DC03 —— DC02 —— DC01(FSMOs)
DC01拥有所有FSMO.尚未推广的DC03目前与DC02正常通信.所有FSMO角色都在DC01上.所有站点,子网和站点链接对象都已正确配置,以表示上面显示的网络情况.
DC03无法直接与DC01通信.
DC03上的DCPromo当前失败,因为DCPromo运行与FSMO角色持有者的直接网络连接的一些测试.它正在尝试将LDAP绑定到失败的RID主服务器,此时DCPromo假定RID主服务器处于脱机状态.但它不是脱机的.
有没有办法绕过连接测试? DC03目前正在与DC02同步,可以从中读取它想要的所有Active Directory.
我想过做一个Media From Media,但我想更多的确认它在我尝试之前它实际上是可行的,而且我没有看到任何证据表明IFM安装会跳过常规DCPromo所做的连接测试.
PS – 无需移动FSMO角色.
This TechNet article似乎暗示了这一点.
Place roles on domain controllers that are can be accessed by the computers that need access to a given role,especially on networks that are not fully routed. For example,to obtain a current or standby RID pool,or perform pass-through authentication,all DCs need network access to the RID and PDC role holders in their respective domains.
Domain controllers in sites C and D cannot access the RID master in site A to obtain an initial RID pool after the Active Directory installation and to refresh RID pools as they become depleted.
据我所知,站点链接桥接不适用于案例或RID发布,或PDC模拟器提供的服务,如失败的身份验证转发或时间同步,因为这些不依赖于复制,站点链接桥仅用于复制.必须与具有这些角色的DC直接连接.
