active-directory – 如何在USN回滚后保存域控制器而不重建整个服务器?

前端之家收集整理的这篇文章主要介绍了active-directory – 如何在USN回滚后保存域控制器而不重建整个服务器?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
今天我(再次……)对一个遭受了可怕的 USN rollback的域控制器进行了分类.此问题的标准解决方案是降级它然后再次将其推回,但主要问题是,降级不起作用,因为USN回滚条件阻止任何复制发生,因此不允许DC被降级执行其最终复制并优雅地死亡.通常,您最终会关闭服务器,从Active Directory中删除对它的任何引用,然后从头重新安装Windows.

但是,您可能在该服务器上有其他软件或数据;或者,如果降级就足够了,你可能根本不想完全重建它.

所以,我的问题是:如何成功降级遭受USN回滚的域控制器?

我尝试了什么:

我将服务器从网络中隔离出来,启动了降级过程,当被问到时,告诉它它是域中的最后一个DC;但它仍然抱怨这不是真的.

所以我从其Active Directory副本中删除了所有其他DC,然后执行与上面相同的操作;但是即使这次再次失败,还有一个关于无法复制目录分区的错误(对谁来说?它本来应该是唯一的DC!).

解决方法

TL; DR:dcpromo / forceremoval.

直接从AskDS博客

To correct this situation we need to do the following on the DC that
has the roll back issue.

1) Forcefully demote the DC by running dcpromo /forceremoval. This
will remove AD from the server without attempting to replicate any
changes off. Once it is done and you reboot the server and it will be
a standalone serve in a workgroup.

2) Run a Metadata cleanup of the DC that was demoted per KB article
216498 on one of the replication partners.

3) If the demoted server held any of the FSMO (Flexible Single Master
Operations) roles then use the KB article 255504 to seize the roles to
another DC.

4) Once replication has occurred end to end in your environment you
can rejoin the demoted server back to the domain then promote to a DC.

当你这样做时,你可能会在脚下开枪:

I isolated the server from the network,launched the demote process
and,when asked,told it it was the last DC in the domain; but it
still complained about this not being true.

So I removed all other DCs from its copy of the Active Directory,and
then did the same as above; but even this Failed again,with an error
about being unable to replicate a directory partition (to who? It was
supposed to be the only DC around!).

如果我上面粘贴的建议不起作用,你可能应该给MS打一个支持电话(并祈祷他们在你做完之后仍会支持你.)

编辑:为了清楚,你的标题问题的答案,“如何在USN回滚后保存域控制器?”是“你没有.”

我的意思是,你不必完全重建机器,(尽管包括我在内的大多数人会建议你),但它作为DC的使用目前已经结束了.强制从中删除AD,从域中取消它,在域的剩余部分清除元数据,完全复制并确保域健康,然后重新加入,最后重新启动.

猜你在找的HTML相关文章