将域控制器升级到 Windows Server 2012 R2 和 Windows Server 2012Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012

适用于:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主题提供有关 Windows Server 2012 R2 和 Windows Server 2012 中的 Active Directory 域服务的背景信息,并说明了从 Windows Server 2008 或 Windows Server 2008 R2 升级域控制器的过程。This topic provides background information about Active Directory Domain Services in Windows Server 2012 R2 and Windows Server 2012 and explains the process for upgrading domain controllers from Windows Server 2008 or Windows Server 2008 R2.

域控制器升级步骤Domain controller upgrade steps

升级域的推荐方法是根据需要提升运行较新版本 Windows Server 的域控制器并降级较旧的域控制器。The recommended way to upgrade a domain is to promote domain controllers that run newer versions of Windows Server and demote older domain controllers as needed. 该方法优于升级现有域控制器的操作系统。That method is preferable to upgrading the operating system of an existing domain controller. 此列表涵盖在提升运行较新版本的 Windows Server 的域控制器之前要遵循的一般步骤:This list covers general steps to follow before you promote a domain controller that runs a newer version of Windows Server:

  1. 验证目标服务器是否满足 系统要求Verify the target server meets system requirements.

  2. 验证应用程序兼容性Verify Application compatibility.

  3. 验证安全设置。Verify security settings. 有关详细信息,请参阅 windows server 2012 中与 AD DS 相关的弃用功能和行为更改windows Server 2008 和 Windows server 2008 R2 中的安全默认设置For more information, see Deprecated features and behavior changes related to AD DS in Windows Server 2012 and Secure default settings in Windows Server 2008 and Windows Server 2008 R2.

  4. 从计划运行安装的计算机上检查与目标服务器的连接性。Check connectivity to the target server from the computer where you plan to run the installation.

  5. 检查所需操作主机角色的可用性:Check for availability of necessary operation master roles:

    • 若要在现有域和林中安装运行 Windows Server 2012 的第一个 DC,运行安装的计算机需要连接到架构主机,才能运行 adprep/forestprep 和基础结构主机以便运行 adprep/domainprep。To install the first DC that runs Windows Server 2012 in an existing domain and forest, the machine where you run the installation needs connectivity to the schema master in order to run adprep /forestprep and the infrastructure master in order to run adprep /domainprep.
    • 若要在已扩展林架构的域中安装第一个 DC,则只需连接至结构主机即可。To install the first DC in a domain where the forest schema is already extended, you only need connectivity to infrastructure master.
    • 若要在现有林中安装或删除域,则需要连接至域命名主机。To install or remove a domain in an existing forest, you need connectivity to the domain naming master.
    • 任何域控制器安装也要求连接至 RID 主机。Any domain controller installation also requires connectivity to the RID master.
    • 如果正在现有林中安装第一个只读域控制器,则需要为每一个应用程序目录分区(也称作非域命名上下文或 NDNC)连接至结构主机。If you are installing the first read-only domain controller in an existing forest, you need connectivity to the infrastructure master for each application directory partition, also known as a non-domain naming context or NDNC.
  6. 请确保提供必要的凭据以运行 AD DS 安装。Be sure to supply the necessary credentials to run the AD DS installation.

    安装操作Installation action 凭据要求Credential requirements
    安装一个新林Install a new forest 目标服务器上的本地管理员Local Administrator on the target server
    在现有林中安装一个新域Install a new domain in an existing forest 企业管理员Enterprise Admins
    在现有域中安装另一个 DCInstall an additional DC in an existing domain 域管理员Domain Admins
    运行 adprep /forestprepRun adprep /forestprep Schema Admins、Enterprise Admins 和 Domain AdminsSchema Admins, Enterprise Admins, and Domain Admins
    运行 adprep /domainprepRun adprep /domainprep 域管理员Domain Admins
    运行 adprep /domainprep /gpprepRun adprep /domainprep /gpprep 域管理员Domain Admins
    运行 adprep /rodcprepRun adprep /rodcprep 企业管理员Enterprise Admins

    你可以委托权限以安装 AD DS。You can delegate permissions to install AD DS. 有关详细信息,请参阅 安装管理任务For more information, see Installation Management Tasks.

下面的链接提供了通过 Windows PowerShell cmdlet 和服务器管理器,提升新的和副本 Windows Server 2012 域控制器的分步式指导说明:Steps-by-step instructions to promote new and replica Windows Server 2012 domain controllers using Windows PowerShell cmdlets and Server Manager can be found in the following links:

Windows 更新注意事项Windows Update considerations

在 Windows 8 发布前,Windows 更新曾管理自己的内部计划以检查更新,并下载和安装它们。Prior to the release of Windows 8, Windows Update managed its own internal schedule to check for updates, and to download and install them. 它要求 Windows 更新代理始终在后台运行,这会消耗内存和其他系统资源。It required that the Windows Update Agent was always running in the background, consuming memory and other system resources.

Windows 8 和 Windows Server 2012 引入了一种名为 自动维护的新功能。Windows 8 and Windows Server 2012 introduce a new feature called Automatic Maintenance. 自动维护整合了许多不同的功能,每个都曾用于管理自身的计划和执行逻辑。Automatic Maintenance consolidates many different features that each used to manage its own scheduling and execution logic. 这种整合允许所有这些组件使用更少的系统资源、持续工作、遵守新设备类型的新 连接待机 状态,并在便携设备上消耗更少的电量。This consolidation allows for all these components to use far less system resources, work consistently, respect the new Connected Standby state for new device types, and consume less battery on portable devices.

由于 Windows 更新是 Windows 8 和 Windows Server 2012 中的自动维护的一部分,因此它自身内部用于设置日期和时间以安装更新的计划不再有效。Because Windows Update is a part of Automatic Maintenance in Windows 8 and Windows Server 2012, its own internal schedule for setting a day and time to install updates is no longer effective. 要帮助确保企业中的所有设备和计算机的重新启动行为一致且可预测(包括运行 Windows 8 和 Windows Server 2012 的设备和计算机),请参阅 Microsoft 知识库文章 2885694 (或参阅 2013 年 10 月累积汇总 2883201),然后配置 WSUS 博客文章 使 Windows 8 和 Windows Server 2012 的 Windows 更新体验更可预测 (KB 2885694)中描述的策略设置。To help ensure consistent and predictable restart behavior for all devices and computers in your enterprise, including those that run Windows 8 and Windows Server 2012, see Microsoft KB article 2885694 (or see October 2013 cumulative rollup 2883201), then configure policy settings described in the WSUS blog post Enabling a more predictable Windows Update experience for Windows 8 and Windows Server 2012 (KB 2885694).

Windows Server 2012 R2 中 AD DS 有哪些新功能?What's new in AD DS in Windows Server 2012 R2?

下表概述了 Windows Server 2012 R2 中的 AD DS 的新增功能,并提供关于其适用情况的更详细信息的链接。The following table summarizes new features for AD DS in Windows Server 2012 R2, with a link to more detailed information where it is available. 有关某些功能的更为详细的解释(包括其要求),请参阅 Windows Server 2012 R2 中的 Active Directory 的新增功能For a more detailed explanation of some features, including their requirements, see What's New in Active Directory in Windows Server 2012 R2.

