清理 Active Directory 域控制器服务器元数据Clean up Active Directory Domain Controller server metadata

适用于:Windows ServerApplies To: Windows Server

在强制删除 Active Directory 域服务 (AD DS) 后,元数据清除是必需的过程。Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS). 在已强制删除的域控制器的域中的域控制器上执行元数据清除。You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. 元数据清除将从标识域控制器的 AD DS 中删除数据到复制系统。Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system. 元数据清除还会删除文件复制服务 (FRS) 并分布式文件系统 (DFS) 复制连接,并尝试传输或获取已停用的域控制器所持有的任何操作主机 ((也称为灵活单主机操作或 FSMO) 角色)。Metadata cleanup also removes File Replication Service (FRS) and Distributed File System (DFS) Replication connections and attempts to transfer or seize any operations master (also known as flexible single master operations or FSMO) roles that the retired domain controller holds.

有三个选项可用于清理服务器元数据:There are three options to clean up server metadata:

  • 使用 GUI 工具清理服务器元数据Clean up server metadata by using GUI tools
  • 使用命令行清除服务器元数据Clean up server metadata using the command line
  • 使用脚本清理服务器元数据Clean up server metadata by using a script

备注

如果你在使用上述任一方法执行元数据清理时收到 "访问被拒绝" 错误,请确保域控制器的 "计算机" 对象和 "NTDS 设置" 对象不受意外删除的保护。If you receive an "Access is denied" error when you use any of these methods to perform metadata cleanup, make sure that the computer object and the NTDS Settings object for the domain controller are not protected against accidental deletion. 若要验证此操作,请右键单击 "计算机" 对象或 "NTDS 设置" 对象,单击 " 属性 ",单击 " 对象 ",并清除 " 防止对象被意外删除 " 复选框。To verify this right-click the computer object or the NTDS Settings object, click Properties , click Object , and clear the Protect object from accidental deletion check box. 在 Active Directory 用户和计算机 "中,如果单击" 查看 ",然后单击" 高级功能 ",则会显示对象的" 对象 "选项卡。In Active Directory Users and Computers, the Object tab of an object appears if you click View and then click Advanced Features .

使用 GUI 工具清理服务器元数据Clean up server metadata using GUI tools

使用远程服务器管理工具 (RSAT) 或 Windows Server 中包含的 Active Directory 用户和计算机控制台 (使用 Windows Server 删除域控制器计算机帐户时) OU (中,会自动执行服务器元数据的清除。When you use Remote Server Administration Tools (RSAT) or the Active Directory Users and Computers console (Dsa.msc) that is included with Windows Server to delete a domain controller computer account from the Domain Controllers organizational unit (OU), the cleanup of server metadata is performed automatically. 在 Windows Server 2008 之前,必须执行单独的元数据清理过程。Before Windows Server 2008, you had to perform a separate metadata cleanup procedure.

你还可以使用 Active Directory 站点和服务控制台 (Dssite.msc) 删除域控制器的计算机帐户,这也会自动完成元数据清理。You can also use the Active Directory Sites and Services console (Dssite.msc) to delete a domain controller's computer account, which also completes metadata cleanup automatically. 但是,仅当首次在 Dssite.msc 中的计算机帐户下删除 NTDS 设置对象时,Active Directory 站点和服务才会自动删除元数据。However, Active Directory Sites and Services removes the metadata automatically only when you first delete the NTDS Settings object below the computer account in Dssite.msc.

只要您使用的是 Windows Server 2008 或更高版本的 Dsa.msc 或 Dssite.msc,就可以为运行早期版本的 Windows 操作系统的域控制器自动清除元数据。As long as you are using the Windows Server 2008 or newer RSAT versions of Dsa.msc or Dssite.msc, you can clean up metadata automatically for domain controllers running earlier versions of Windows operating systems.

Domain Admins 中的成员身份或同等身份是完成这些过程所需的最低要求。Membership in Domain Admins , or equivalent, is the minimum required to complete these procedures.

使用 Active Directory 用户和计算机清除服务器元数据Clean up server metadata using Active Directory Users and Computers

  1. 打开“Active Directory 用户和计算机”。Open Active Directory Users and Computers .
  2. 如果已确定复制伙伴准备执行此过程,并且没有连接到已删除的域控制器的复制伙伴,并且该控制器的元数据已被清除,则右键单击 Active Directory 用户和计算机 "节点,然后单击" 更改域控制器 "。If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers node, and then click Change Domain Controller . 单击要删除其元数据的域控制器的名称,然后单击 "确定"Click the name of the domain controller from which you want to remove the metadata, and then click OK .
  3. 展开已被强制删除的域控制器的域,然后单击 " 域控制器 "。Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers .
  4. 在详细信息窗格中,右键单击要清除其元数据的域控制器的计算机对象,然后单击 " 删除 "。In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete .
  5. 在 " Active Directory 域服务 " 对话框中,确认要删除的域控制器的名称已显示,并单击 "是" 确认删除计算机对象。In the Active Directory Domain Services dialog box, confirm the name of the domain controller you wish to delete is shown, and click Yes to confirm the computer object deletion.
  6. 在 " 删除域控制器 " 对话框中,选择 " 此域控制器永久脱机,不能再使用 Active Directory 域服务安装向导 (DCPROMO) 降级 ",然后单击 " 删除 "。In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO) , and then click Delete .
  7. 如果域控制器是全局编录服务器,请在 " 删除域控制器 " 对话框中,单击 "是" 继续删除。If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
  8. 如果域控制器当前包含一个或多个操作主机角色,请单击 "确定" 将该角色或角色移至显示的域控制器。If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown. 不能更改此域控制器。You cannot change this domain controller. 如果要将该角色移到另一个域控制器,则必须在完成服务器元数据清理过程后移动该角色。If you want to move the role to a different domain controller, you must move the role after you complete the server metadata cleanup procedure.

