Answer
1
Accepted Answer

Hello there,

I understand that you want to change the OU of your Fsx for windows file server which is associated with the self-managed AD.

➜ It's mentioned in our documentation that "Do not move computer objects that Amazon FSx creates in the OU after your file system is created. Doing so will cause your file system to become misconfigured". Please refer the below document.

[+] Best practices for joining FSx for Windows File Server file systems to a self-managed Microsoft Active Directory domain - Delegating privileges to your Amazon FSx service account - https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD-best-practices.html#connect_delegate_privileges

➜ Unfortunately changing the OU is not directly supported, but there are ways you can look into to migrate/move to a new OU. I have given more context around this below along with links to documentation, which you may be already aware of -

  1. You can only perform limited amount of direct AD-related modifications on the existing FSx, which is service account credentials and DNS servers. These are documented here - [+] https://docs.aws.amazon.com/fsx/latest/WindowsGuide/update-self-ad-config.html

Based on the AD configuration you provide for the FSx and the service account you have setup, FSx creates objects and configurations in the AD to ensure proper functionality. Performing direct modifications to FSx and its objects hence cannot be done due to the many dependencies, and doing so may cause the FSx to be permanently be misconfigured. There is no guarantee on our ability to recover a file system should you delete, rename, or move a computer object that Amazon FSx created in an OU. The file system will continue to work if the computer object is moved to another OU, however, when Amazon FSx applied maintenance on the file system, it will transition into a Misconfigured state and you will not be able to access your file systems until the objects are moved back to the correct OU. Amazon FSx only looks into the OU that was specified on file system create as we do not scan your entire Active Directory.

  1. If you wish to move the FSx to a new OU, the recommended and fastest way is to restore a backup of the existing FSx into a new FSx. Then you can provide the new AD configuration for the new FSx. This is also a way to fix misconfigured FSx file systems.

To restore a manual or automatic backup into a new FSx, you can use this FSx documentation section - [+] Restoring backups - https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#restoring-backups

You can also use the AD validation process to ensure your new FSx will be joined properly to AD - [+] Validating your Active Directory configuration - https://docs.aws.amazon.com/fsx/latest/WindowsGuide/validate-ad-config.html

  1. Another manual workaround in this situation would be to create a fresh new FSx in the correct new OU, and migrate the data - [+] Migrating existing file storage to FSx for Windows File Server - https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-fsx.html

Here are some other relevant aspects :

I hope you find the above information helpful.

Have a great day further!

rePost-User-1373112
answered a year ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content