功能Feature 说明Description
工作区加入Workplace Join 使信息工作人员可以将其个人设备加入他们的公司,以访问公司资源和服务。Allows information workers to join their personal devices with their company to access company resources and services.
Web 应用程序代理Web Application Proxy 使用新的远程访问角色服务提供对 Web 应用程序的访问权限。Provides access to web application using a new Remote Access role service.
Active Directory 联合身份验证服务Active Directory Federation Services AD FS 具有简化的部署和改进功能,以使用户可以从个人设备访问资源,并帮助 IT 部门管理访问控制。AD FS has simplified deployment and improvements to enable users to access resources from personal devices and help IT departments manage access control.
SPN 和 UPN 唯一性SPN and UPN uniqueness 运行 Windows Server 2012 R2 的域控制器阻止创建重复的服务主体名称 (SPN) 和用户主体名称 (UPN)。Domain Controllers running Windows Server 2012 R2 block the creation of duplicate service principal names (SPNs) and user principal names (UPNs).
Winlogon 自动重启登录 (ARSO)Winlogon Automatic Restart Sign-On (ARSO) 使锁屏应用程序可重新启动并在 Windows 8.1 设备上可用。Enables lock screen applications to be restarted and available on Windows 8.1 devices.
TPM 密钥证明TPM Key Attestation 使 CA 可以在颁发的证书中以加密方式证明证书申请者私钥实际上由受信任的平台模块 (TPM) 保护。Enables CAs to cryptographically attest in an issued certificate that the certificate requester private key is actually protected by a Trusted Platform Module (TPM).
凭据保护和管理Credentials Protection and Management 用于减少凭据被盗的新凭据保护和域身份验证控件。New credential protection and domain authentication controls to reduce credential theft.
文件复制服务 (FRS) 已弃用Deprecation of File Replication Service (FRS) 还弃用 Windows Server 2003 域功能级别,因为在该功能级别上,FRS 用于复制 SYSVOL。The Windows Server 2003 domain functional level is also deprecated because at the functional level, FRS is used to replicate SYSVOL. 这意味着,当你在运行 Windows Server 2012 R2 的服务器上创建新域时,域功能级别必须是 Windows Server 2008 或更新版本。That means when you create a new domain on a server that runs Windows Server 2012 R2, the domain functional level must be Windows Server 2008 or newer. 你仍可以将运行 Windows Server 2012 R2 的域控制器添加到具有 Windows Server 2003 域功能级别的现有域;你不能在该级别创建新域。You can still add a domain controller that runs Windows Server 2012 R2 to an existing domain that has a Windows Server 2003 domain functional level; you just can't create a new domain at that level.
新的域和林功能级别New domain and forest functional levels Windows Server 2012 R2 具有新的功能级别。There are new functional levels for Windows Server 2012 R2. Windows Server 2012 R2 DFL 上提供新功能。New features are available at Windows Server 2012 R2 DFL.
LDAP 查询优化程序更改LDAP query optimizer changes 对复杂查询的 LDAP 搜索效率和 LDAP 搜索时间进行了性能改进。Performance improvement in LDAP search efficiency and LDAP search time of complex queries.
1644 事件改进1644 Event improvements LDAP 搜索结果统计信息已添加到事件 ID 1644 以帮助解决疑难问题。LDAP search result statistics were added to event ID 1644 to aid in troubleshooting.
Active Directory 复制吞吐量改进Active Directory replication throughput improvement 将最大 AD 复制吞吐量从 40Mbps 调整到 600 Mbps 左右Adjusts the maximum AD Replication throughput from 40Mbps to around 600 Mbps

Windows Server 2012 中 AD DS 有哪些新功能?What's new in AD DS in Windows Server 2012?

下表概述了 Windows Server 2012 中的 AD DS 的新增功能,并提供关于其适用情况的更详细信息的链接。The following table summarizes the new features for AD DS in Windows Server 2012, with a link to more detailed information where it is available. 有关某些功能的更多详细说明(包括其要求),请参阅 AD DS) 中 Active Directory 域服务 (的新增 功能。For a more detailed explanation of some features, including their requirements, see What's New in Active Directory Domain Services (AD DS).

功能Feature 说明Description
基于 Active Directory 的激活 (AD BA);请参阅 批量激活概述Active Directory-Based Activation (AD BA) see Volume Activation Overview 可以简化配置分发的任务及批量软件许可证的管理。Simplifies the task of configuring the distribution and management of volume software licenses.
Active Directory 联合身份验证服务 (AD FS)Active Directory Federation Services (AD FS) 增加了通过服务器管理器安装角色、简化的信任设置、自动的信任管理、支持 SAML 协议等。Adds role install via Server Manager, simplified trust-setup, automatic trust management, SAML-protocol support, and more.
Active Directory 丢失的页面刷新事件Active Directory lost page flush events 记录带有 jet 错误 1119 的 NTDS ISAM 事件 530,以便检测有无 Active Directory 数据库的丢失页面刷新事件。NTDS ISAM event 530 with jet error -1119 is logged to detect lost page flush events to Active Directory databases.
Active Directory 回收站用户界面Active Directory Recycle Bin User Interface Active Directory 管理中心 (ADAC) 新增了回收站功能(这项功能最初在 Windows Server 2008 R2 中引入)的图形用户界面 (GUI) 管理。Active Directory Administrative Center (ADAC) adds GUI management of recycle bin feature originally introduced in Windows Server 2008 R2.
使用 Windows PowerShell cmdlet 进行 Active Directory 复制和拓扑管理Active Directory Replication and Topology Windows PowerShell cmdlets 支持使用 Windows PowerShell 创建和管理 Active Directory 站点、站点链接、连接对象等。Supports the creation and management of Active Directory sites, site-links, connection objects, and more using Windows PowerShell.
动态访问控制Dynamic Access Control 新增基于声明的授权平台,可以改进旧的访问控制模型。New claims-based authorization platform that enhances the legacy access control model.
细化的密码策略用户界面Fine-Grained Password Policy User Interface ADAC 新增了 GUI 支持,可用于创建、编辑和分配最初在 Windows Server 2008 中加入的 PSO。ADAC adds GUI support for the creating, editing and assignment of PSOs originally added in Windows Server 2008.
组托管服务帐户 (gMSA)Group Managed Service Accounts (gMSA) 一种称作 gMSA 的新安全主体类型。A new security principal type known as a gMSA. 可以使用相同的 gMSA 帐户在多台主机上运行各种服务。Services running on multiple hosts can run under the same gMSA account.
DirectAccess 脱机加入域DirectAccess Offline Domain Join 可以通过包含 DirectAccess 先决条件,扩展脱机加入域。Extends offline domain-join by including DirectAccess prerequisites.
通过虚拟化域控制器 (DC) 克隆快速部署Rapid deployment via virtual domain controller (DC) cloning 通过使用 Windows PowerShell cmdlet 克隆现有的虚拟化域控制器,可以快速部署虚拟化 DC。Virtualized DCs can be rapidly deployed by cloning existing virtual domain controllers using Windows PowerShell cmdlets.
RID 池大小的更改RID pool changes 添加新的监视事件及配额,防止过度消耗全局 RID 池。Adds new monitoring events and quotas to safeguard against excessive consumption of the global RID pool. 如果最初的全局 RID 池已经用完,则可以选择将池的大小扩大一倍。Optionally doubles the size of the global RID pool if the original pool becomes exhausted.
安全的时间服务Secure Time service 通过在线删除机密、删除 MD5 哈希函数并要求服务器使用 Windows 8 时间客户端进行身份验证,可以提高 W32tm 的安全性Enhances security for W32tm by removing secrets from the wire, removing the MD5 hash functions and requiring the server to authenticate with Windows 8 time clients
虚拟化 DC 的 USN 回滚保护USN rollback protection for virtualized DCs 意外还原虚拟化 DC 的快照备份将不再会导致 USN 回滚。Accidentally restoring snapshot backups of virtualized DCs no longer causes USN rollback.
Windows PowerShell 历史记录查看器Windows PowerShell History Viewer 允许管理员查看在使用 ADAC 时执行的 Windows PowerShell 命令。Allow administrators to view the Windows PowerShell commands executed when using ADAC.

在 Windows 更新应用更新后的自动维护和对重新启动行为的更改Automatic Maintenance and changes to restart behavior after updates are applied by Windows Update

在 Windows 8 发布前,Windows 更新曾管理自己的内部计划以检查更新,并下载和安装它们。Prior to the release of Windows 8, Windows Update managed its own internal schedule to check for updates, and to download and install them. 它要求 Windows 更新代理始终在后台运行,这会消耗内存和其他系统资源。It required that the Windows Update Agent was always running in the background, consuming memory and other system resources.

Windows 8 和 Windows Server 2012 引入了一种名为 自动维护的新功能。Windows 8 and Windows Server 2012 introduce a new feature called Automatic Maintenance. 自动维护整合了许多不同的功能,每个都曾用于管理自身的计划和执行逻辑。Automatic Maintenance consolidates many different features that each used to manage its own scheduling and execution logic. 这种整合允许所有这些组件使用更少的系统资源、持续工作、遵守新设备类型的新 连接待机 状态,并在便携设备上消耗更少的电量。This consolidation allows for all these components to use far less system resources, work consistently, respect the new Connected Standby state for new device types, and consume less battery on portable devices.

由于 Windows 更新是 Windows 8 和 Windows Server 2012 中的自动维护的一部分,因此它自身内部用于设置日期和时间以安装更新的计划不再有效。Because Windows Update is a part of Automatic Maintenance in Windows 8 and Windows Server 2012, its own internal schedule for setting a day and time to install updates is no longer effective. 若要帮助企业中所有设备和计算机确保一致且可预测的重新启动行为(包括那些运行 Windows 8 和 Windows Server 2012 的计算机),你可以配置以下组策略设置:To help ensure consistent and predictable restart behavior for all devices and computers in your enterprise, including those that run Windows 8 and Windows Server 2012, you can configure the following Group Policy settings:

  • 计算机配置|策略|管理模板|Windows 组件|Windows 更新|配置自动更新Computer Configuration|Policies|Administrative Templates|Windows Components|Windows Update|Configure Automatic Updates
  • 计算机配置|策略|管理模板|Windows 组件|Windows 更新|不为登录的用户自动重新启动Computer Configuration|Policies|Administrative Templates|Windows Components|Windows Update|No auto-restart with logged on users
  • 计算机配置|策略|管理模板|Windows 组件|维护计划程序|维护随机延迟Computer Configuration|Policies|Administrative Templates|Windows Components|Maintenance Scheduler|Maintenance Random Delay

下表列出了一些如何配置这些设置以提供所需的重新启动行为的示例。The following table lists some examples of how to configure these settings to provide desired restart behavior.