使用 Active Directory 站点和服务清除服务器元数据Clean up server metadata using Active Directory Sites and Services

  1. 打开“Active Directory 站点和服务”。Open Active Directory Sites and Services.
  2. 如果已确定复制伙伴准备执行此过程,并且没有连接到已删除的域控制器的复制伙伴,并且该控制器的元数据是其元数据,请右键单击 Active Directory 站点和服务 ",然后单击" 更改域控制器 "。If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Sites and Services , and then click Change Domain Controller . 单击要删除其元数据的域控制器的名称,然后单击 "确定"Click the name of the domain controller from which you want to remove the metadata, and then click OK .
  3. 展开被强制删除的域控制器的站点,展开 " 服务器 ",展开域控制器的名称,右键单击 "NTDS 设置" 对象,然后单击 " 删除 "。Expand the site of the domain controller that was forcibly removed, expand Servers , expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete .
  4. 在 " Active Directory 站点和服务 " 对话框中,单击 "是" 以确认删除 NTDS 设置。In the Active Directory Sites and Services dialog box, click Yes to confirm the NTDS Settings deletion.
  5. 在 " 删除域控制器 " 对话框中,选择 " 此域控制器永久脱机,不能再使用 Active Directory 域服务安装向导 (DCPROMO) 降级 ",然后单击 " 删除 "。In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO) , and then click Delete .
  6. 如果域控制器是全局编录服务器,请在 " 删除域控制器 " 对话框中,单击 "是" 继续删除。If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
  7. 如果域控制器当前包含一个或多个操作主机角色,请单击 "确定" 将该角色或角色移至显示的域控制器。If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.
  8. 右键单击被强制删除的域控制器,然后单击 "删除"。Right-click the domain controller that was forcibly removed, and then click Delete.
  9. 在 " Active Directory 域服务 " 对话框中,单击 "是" 以确认删除域控制器。In the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.

使用命令行清除服务器元数据Clean up server metadata using the command line

作为替代方法,你可以通过使用 Ntdsutil.exe,这是一个命令行工具,自动安装在安装了 Active Directory 轻型目录服务 (AD LDS) 的所有域控制器和服务器上。As an alternative, you can clean up metadata by using Ntdsutil.exe, a command-line tool that is installed automatically on all domain controllers and servers that have Active Directory Lightweight Directory Services (AD LDS) installed. 安装了 RSAT 的计算机上也提供了 Ntdsutil.exe。Ntdsutil.exe is also available on computers that have RSAT installed.

使用 Ntdsutil 清理服务器元数据To clean up server metadata by using Ntdsutil

  1. 以管理员身份打开命令提示符:在 " 开始 " 菜单上,右键单击 " 命令提示符 ",然后单击 "以 管理员身份运行 "。Open a command prompt as an administrator: On the Start menu, right-click Command Prompt , and then click Run as administrator . 如果出现 " 用户帐户控制 " 对话框,请提供企业管理员凭据(如果需要),然后单击 " 继续 "。If the User Account Control dialog box appears, provide credentials of an Enterprise Administrator if required, and then click Continue .

  2. 在命令提示符下,键入以下命令,然后按 Enter:At the command prompt, type the following command, and then press ENTER:

    ntdsutil

  3. ntdsutil: 提示符下,键入以下命令,然后按 Enter:At the ntdsutil: prompt, type the following command, and then press ENTER:

    metadata cleanup

  4. metadata cleanup: 提示符下,键入以下命令,然后按 Enter:At the metadata cleanup: prompt, type the following command, and then press ENTER:

    remove selected server <ServerName>

  5. 在 " 服务器删除配置" 对话框 中,查看信息和警告,然后单击 "是" 以删除服务器对象和元数据。In Server Remove Configuration Dialog , review the information and warning, and then click Yes to remove the server object and metadata.

    此时,Ntdsutil 确认已成功删除域控制器。At this point, Ntdsutil confirms that the domain controller was removed successfully. 如果收到一条错误消息,指出找不到该对象,则可能已在之前删除域控制器。If you receive an error message that indicates that the object cannot be found, the domain controller might have been removed earlier.

  6. metadata cleanup:ntdsutil: 提示时,键入 quit ,然后按 enter。At the metadata cleanup: and ntdsutil: prompts, type quit, and then press ENTER.

  7. 确认删除域控制器:To confirm removal of the domain controller:

    打开“Active Directory 用户和计算机”。Open Active Directory Users and Computers. 在已删除的域控制器的域中,单击 " 域控制器 "。In the domain of the removed domain controller, click Domain Controllers . 在详细信息窗格中,不应出现您删除的域控制器的对象。In the details pane, an object for the domain controller that you removed should not appear.

    打开“Active Directory 站点和服务”。Open Active Directory Sites and Services. 导航到 " 服务器 " 容器,并确认删除的域控制器的服务器对象不包含 NTDS 设置对象。Navigate to the Servers container and confirm that the server object for the domain controller that you removed does not contain an NTDS Settings object. 如果服务器对象下未显示子对象,则可以删除该服务器对象。If no child objects appear below the server object, you can delete the server object. 如果出现子对象,请不要删除服务器对象,因为另一个应用程序正在使用该对象。If a child object appears, do not delete the server object because another application is using the object.

另请参阅See Also