提升额外域为主域和恢复旧主域 - [Win_System(Vista之前平台)]

版权声明：转载时请以超链接形式标明文章原始出处和作者信息及本声明
http://jackysz.blogbus.com/logs/7012412.html

 

模拟系统：2003
模拟机器：2台
模拟域名：abc.com
模拟主域控制器计算机名：DC2
模拟额外域控制器计算机名：DC1
模拟DNS服务器：DC2

模拟故障情况：
1.DC2、DC1同时在线，DC2因特殊情况启动，但启动后故障无法登录系统，蓝屏严重崩溃.
主域崩溃，副域无法正常工作，如：
无法浏览abc.com 中 Active Directory用户和计算机，提示无法连接错误；
AD管理项目均报错，组策略.....等；
域用户无法登录；

测试解决方法：
1.DC1使用强占FSMO方式，夺取五个权限
  a.架构主机                Schema master
  b.域命名主机              Domain naming master
  c.相对标识号（RID）主机   RID master
  d.主域控制器模拟器        PDCE
  e.基础结构主机            Infrastructure master
2.将DC1设置为GC（全局编录）
3.在DC1安装DNS服务器
4.使用微软FSMO脚本验证，以确定FSMO是否正确

步骤：
1.命令行：ntdsutil
..........ntdsutil: metadata cleanup
..........metadata cleanup: select operation target
..........select operation target: connections
..........server connections: connect to domain abc.com
..........（此处有连接域名后会有凭证信息）
..........server connections:quit
..........select operation target: list sites
..........Found 1 site(s)
..........0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=com
..........select operation target: select site 0
..........Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=com
..........No current domain
..........No current server
..........No current Naming Context
..........select operation target: List domains in site
..........Found 1 domain(s)
..........0 - DC=abc,DC=com
..........Found 1 domain(s)
..........0 - DC=abc,DC=com
..........select operation target: select domain 0
..........Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=com
..........Domain - DC=abc,DC=com
..........No current server
..........No current Naming Context
..........select operation target: List servers for domain in site
..........Found 2 server(s)
..........0 - CN=DC-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=com
..........1 - CN=DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=com
..........select operation target: select server ０
..........select operation target: quit
..........metadata cleanup:Remove selected server
..........注意：2003到此会提示（是否强占信息，全部安确定，但会提示错误，不用理会）

2.打开 AD站点和服务 手动删除 DC2残留信息，并在DC1全局编录属性上打勾
1.打开‘Active Directory用户和计算机’-‘Domain Controllers’；
选中‘DC2’然后按删除，对话框‘选择第三项’；
2.打开‘管理站点和服务’-‘Site’-‘Default-First-Site-Name’-‘Servers’
1.点击‘DC2’；
a.选中分支‘NTDS Settings’；
b.点击‘删除’，对话框‘选择第三项’；
c.点击‘DCc2’然后按删除，对话框选择‘第三项’；

2.点击‘DC1’
a.选中分支‘NTDS Settings’
b.点击右键选择‘属性’，全局编录前打上勾；

3.安装DNS
4.测试DNS
5.重启后，在DC1上运行微软 FSMO 脚本验证一下，如提示五个权限已经为DC1代表已经成功
下为从Microsoft Technet网站下载脚本内容，直接复制到纯文本内，然后修改名称为FSMO.vbs就可以了.
Set objRootDSE = GetObject("LDAP://rootDSE")
' Schema Master
Set objSchema = GetObject("LDAP://" & objRootDSE.Get("schemaNamingContext"))
strSchemaMaster = objSchema.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strSchemaMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Forest-wide Schema Master FSMO: " & objComputer.Name
Set objNtds = Nothing
Set objComputer = Nothing
' Domain Naming Master
Set objPartitions = GetObject("LDAP://CN=Partitions," & _
                              objRootDSE.Get("configurationNamingContext"))
strDomainNamingMaster = objPartitions.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strDomainNamingMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Forest-wide Domain Naming Master FSMO: " & objComputer.Name
Set objNtds = Nothing
Set objComputer = Nothing
' PDC Emulator
Set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext"))
strPdcEmulator = objDomain.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strPdcEmulator)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's PDC Emulator FSMO: " & objComputer.Name
Set objNtds = Nothing
Set objComputer = Nothing
' RID Master
Set objRidManager = GetObject("LDAP://CN=RID Manager$,CN=System," & _
                              objRootDSE.Get("defaultNamingContext"))
strRidMaster = objRidManager.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strRidMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's RID Master FSMO: " & objComputer.Name
Set objNtds = Nothing
Set objComputer = Nothing
' Infrastructure Master
Set objInfrastructure = GetObject("LDAP://CN=Infrastructure," & _
                                  objRootDSE.Get("defaultNamingContext"))
strInfrastructureMaster = objInfrastructure.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strInfrastructureMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's Infrastructure Master FSMO: " & objComputer.Name

模拟故障情况：
2.在解决模拟故障因DC2主域控制器损坏，DC1强占FSMO测试，DC2重装系统后恢复为主域控制器；
测试解决方法：
1.DC2重装系统
2.以额外域控制器身份加入原域
3.通过在DC2使用ntdsutil命令将FSMO转移到DC2
4.在DC2安装DNS服务器
步骤：
1.命令行：ntdsutil
..........ntdsutil: metadata cleanup
..........metadata cleanup: select operation target
..........select operation target: connections
..........server connections: connect to domain abc.com
..........（此处有连接域名后会有凭证信息）
..........server connections:quit
..........metadata cleanup: quit
..........ntdsutil:roles
..........fsmo maintenace:transfer domain naming master
..........提示转移角色按确定
..........fsmo maintenace:transfer infrastructure master
..........提示转移角色按确定
..........fsmo maintenace:transfer PDC
..........提示转移角色按确定
..........fsmo maintenace:transfer RID master
..........提示转移角色按确定
..........fsmo maintenace:seize schema master
..........提示强占角色按确定
..........ntdsutil:quit
..........执行FSMO.vbs脚本检测，提示五个权限已经为DC2代表已经成功
2.在DC2上安装DNS服务器
3.可以使用Windows2003额外工具检测域数据库及DNS是否正确.

-------------------------------------------------------
...转移...fsmo maintenace:transfer schema master
...强占...fsmo maintenace:seize schema master
-------------------------------------------------------