方案Scenario **推荐的配置 () **Recommended configuration(s)
由 WSUS 管理WSUS managed

-每周安装一次更新- Install updates once per week
-在晚上11点重新启动星期五- Reboot Fridays at 11PM

将计算机设置为自动安装,在所需时间之前阻止自动重新启动Set machines to auto-install, prevent auto-reboot until desired time

策略****:配置自动更新(已启用)Policy: Configure Automatic Updates (Enabled)

配置自动更新: 4-自动下载并计划安装Configure automatic updating: 4 - Auto download and schedule the install

策略: (禁用已登录用户的自动重新启动) Policy: No auto-restart with logged-on users (Disabled)

WSUS 截止时间:设置为周五晚上 11 点WSUS deadlines: set to Fridays at 11PM

由 WSUS 管理WSUS managed

-在不同小时/天交错安装- Stagger installs across different hours/days

为应该一起更新的计算机的不同组设置目标组Set target groups for different groups of machines that should be updated together

为之前的方案使用上述步骤Use above steps for previous scenario

为不同的目标组设置不同的截止时间Set different deadlines for different target groups

非 WSUS 管理-不支持截止时间Not WSUS-managed - no support for deadlines

-在不同时间交错安装- Stagger installs at different times

策略****:配置自动更新(已启用)Policy: Configure Automatic Updates (Enabled)

配置自动更新: 4-自动下载并计划安装Configure automatic updating: 4 - Auto download and schedule the install

注册表项: 启用在 Microsoft 知识库文章 2835627Registry key: Enable the registry key discussed in Microsoft KB article 2835627

策略: 自动维护随机延迟(已启用)Policy: Automatic Maintenance Random Delay (Enabled)

为 6 小时随机延迟将“常规维护随机延迟”**** 设置为 PT6H 以提供以下行为:Set Regular maintenance random delay to PT6H for 6-hour random delay to provide the following behavior:

-将在配置的维护时间和随机延迟安装更新- Updates will install at the configured maintenance time plus a random delay

-重新启动每台计算机将在3天后发生- Restart for each machine will take place exactly 3 days later

此外,为每个计算机组设置不同的维护时间Alternatively, set a different maintenance time for each group of machines

有关 Windows 工程团队已实现这些更改的原因的详细信息,请参阅 在 Windows Update 的自动更新中尽量减少重新启动For more information about why the Windows engineering team implemented these changes, see Minimizing restarts after automatic updating in Windows Update.

AD DS 服务器角色安装变更AD DS server role installation changes

在 Windows Server 2003 到 Windows Server 2008 R2 版本中,你需要在运行 Active Directory 安装向导 (Dcpromo.exe) 之前,先运行 Adprep.exe 命令行工具的 x86 或 X64 版本,Dcpromo.exe 包含可供选择的变体,既可以从媒体安装,也可以进行无人参与的安装。In Windows Server 2003 through Windows Server 2008 R2, you ran the x86 or X64 version of the Adprep.exe command-line tool before running the Active Directory Installation Wizard, Dcpromo.exe, and Dcpromo.exe had optional variants to install from media or for unattended installation.

从 Windows Server 2012 开始,通过使用 Windows PowerShell 中的 ADDSDeployment 模块执行命令行安装。Beginning in Windows Server 2012, command-line installations are performed by using the ADDSDeployment Module in Windows PowerShell. 基于 GUI 的升级是通过使用全新的 AD DS 配置向导在服务器管理器中执行的。GUI-based promotions are performed in Server Manager using a completely new AD DS Configuration Wizard. 为了简化安装过程,ADPREP 已经被集成到 AD DS 安装中,并且可以根据需要自动运行。To simplify the installation process, ADPREP has been integrated into the AD DS installation and runs automatically as needed. 基于 Windows PowerShell 的 AD DS 配置向导会自动以添加了 Dc 的域中的架构和基础结构主机角色为目标,然后在相关域控制器上远程运行所需的 ADPREP 命令。The Windows PowerShell-based AD DS Configuration Wizard automatically targets the schema and infrastructure master roles in the domains where DCs are being added, then remotely runs the required ADPREP commands on the relevant domain controllers.

AD DS 安装向导中的先决条件检查可以在开始安装之前识别潜在的错误。Prerequisite checks in the AD DS Installation Wizard identify potential errors before the installation begins. 错误的条件能够得到纠正以消除仅完成部分升级的顾虑。Error conditions can be corrected to eliminate concerns from a partially complete upgrade. 该向导还将导出一个 Windows PowerShell 脚本,其中包含图形安装期间指定的所有选项的。The wizard also exports a Windows PowerShell script that contains all the options that were specified during the graphical installation.

综上所述,AD DS 安装变更简化了 DC 角色的安装过程,减少了出现管理错误的可能性,当你在全局区域和域中部署多个域控制器时尤其如此。Taken together, the AD DS installation changes simplify the DC role installation process and reduce the likelihood of administrative errors, especially when you are deploying multiple domain controllers across global regions and domains. 有关 GUI 和基于 Windows PowerShell 的安装的更多详细信息,包括命令行语法以及分步式向导的指导说明,请参阅 安装 Active Directory 域服务More detailed information on GUI and Windows PowerShell-based installations, including command line syntax and step-by-step wizard instructions, see Install Active Directory Domain Services. 如果管理员需要独立于现有林中 Windows Server 2012 DC 安装过程,而控制某个 Active Directory 林中架构变更的引入,则该管理员仍然可以使用提升的命令提示符运行 Adprep.exe 命令。For administrators that want to control the introduction of schema changes in an Active Directory forest independent of the installation of Windows Server 2012 DCs in an existing forest, Adprep.exe commands can still be run at an elevated command prompt.

与 AD DS 有关的变化包括:There are some changes related to AD DS:

  • 弃用 Adprep32.exeDeprecation of Adprep32.exe
    • Adprep.exe 只有一种版本,可以根据需要在运行 Windows Server 2008 或更高版本的 64 位服务器上运行它。There is only one version of Adprep.exe and it can be run as needed on 64-bit servers that run Windows Server 2008 or later. 你可以远程运行 Adprep.exe,如果在 32 位操作系统或 Windows Server 2003 上托管目标操作主机角色,则必须远程运行该程序。It can be run remotely, and must be run remotely if that targeted operations master role is hosted on a 32-bit operating system or Windows Server 2003.
  • 弃用 Dcpromo.exeDeprecation of Dcpromo.exe
    • Dcpromo 已弃用,但在 Windows Server 2012 中,它仍可以使用应答文件或命令行参数运行,从而使组织能够时间将现有的自动化转换为新的 Windows PowerShell 安装选项。Dcpromo is deprecated although in Windows Server 2012 only it can still be run with an answer file or command line parameters to give organizations time to transition existing automation to the new Windows PowerShell installation options.
  • 针对用户帐户禁用 LMHashLMHash is disabled on user accounts
    • Windows Server 2008、Windows Server 2008 R2 和 Windows Server 2012 上安全模板中的安全默认设置均启用了 NoLMHash 策略,而该项策略在 Windows 2000 和 Windows Server 2003 域控制器的安全模板中则是被禁用的。Secure defaults in Security templates on Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 enable the NoLMHash policy which is disabled in the security templates of Windows 2000 and Windows Server 2003 domain controllers. 请参阅知识库文章 946405中介绍的步骤,按照要求,禁用依赖于 LMHash 客户端的 NoLMHash 策略。Disable the NoLMHash policy for LMHash-dependent clients as required, using the steps in KB article 946405.

从 Windows Server 2008 开始,域控制器还具有以下安全默认设置,与运行 Windows Server 2003 或 Windows 2000 的域控制器相比。Beginning with Windows Server 2008 , domain controllers also have the following secure default settings, compared to domain controllers that run Windows Server 2003 or Windows 2000.

加密类型或策略Encryption type or policy Windows Server 2008 默认设置Windows Server 2008 default Windows Server 2012 和 Windows Server 2008 R2 默认设置Windows Server 2012 and Windows Server 2008 R2 default 评论Comment
AllowNT4CryptoAllowNT4Crypto 已禁用Disabled 已禁用Disabled 第三方服务器消息块 (SMB) 客户端可能与域控制器上的安全默认设置不兼容。Third-party Server Message Block (SMB) clients may be incompatible with the secure default settings on domain controllers. 在所有情况下,可以通过放宽这些设置来允许交互操作,但这终将是以牺牲安全性为代价。In all cases, these settings can be relaxed to allow interoperability, but only at the expense of security. 有关详细信息,请参阅 Microsoft 知识库中的 文章 942564 (https://go.microsoft.com/fwlink/?LinkId=164558) 。For more information, see article 942564 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=164558).
DESDES 已启用Enabled 已禁用Disabled Microsoft 知识库中的文章 977321 (https://go.microsoft.com/fwlink/?LinkId=177717)Article 977321 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=177717)
集成身份验证的 CBT/扩展保护CBT/Extended Protection for Integrated Authentication 不适用N/A 已启用Enabled 请参阅 microsoft 知识库 (中的 Microsoft 安全公告 (937811) (https://go.microsoft.com/fwlink/?LinkId=164559) 和 文章 976918 https://go.microsoft.com/fwlink/?LinkId=178251) 。See Microsoft Security Advisory (937811) (https://go.microsoft.com/fwlink/?LinkId=164559) and article 976918 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=178251).

按照要求,查看并安装 Microsoft 知识库 文章 977073 (中的修补程序 https://go.microsoft.com/fwlink/?LinkId=186394) 。Review and install the hotfix in article 977073 (https://go.microsoft.com/fwlink/?LinkId=186394) in the Microsoft Knowledge Base as required.

LMv2LMv2 已启用Enabled 已禁用Disabled Microsoft 知识库中的文章 976918 (https://go.microsoft.com/fwlink/?LinkId=178251)Article 976918 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=178251)

操作系统要求Operating system requirements

下表列出了 Windows Server 2012 的最低系统要求。The minimum system requirements for Windows Server 2012 are listed in the following table. 有关系统要求的更多信息以及预安装信息,请参阅 安装 Windows Server 2012For more information about system requirements and pre-installation information, see Installing Windows Server 2012. 安装一个新的 Active Directory 林时,并无其他额外的系统要求。但是为了提高域控制器、LDAP 客户端请求以及启用了 Active Directory 的应用程序的性能,应当增加足够的内存以此来缓存 Active Directory 数据库中的内容。There are no additional system requirements to install a new Active Directory forest, but you should add sufficient memory to cache the contents of Active Directory database in order to improve performance for domain controllers, LDAP client requests, and Active Directory-enabled applications. 如果要升级现有域控制器或将新域控制器添加到现有林,请查阅下一部分,以确保服务器满足磁盘空间要求。If you are upgrading an existing domain controller or adding a new domain controller to an existing forest, review the next section to ensure the server meets disk space requirements.

要求Requirement Value
处理器Processor 1.4 GHz 64 位处理器1.4 Ghz 64-bit processor
RAMRAM 512 MB512 MB
可用磁盘空间要求Free disk space requirements 32 GB32 GB
屏幕分辨率Screen resolution 800 x 600 或更高800 x 600 or higher
杂项Miscellaneous DVD 驱动器、键盘、Internet 访问权限DVD drive, keyboard, Internet access

升级域控制器的磁盘空间要求Disk space requirements for upgrading domain controllers

本部分介绍仅用于从 Windows Server 2008 或 Windows Server 2008 R2 升级域控制器的磁盘空间要求。This section covers disk space requirements only for upgrading domain controllers from Windows Server 2008 or Windows Server 2008 R2 . 有关将域控制器升级到早期版本的 Windows Server 的磁盘空间要求的详细信息,请参阅 升级到 Windows Server 2008 的磁盘空间要求升级到 Windows Server 2008 R2 的磁盘空间要求For more information about disk space requirements for upgrading domain controllers to earlier versions of Windows Server, see Disk space requirements for upgrading to Windows Server 2008 or Disk space requirements for upgrading to Windows Server 2008 R2.

为了容纳自定义的和应用程序驱动的架构扩展、应用程序以及管理员启动的索引,需要向托管 Active Directory 数据库和日志文件的磁盘分配空间;此外,还需要为部署域控制器期间(通常为 5 至 8 年)添加到目录中的对象和属性提供空间。Size the disk that hosts the Active Directory database and log files in order to accommodate the custom and application-driven schema extensions, application and administrator-initiated indexes, plus space for the objects and attributes that you will be added to the directory over deployment life of the domain controller (typically 5 to 8 years). 在部署时就分配适当的磁盘空间通常是一项可靠的投资,相比较而言,如果完成部署后再扩展磁盘存储空间,则需要花费更多的成本。Right sizing at deployment time is typically a good investment compared to greater touch costs required to expand disk storage after deployment. 有关详细信息,请参阅 Active Directory 域服务的容量规划For more information, see Capacity Planning for Active Directory Domain Services.

在计划升级的域控制器上,请在开始升级操作系统之前,先确保托管 Active Directory 数据库 (NTDS.DIT) 的驱动器至少具有相当于 NTDS.DIT 文件大小 20% 的可用磁盘空间。On domain controllers that you plan to upgrade, make sure that the drive that hosts the Active Directory database (NTDS.DIT) has free disk space that represents at least 20% of the NTDS.DIT file before you begin the operating system upgrade. 如果卷上没有足够的可用磁盘空间,升级将会失败并且升级兼容性报告将返回错误,指明可用磁盘空间不足:If there is insufficient free disk space on the volume, the upgrade can fail and the upgrade compatibility report returns an error indicating insufficient free disk space:

在这种情况下,可以尝试 Active Directory 数据库的脱机碎片整理,以重新获得附加空间,然后重试升级。In this case, you can try an offline defragmentation of the Active Directory database to recapture additional space, and then retry the upgrade. 有关详细信息,请参阅 压缩目录数据库文件(脱机碎片整理)For more information, see Compact the Directory Database File (Offline Defragmentation).

可用的 SKUAvailable SKUs

有 4 个版本的 Windows Server:Foundation、Essentials、Standard 和 Datacenter。There are 4 editions of Windows Server: Foundation, Essentials, Standard and Datacenter. 其中,支持 AD DS 角色的两种版本分别是 Standard 和 Datacenter。The two editions that support the AD DS role are Standard and Datacenter.

在以前的发行版本中,Windows Server 各个版本在其服务器角色的支持方面、处理器计数以及大量内存支持方面均有不同。In previous releases, Windows Server editions differed in their support of server roles, processor counts and large memory support. Windows Server 的 Standard 和 Datacenter 版本支持所有功能和基础硬件,但其虚拟化权限不同-标准版允许两个虚拟实例,而 Datacenter edition 允许使用无限制的虚拟实例。The Standard and Datacenter editions of Windows Server support all features and underlying hardware but vary in their virtualization rights - two virtual instances are allowed for Standard edition and unlimited virtual instances are allowed for Datacenter edition.

支持加入 Windows Server 域的 Windows 客户端和 Windows Server 操作系统Windows client and Windows Server operating systems that are supported to join Windows Server domains

具有运行 Windows Server 2012 或更高版本的域控制器的域成员计算机支持下列 Windows 客户端和 Windows Server 操作系统:The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012 or later:

  • 服务器操作系统:Windows Server 2012 R2、Windows Server 2012、Windows Server 2008 R2、Windows Server 2008、Windows Server 2003 R2、Windows Server 2003Server operating systems: Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003

支持的就地升级路径Supported in-place upgrade paths

运行64位版本的 Windows Server 2008 或 Windows Server 2008 R2 的域控制器可以升级到 Windows Server 2012。Domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 can be upgraded to Windows Server 2012 . 运行 Windows Server 2003 或 Windows Server 2008 32 位版本的域控制器则无法升级。You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. 若要替换它们,请在域中安装运行更新版本的 Windows Server 的域控制器,然后删除运行 Windows Server 2003 的域控制器。To replace them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.

如果运行下列版本If you are running these editions 可以升级到这些版本You can upgrade to these editions
带有 SP2 的 Windows Server 2008 StandardWindows Server 2008 Standard with SP2

要么OR

带有 SP2 的 Windows Server 2008 EnterpriseWindows Server 2008 Enterprise with SP2

Windows Server 2012 StandardWindows Server 2012 Standard

要么OR

Windows Server 2012 DatacenterWindows Server 2012 Datacenter

带有 SP2 的 Windows Server 2008 DatacenterWindows Server 2008 Datacenter with SP2 Windows Server 2012 DatacenterWindows Server 2012 Datacenter
Windows Web Server 2008Windows Web Server 2008 Windows Server 2012 StandardWindows Server 2012 Standard
带有 SP1 的 Windows Server 2008 R2 StandardWindows Server 2008 R2 Standard with SP1

要么OR

带有 SP1 的 Windows Server 2008 R2 EnterpriseWindows Server 2008 R2 Enterprise with SP1

Windows Server 2012 StandardWindows Server 2012 Standard

要么OR

Windows Server 2012 DatacenterWindows Server 2012 Datacenter

带有 SP1 的 Windows Server 2008 R2 DatacenterWindows Server 2008 R2 Datacenter with SP1 Windows Server 2012 DatacenterWindows Server 2012 Datacenter
Windows Web Server 2008 R2Windows Web Server 2008 R2 Windows Server 2012 StandardWindows Server 2012 Standard

有关支持的升级路径的详细信息,请参阅 Windows Server 2012 的评估版本和升级选项For more information about supported upgrade paths, see Evaluation Versions and Upgrade Options for Windows Server 2012. 注意:你无法将运行 Windows Server 2012 评估版的域控制器直接转换为零售版本。Note that you cannot convert a domain controller that runs an evaluation version of Windows Server 2012 directly to a retail version. 相反,应该在服务器上安装另一个运行零售版本的域控制器,并从运行评估版的域控制器中删除 AD DS。Instead, install an additional domain controller on a server that runs a retail version and remove AD DS from the domain controller that runs on the evaluation version.

由于已知问题,你无法将运行 Windows Server 2008 R2 的服务器核心安装的域控制器升级到 Windows Server 2012 的服务器核心安装。Due to a known issue, you cannot upgrade a domain controller that runs a Server Core installation of Windows Server 2008 R2 to a Server Core installation of Windows Server 2012 . 在升级过程的后期,升级将会终止,彻底黑屏。The upgrade will hang on a solid black screen late in the upgrade process. 如果重新启动此类 DC,则会显示 boot.ini 文件中的一个选项,允许回滚到以前的操作系统版本。Rebooting such DCs exposes an option in boot.ini file to roll back to the previous operating system version. 再次重新启动将触发系统自动回滚到以前的操作系统版本。An additional reboot triggers the automatic rollback to the previous operating system version. 在解决方案可用之前,建议安装新的域控制器运行 Windows Server 2012 的服务器核心安装,而不是就地升级运行 Windows Server 2008 R2 的服务器核心安装的现有域控制器。Until a solution is available, it is recommended that you install a new domain controller running a Server Core installation of Windows Server 2012 instead of in-place upgrading an existing domain controller that runs a Server Core installation of Windows Server 2008 R2. 有关详细信息,请参阅知识库文章 2734222For more information, see KB article 2734222.

功能级别的功能和要求Functional level features and requirements

Windows Server 2012 需要 Windows Server 2003 林功能级别。Windows Server 2012 requires a Windows Server 2003 forest functional level. 也就是说,在将运行 Windows Server 2012 的域控制器添加到现有 Active Directory 林之前,林功能级别必须是 Windows Server 2003 或更高版本。That is, before you can add a domain controller that runs Windows Server 2012 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. 这意味着运行 Windows Server 2008 R2、Windows Server 2008 或 Windows Server 2003 的域控制器可以在同一个林中操作,但是不支持运行 Windows 2000 Server 的域控制器,而且它会阻止安装运行 Windows Server 2012 的域控制器。This means that domain controllers that run Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 can operate in the same forest, but domain controllers that run Windows 2000 Server are not supported and will block installation of a domain controller that runs Windows Server 2012. 如果林包含运行 Windows Server 2003 或更高版本的域控制器,但是域功能级别仍是 Windows 2000,则安装也会被阻止。If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked.

在将 Windows Server 2012 域控制器添加到林之前,必须先删除 Windows 2000 域控制器。Windows 2000 domain controllers must be removed prior to adding Windows Server 2012 domain controllers to your forest. 对于这种情况,请考虑下列工作流:In this case, consider the following workflow:

  1. 安装运行 Windows Server 2003 或更高版本的域控制器。Install domain controllers that run Windows Server 2003 or later. 这些域控制器可以部署在 Windows Server 的评估版上。These domain controllers can be deployed on an evaluation version of Windows Server. 作为先决条件,该步骤还要求为此操作系统版本 运行 adprep.exeThis step also requires running adprep.exe for that operating system release as a prerequisite.
  2. 删除 Windows 2000 域控制器。Remove the Windows 2000 domain controllers. 具体来说,从域中适当降级或强制性删除 Windows Server 2000 域控制器,并且使用“Active Directory 用户和计算机”,将所有已删除的域控制器的域控制器帐户删除。Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.
  3. 将林功能级别提升到 Windows Server 2003 或更高版本。Raise the forest functional level to Windows Server 2003 or higher.
  4. 安装运行 Windows Server 2012 的域控制器。Install domain controllers that run Windows Server 2012.
  5. 删除运行 Windows Server 早期版本的域控制器。Remove domain controllers that run earlier versions of Windows Server.

新的 Windows Server 2012 域功能级别启用一个新功能: " KDC 支持声明、复合身份验证和 Kerberos 保护" kdc 管理模板策略具有两个设置 (始终提供 要求 Windows Server 2012 域功能级别) 的声明和 未保护身份验证请求The new Windows Server 2012 domain functional level enables one new feature: the KDC support for claims, compound authentication, and Kerberos armoring KDC administrative template policy has two settings (Always provide claims and Fail unarmored authentication requests) that require Windows Server 2012 domain functional level.

Windows Server 2012 林功能级别不提供任何新功能,但可确保在林中创建的任何新域都将在 Windows Server 2012 域功能级别上自动运行。The Windows Server 2012 forest functional level does not provide any new features, but it ensures that any new domain created in the forest will automatically operate at the Windows Server 2012 domain functional level. Windows Server 2012 域功能级别不提供 KDC 支持声明、复合身份验证和 Kerberos 保护之外的其他新功能。The Windows Server 2012 domain functional level does not provide other new features beyond KDC support for claims, compound authentication, and Kerberos armoring. 但它会确保域中的任何域控制器都运行 Windows Server 2012。But it ensures that any domain controller in the domain runs Windows Server 2012 . 有关不同功能级别提供的其他功能的详细信息,请参阅 了解 Active Directory 域服务 (AD DS) 功能级别For more information about other features that are available at different functional levels, see Understanding Active Directory Domain Services (AD DS) Functional Levels.

将林功能级别设置为某个值之后,就不能回滚或降低林功能级别,但有以下例外:将林功能级别提升到 Windows Server 2012 后,可以将其降低到 Windows Server 2008 R2。After you set the forest functional level to a certain value, you cannot roll back or lower the forest functional level, with the following exceptions: after you raise the forest functional level to Windows Server 2012 , you can lower it to Windows Server 2008 R2 . 如果尚未启用 Active Directory 回收站,还可以将林功能级别从 Windows Server 2012 降级到 Windows Server 2008 R2 或 Windows server 2008 或从 Windows Server 2008 R2 降低为 Windows Server 2008。If Active Directory Recycle Bin has not been enabled, you can also lower the forest functional level from Windows Server 2012 to Windows Server 2008 R2 or Windows Server 2008 or from Windows Server 2008 R2 back to Windows Server 2008 . 例如,如果将林功能级别设置为 Windows Server 2008 R2,则无法将其回滚到 Windows Server 2003。If the forest functional level is set to Windows Server 2008 R2 , it cannot be rolled back, for example, to Windows Server 2003.

将域功能级别设置为特定值后,你不能回滚或降低域功能级别,但以下情况例外:当你将域功能级别提升到 Windows Server 2008 R2 或 Windows Server 2012 时,如果林功能级别为 Windows Server 2008 或更低,则可以选择将域功能级别回滚到 Windows Server 2008 或 Windows Server 2008 R2。After you set the domain functional level to a certain value, you cannot roll back or lower the domain functional level, with the following exceptions: when you raise the domain functional level to Windows Server 2008 R2 or Windows Server 2012 , and if the forest functional level is Windows Server 2008 or lower, you have the option of rolling the domain functional level back to Windows Server 2008 or Windows Server 2008 R2 . 只能将域功能级别从 Windows Server 2012 降级到 Windows Server 2008 R2 或 Windows server 2008 或从 Windows Server 2008 R2 降低到 Windows Server 2008。You can lower the domain functional level only from Windows Server 2012 to Windows Server 2008 R2 or Windows Server 2008 or from Windows Server 2008 R2 to Windows Server 2008 . 如果域功能级别设置为 Windows Server 2008 R2,则无法将其回滚到 Windows Server 2003。If the domain functional level is set to Windows Server 2008 R2 , it cannot be rolled back, for example, to Windows Server 2003.

有关较低功能级别提供的功能的详细信息,请参阅 了解 Active Directory 域服务 (AD DS) 功能级别For more information about features that are available at lower functional levels, see Understanding Active Directory Domain Services (AD DS) Functional Levels.

除了功能级别以外,运行 Windows Server 2012 的域控制器还提供运行早期版本 Windows Server 的域控制器上不可用的其他功能。Beyond functional levels, a domain controller that runs Windows Server 2012 provides additional features that are not available on a domain controller that runs an earlier version of Windows Server. 例如,运行 Windows Server 2012 的域控制器可用于虚拟域控制器克隆,而运行早期版本 Windows Server 的域控制器则不能。For example, a domain controller that runs Windows Server 2012 can be used for virtual domain controller cloning, whereas a domain controller that runs an earlier version of Windows Server cannot. 但 Windows Server 2012 中的虚拟域控制器克隆和虚拟域控制器保护不具有任何功能级别要求。But virtual domain controller cloning and virtual domain controller safeguards in Windows Server 2012 do not have any functional level requirements.

备注

Microsoft Exchange Server 2013 要求林功能级别为 Windows server 2003 或更高版本。Microsoft Exchange Server 2013 requires a forest functional level of Windows server 2003 or higher.

AD DS 与其他服务器角色及 Windows 操作系统的互操作性AD DS interoperability with other server roles and Windows operating systems

下列 Windows 操作系统不支持 AD DS:AD DS is not supported on the following Windows operating systems:

  • Windows MultiPoint ServerWindows MultiPoint Server
  • Windows Server 2012 EssentialsWindows Server 2012 Essentials

无法将 AD DS 安装在同时运行下列服务器角色或角色服务的服务器上:AD DS cannot be installed on a server that also runs the following server roles or role services:

  • Hyper-V ServerHyper-V Server
  • 远程桌面连接代理Remote Desktop Connection Broker

操作主机角色Operations master roles

Windows Server 2012 中的一些新功能影响操作主机角色:Some new features in Windows Server 2012 affect operations master roles:

  • PDC 仿真器必须运行 Windows Server 2012,以支持克隆虚拟域控制器。The PDC emulator must be running Windows Server 2012 to support cloning virtual domain controllers. 克隆 DC 存在附加先决条件。There are additional prerequisites for cloning DCs. 有关详细信息,请参阅 Active Directory 域服务 (AD DS) 虚拟化For more information, see Active Directory Domain Services (AD DS) Virtualization.
  • PDC 仿真器运行 Windows Server 2012 时,将创建新的安全主体。New security principals are created when the PDC emulator runs Windows Server 2012 .
  • RID 主体具有新 RID 颁发和监视功能。The RID Master has new RID issuance and monitoring functionality. 改进包括更好的事件日志记录、更合适的限制以及在紧急情况下将总体 RID 池分配增加 1 位的功能。The improvements include better event logging, more appropriate limits, and the ability to - in an emergency - increase the overall RID pool allocation by one bit. 有关详细信息,请参阅管理 RID 颁发For more information, see Managing RID Issuance.

备注

尽管它们不是操作主机角色,但 AD DS 安装中的另一项更改是:默认情况下,在运行 Windows Server 2012 的所有域控制器上安装 DNS 服务器角色和全局编录。Though they are not operations master roles, another change in AD DS installation is that DNS server role and the global catalog are installed by default on all domain controllers that run Windows Server 2012 .

虚拟化域控制器Virtualizing domain controllers

从 Windows Server 2012 开始 AD DS 改进使域控制器的虚拟化和克隆域控制器的能力更安全。Improvements in AD DS beginning in Windows Server 2012 enable safer virtualization of domain controllers and the ability to clone domain controllers. 而克隆域控制器又支持在新域中快速部署其他域控制器和其他好处。Cloning domain controllers in turn enables rapid deployment of additional domain controllers in a new domain and other benefits. 有关详细信息,请参阅 Active Directory 域服务 (的简介 AD DS) 虚拟化 (级别 100)For more information, see Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100).

管理 Windows Server 2012 服务器Administration of Windows Server 2012 servers

使用 适用于 windows 8 的远程服务器管理工具 来管理运行 windows Server 2012 的域控制器和其他服务器。Use the Remote Server Administration Tools for Windows 8 to manage domain controllers and other servers that run Windows Server 2012 . 可以在运行 Windows 8 的计算机上运行 Windows Server 2012 远程服务器管理工具。You can run the Windows Server 2012 Remote Server Administration Tools on a computer that runs Windows 8.

应用程序兼容性Application compatibility

下表包含了常见的集成 Active Directory 的 Microsoft 应用程序。The following table covers common Active Directory-integrated Microsoft applications. 下表列出了可安装应用程序的 Windows Server 版本以及引入 Windows Server 2012 DC 是否会影响应用程序的兼容性。The table covers what versions of Windows Server that the applications can be installed on and whether the introduction of Windows Server 2012 DCs affects application compatibility.

产品Product 说明Notes
Microsoft SharePoint 2010Microsoft SharePoint 2010 在 Windows Server 2012 服务器上安装和操作 SharePoint 2010 时,SharePoint 2010 Service Pack 2 is required to install and operate
要求提供 SharePoint 2010 Service Pack 2SharePoint 2010 on Windows Server 2012 Servers

在 Windows Server 2012 服务器上安装和操作 SharePoint 2010 Foundation 时,要求提供 SharePoint 2010 Foundation Service Pack 2SharePoint 2010 Foundation Service Pack 2 is required to install and operate SharePoint 2010 Foundation on Windows Server 2012 Servers

无法在 Windows Server 2012 上安装 SharePoint Server 2010(没有 Service Pack)The SharePoint Server 2010 (without service packs) installation process fails on Windows Server 2012

SharePoint Server 2010 必备安装程序 ( # A0) 失败,并出现错误 "此程序存在兼容性问题。"The SharePoint Server 2010 prerequisite installer (PrerequisiteInstaller.exe) fails with error "This program has compatibility issues." 单击 "运行程序而不获取帮助" 将显示错误 "验证是否可以安装 SharePoint Server 2010 (| 没有 service pack) 无法在 Windows Server 2012 上安装。"Clicking "Run the program without getting help" displays the error "Verifying if SharePoint can be installed | SharePoint Server 2010 (without service packs) cannot be installed on Windows Server 2012."

Microsoft SharePoint 2013Microsoft SharePoint 2013 针对服务器场中数据库服务器的最低要求:Minimum requirements for a database server in a farm

Windows Server 2008 R2 Service Pack 1 (SP1) Standard、Enterprise 或 Datacenter 的 64 位版本,或者 Windows Server 2012 Standard 或 Datacenter 的 64 位版本The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter

针对带有内置数据库的单个服务器的最低要求:Minimum requirements for a single server with built-in database:

Windows Server 2008 R2 Service Pack 1 (SP1) Standard、Enterprise 或 Datacenter 的 64 位版本,或者 Windows Server 2012 Standard 或 Datacenter 的 64 位版本The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter

针对服务器场中前端 Web 服务器和应用程序服务器的最低要求:Minimum requirements for front-end web servers and application servers in a farm:

Windows Server 2008 R2 Service Pack 1 (SP1) Standard、Enterprise 或 Datacenter 的 64 位版本,或者 Windows Server 2012 Standard 或 Datacenter 的 64 位版本。The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter.

Configuration Manager 2012Configuration Manager 2012 Configuration Manager 2012 Service Pack 1:Configuration Manager 2012 Service Pack 1:

随着 Service Pack 1 的发布,Microsoft 将会向我们的客户端支持矩阵添加下列操作系统:Microsoft will add the following operating systems to our client support matrix with the release of Service Pack 1:

-Windows 8 专业版- Windows 8 Pro
-Windows 8 企业版- Windows 8 Enterprise
-Windows Server 2012 标准版- Windows Server 2012 Standard
-Windows Server 2012 Datacenter- Windows Server 2012 Datacenter

可以将所有站点服务器角色 - 包括站点服务器、SMS 提供程序以及管理点 - 部署到具有下列操作系统版本的服务器中:All site server roles - including site servers, SMS providers, and management points - can be deployed to servers with the following operating system editions:

-Windows Server 2012 标准版- Windows Server 2012 Standard
-Windows Server 2012 Datacenter- Windows Server 2012 Datacenter

Microsoft 端点 Configuration Manager (当前分支) Microsoft Endpoint Configuration Manager (current branch) Configuration Manager 的站点系统服务器支持的操作系统Supported operating systems for Configuration Manager site system servers.
Microsoft Lync Server 2013Microsoft Lync Server 2013 Lync Server 2013 要求与 Windows Server 2008 R2 或 Windows Server 2012 一起使用。Lync Server 2013 requires with Windows Server 2008 R2 or Windows Server 2012. 它无法运行在服务器核心安装上。It cannot be run on a Server Core installation. 它可以运行在 虚拟服务器上。It can be run on virtual servers.
Lync Server 2010Lync Server 2010 如果安装了 Lync Server 2012 年 10 月的累计更新 ,则可以将 Lync Server 2010 安装到全新(并非升级)的 Windows Server 2012 安装中。Lync Server 2010 can be installed on a new (not upgraded) installation Windows Server 2012 if October 2012 cumulative updates for Lync Server are installed. 不支持针对现有的 Lync Server 2010 安装,将操作系统升级至 Windows Server 2012。Upgrading the operating system to Windows Server 2012 for an existing installation of Lync Server 2010 is not supported. 此外,Windows Server 2012 上也不支持 Microsoft Lync Server 2010 群聊服务器。Microsoft Lync Server 2010 Group Chat Server is also not supported on Windows Server 2012.
System Center 2012 Endpoint ProtectionSystem Center 2012 Endpoint Protection System Center 2012 Endpoint Protection Service Pack 1 将更新客户端支持矩阵以包含下列操作系统:System Center 2012 Endpoint Protection Service Pack 1 will update the client support matrix to include the following operating systems

-Windows 8 专业版- Windows 8 Pro
-Windows 8 企业版- Windows 8 Enterprise
-Windows Server 2012 标准版- Windows Server 2012 Standard
-Windows Server 2012 Datacenter- Windows Server 2012 Datacenter

System Center 2012 Forefront Endpoint ProtectionSystem Center 2012 Forefront Endpoint Protection FEP 2010 更新汇总 1 将更新客户端支持矩阵以包括下列操作系统:FEP 2010 with Update Rollup 1 will update the client support matrix to include the following operating systems:

-Windows 8 专业版- Windows 8 Pro
-Windows 8 企业版- Windows 8 Enterprise
-Windows Server 2012 标准版- Windows Server 2012 Standard
-Windows Server 2012 Datacenter- Windows Server 2012 Datacenter

Forefront Threat Management Gateway (TMG)Forefront Threat Management Gateway (TMG) 只支持 TMG 在 Windows Server 2008 和 Windows Server 2008 R2 上运行。TMG is supported to run only on Windows Server 2008 and Windows Server 2008 R2. 有关详细信息,请参阅 Forefront TMG 系统要求For more information, see System requirements for Forefront TMG.
Windows Server 更新服务Windows Server Update Services 此版本的 WSUS 已经支持基于 Windows 8 的计算机或支持基于 Windows Server 2012 的计算机作为客户端。This release of WSUS already supports Windows 8-based computers or Windows Server 2012-based computers as clients.
Windows Server Update Services 3.0Windows Server Update Services 3.0 更新知识库文章 2734608 允许运行 WINDOWS SERVER UPDATE SERVICES (WSUS) 3.0 SP2 的服务器为运行 Windows 8 或 Windows Server 2012 的计算机提供更新: 注意: 具有独立 wsus 3.0 SP2 环境的客户或 Configuration Manager 2007 Service Pack 2 环境(含 WSUS 3.0 SP2)需要 2734608 来正确地将基于 Windows 8 的计算机或基于 windows Server 2012 的计算机作为客户端进行管理。Update KB article 2734608 lets servers that are running Windows Server Update Services (WSUS) 3.0 SP2 provide updates to computers that are running Windows 8 or Windows Server 2012: Note: Customers with standalone WSUS 3.0 SP2 environments or Configuration Manager 2007 Service Pack 2 environments with WSUS 3.0 SP2 require 2734608 to properly manage Windows 8-based computers or Windows Server 2012-based computers as clients.
Exchange 2013Exchange 2013 下列服务器角色支持 Windows Server 2012 Standard 和 Datacenter:架构主机、全局编录服务器、域控制器、邮箱和客户端访问服务器角色Windows Server 2012 Standard and Datacenter are supported for the following roles: schema master, global catalog server, domain controller, mailbox and client access server role

林功能级别:Windows Server 2003 或更高版本Forest Functional Level: Windows Server 2003 or higher

源:Exchange 2013 系统要求Source: Exchange 2013 System Requirements

Exchange 2010Exchange 2010 源:Exchange 2010 Service Pack 3Source: Exchange 2010 Service Pack 3

可以在 Windows Server 2012 成员服务器上安装带有 Service Pack 3 的 Exchange 2010。Exchange 2010 with Service Pack 3 can be installed on Windows Server 2012 member servers.

对于 Windows Server 2008 R2,Exchange 2010 系统要求 列出了最新支持的架构主机、全局编录服务器和域控制器。Exchange 2010 System Requirements lists the latest supported schema master, global catalog and domain controller as Windows Server 2008 R2.

林功能级别:Windows Server 2003 或更高版本Forest Functional Level: Windows Server 2003 or higher

SQL Server 2012SQL Server 2012 源:KB 2681562Source: KB 2681562

Windows Server 2012 上支持 SQL Server 2012 RTM。SQL Server 2012 RTM is supported on Windows Server 2012.

SQL Server 2008 R2SQL Server 2008 R2 源:KB 2681562Source: KB 2681562

要求在 Windows Server 2012 上安装带有 Service Pack 1 的 SQL Server 2008 R2 或更高版本。Requires SQL Server 2008 R2 with Service Pack 1 or later to install on Windows Server 2012.

SQL Server 2008SQL Server 2008 源:KB 2681562Source: KB 2681562

要求在 Windows Server 2012 上安装带有 Service Pack 3 的 SQL Server 2008 或更高版本。Requires SQL Server 2008 with Service Pack 3 or later to install on Windows Server 2012.

SQL Server 2005SQL Server 2005 源:KB 2681562Source: KB 2681562

不支持在 Windows Server 2012 上进行安装。Not supported to install on Windows Server 2012.

已知问题Known issues

下表列出了与 AD DS 安装有关的已知问题。The following table lists known issues related to AD DS installation.

知识库文章编号及标题KB article number and title 影响的技术区域Technology area impacted 问题/描述Issue/description
2830145:在域环境中,SID S-1-18-1 和 SID S-1-18-2 无法映射到基于 Windows 7 或 Windows Server 2008 R2 的计算机上2830145: SID S-1-18-1 and SID S-1-18-2 can't be mapped on Windows 7 or Windows Server 2008 R2-based computers in a domain environment AD DS 管理/应用兼容AD DS Management/App compat 映射 SID S-1-18-1 和 SID S-1-18-2 的应用程序(Windows Server 2012 中的新增应用程序)可能失败,因为 SID 无法在基于 Windows 7 或基于 Windows Server 2008 R2 的计算机上解析。Applications that map SID S-1-18-1 and SID S-1-18-2, which are new in Windows Server 2012, may fail because the SIDs cannot be resolved on Windows 7-based or Windows Server 2008 R2-based computers. 若要解决此问题,请在域中基于 Windows 7 和 Windows Server 2008 R2 的计算机上安装修补程序。To resolve this issue, install the hotfix on the Windows 7-based and Windows Server 2008 R2-based computers in the domain.
2737129:当你为 Windows Server 2012 自动准备现有域时,不执行组策略准备2737129: Group Policy preparation is not performed when you automatically prepare an existing domain for Windows Server 2012 AD DS 安装AD DS Installation 作为在域中安装第一个运行 Windows Server 2012 的 DC 的一部分,Adprep /domainprep /gpprep 不会自动运行。Adprep /domainprep /gpprep is not automatically run as part of installing the first DC that runs Windows Server 2012 in a domain. 如果以前从未在域中运行它,则必须对它进行手动运行。If it has never been run previously in the domain, it must be run manually.
2737416:基于 Windows PowerShell 的域控制器部署将重复警告2737416: Windows PowerShell-based domain controller deployment repeats warnings AD DS 安装AD DS Installation 警告不仅会在先决条件验证期间出现,而且还会在安装期间重复出现。Warnings can appear during prerequisite validation and then reappear during the installation.
2737424:当你尝试从域控制器删除 Active Directory 域服务时,出现“指定域名的格式无效”错误2737424: "Format of the specified domain name is invalid" error when you try to remove Active Directory Domain Services from a domain controller AD DS 安装AD DS Installation 当域中仍存在预创建的 RODC 帐户时,如果删除域中最后一个 DC,则会显示此错误。This error appears if you are removing the last DC in a domain where pre-created RODC accounts still exist. 这会影响 Windows Server 2012、 Windows Server 2008 R2 和 Windows Server 2008。This affects Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008.
2737463:域控制器不启动、发生 c00002e2 错误或显示“选择一个选项”2737463: Domain controller does not start, c00002e2 error occurs, or "Choose an option" is displayed AD DS 安装AD DS Installation 没有启动 DC 是因为管理员使用了 Dism.exe、Pkgmgr.exe 或 Ocsetup.exe 来删除 DirectoryServices-DomainController 角色。A DC does not start because an administrator used Dism.exe, Pkgmgr.exe, or Ocsetup.exe to remove the DirectoryServices-DomainController role.
2737516:Windows Server 2012 服务器管理器中的 IFM 验证限制2737516: IFM verification limitations in Windows Server 2012 Server Manager AD DS 安装AD DS Installation 如知识库文章中所述,IFM 验证可能存在限制。IFM verification can have limitations as explained in the KB article.
2737535:Install-addsdomaincontroller cmdlet 返回 RODC 的参数集错误2737535: Install-AddsDomainController cmdlet returns parameter set error for RODC AD DS 安装AD DS Installation 当你尝试将服务器与 RODC 帐户关联时,如果指定的实际参数已经填充到预创建的 RODC 帐户中,则会收到一个错误消息。You can receive an error when you try to attach a server to an RODC account if you specify arguments that are already populated on the pre-created RODC account.
2737560:“无法执行 Exchange 架构冲突检查”错误,而且先决条件检查失败2737560: "Unable to perform Exchange schema conflict check" error, and prerequisites check fails AD DS 安装AD DS Installation 当你在现有域中配置第一个 Windows Server 2012 DC 时,先决条件检查失败。这是因为 DC 缺少网络服务的 SeServiceLogonRight,或者是因为 WMI 或 DCOM 协议被阻止。Prerequisite check fails when you configure the first Windows Server 2012 DC in an existing domain because DCs are missing the SeServiceLogonRight for Network Service or because WMI or DCOM protocols are blocked.
2737797:带有 -Whatif 参数的 AddsDeployment 模块显示不正确的 DNS 结果2737797: AddsDeployment module with the -Whatif argument shows incorrect DNS results AD DS 安装AD DS Installation -WhatIf 参数显示将不安装 DNS 服务器,但该服务器为。The -WhatIf parameter shows DNS server will not be installed but it will be.
2737807:“域控制器选项”页上不提供“下一步”按钮2737807: The Next button is not available on the Domain Controller Options page AD DS 安装AD DS Installation “域控制器选项”页面上的“下一步”按钮被禁用是因为目标 DC 的 IP 地址没有映射到现有子网或站点,或者是因为没有正确键入或确认 DSRM 密码。The Next button is disabled on the Domain Controller Options page because the IP address of the target DC does not map to an existing subnet or site, or because the DSRM password is not typed and confirmed correctly.
2737935:Active Directory 安装停留在“正在创建 NTDS 设置对象”阶段2737935: Active Directory installation stalls at the "Creating the NTDS settings object" stage AD DS 安装AD DS Installation 安装挂起是因为本地管理员密码匹配域管理员密码,或者是因为网络问题阻止完成关键复制。The installation hangs because the local Administrator password matches the domain Administrator password, or because networking problems prevent critical replication from completing.
2738060:当你使用 Install-AddsDomain 远程创建子域时,显示“访问被拒绝”错误消息2738060: "Access is denied" error message when you create a child domain remotely by using Install-AddsDomain AD DS 安装AD DS Installation 使用 Invoke-Command cmdlet 运行 Install-ADDSDomain 时,如果 DNSDelegationCredential 有一个错误的密码,则会收到此错误。You receive the error when you run Install-ADDSDomain with the Invoke-Command cmdlet if the DNSDelegationCredential has a bad password.
2738697:通过服务器管理器配置服务器时,出现“服务器不可操作”域控制器配置错误2738697: "The server is not operational" domain controller configuration error when you configure a server by using Server Manager AD DS 安装AD DS Installation 尝试在工作组计算机上安装 AD DS 时会收到此错误,因为 NTLM 身份验证被禁用。You receive this error when you try to install AD DS on a workgroup computer because NTLM authentication is disabled.
2738746:登录到本地管理员域帐户后,收到访问被拒绝错误2738746: You receive access denied errors after you log on to a local administrator domain account AD DS 安装AD DS Installation 如果你使用本地管理员帐户而不是内置的管理员帐户登录,然后创建新域,则该帐户将不会添加到 Domain Admins 组中。When you log on using a local Administrator account rather than the built-in Administrator account and then create a new domain, the account is not added to the Domain Admins group.
2743345:“系统找不到指定的文件”Adprep /gpprep 错误或工具故障2743345: "The system cannot find the file specified" Adprep /gpprep error, or tool crashes AD DS 安装AD DS Installation 运行 adprep /gpprep 时会收到此错误,因为结构主机正在实现一个非连续命名空间You receive this error when you run adprep /gpprep because the infrastructure master is implements a disjoint namespace
2743367:在 64 位版本的 Windows Server 2003 上出现 Adprep“不是有效的 Win32 应用程序”错误2743367: Adprep "not a valid Win32 application" error on Windows Server 2003, 64-bit version AD DS 安装AD DS Installation 收到此错误是因为 Windows Server 2012 Adprep 无法在 Windows Server 2003 上运行。You receive this error because Windows Server 2012 Adprep cannot be run on Windows Server 2003.
2753560:在 Windows Server 2012 上出现 ADMT 3.2 和 PES 3.1 安装错误2753560: ADMT 3.2 and PES 3.1 installation errors on Windows Server 2012 ADMTADMT 根据设计,无法在 Windows Server 2012 上安装 ADMT 3.2。ADMT 3.2 cannot be installed on Windows Server 2012 by design.
2750857:DFS 复制诊断报告不能在 Internet Explorer 10 中正确显示2750857: DFS Replication diagnostic reports do not display correctly in Internet Explorer 10 DFS 复制DFS Replication 由于 Internet Explorer 10 中的变化,无法正确显示 DFS 复制诊断报告。DFS Replication diagnostic report does not display correctly because of changes in Internet Explorer 10.
2741537:用户可以看到远程组策略更新2741537: Remote Group Policy updates are visible to users 组策略Group Policy 这是因为计划任务运行在每个登录用户的上下文中。This is due to scheduled tasks run in the context of each user who is logged on. Windows 任务计划程序设计要求在此方案中出现一个交互式提示。The Windows Task Scheduler design requires an interactive prompt in this scenario.
2741591:在 GPMC 基础结构状态选项的 SYSVOL 中未显示 ADM 文件2741591: ADM files are not present in SYSVOL in the GPMC Infrastructure Status option 组策略Group Policy 因为 GPMC 基础结构状态未遵循自定义的筛选规则,GP 复制可以报告 "正在进行复制"。GP replication can report "replication in progress" because GPMC Infrastructure Status does not follow customized filtering rules.
2737880:配置 AD DS 期间出现“无法启动服务”错误2737880: "The service cannot be started" error during AD DS configuration 虚拟 DC 克隆Virtual DC cloning 当安装或删除 AD DS,或者克隆 AD DS 时,会收到此错误,因为 DS 角色服务器服务已被禁用。You receive this error while installing or removing AD DS, or cloning, because the DS Role Server service is disabled.
2742836:使用 VDC 克隆功能时,为每个域控制器创建了两个 DHCP 租约2742836: Two DHCP leases are created for each domain controller when you use the VDC cloning feature 虚拟 DC 克隆Virtual DC cloning 出现这种情况是因为在克隆之前,克隆的域控制器收到一个租约,而且在克隆结束时,又收到了一个租约。This happens because the cloned domain controller received a lease before cloning and again when cloning was complete.
2742844:域控制器克隆失败,服务器在 Windows Server 2012 中以 DSRM 模式重新启动2742844: Domain controller cloning fails and the server restarts in DSRM in Windows Server 2012 虚拟 DC 克隆Virtual DC cloning 由于克隆因知识库文章中所列的任意原因而失败,所以克隆的 DC 以 DSRM 模式启动。The cloned DC starts in DSRM because cloning failed for any of a variety of reasons listed in the KB article.
2742874:域控制器克隆不会重新创建所有服务主体名称2742874: Domain controller cloning does not re-create all service principal names 虚拟 DC 克隆Virtual DC cloning 因为域重命名过程中的限制,克隆后的 DC 上没有重新创建某些由三部分构成的 SPN。Some three-part SPNs are not recreated on the cloned DC because of a limitation of the domain rename process.
2742908:克隆域控制器后出现“无可用登录服务”错误2742908: "No logon servers are available" error after cloning domain controller 虚拟 DC 克隆Virtual DC cloning 当你在克隆虚拟化的 DC 后尝试登录时,会收到此错误,这是因为克隆失败并且 DC 是以 DSRM 模式启动的。You receive this error when you try to log on after cloning a virtualized DC because cloning failed and the DC is started in DSRM. 以管理员身份登录时可以解决此克隆故障。Log on as .\administrator to troubleshoot the cloning failure.
2742916:域控制器克隆失败,dcpromo.log 中出现错误 86102742916: Domain controller cloning fails with error 8610 in dcpromo.log 虚拟 DC 克隆Virtual DC cloning 克隆失败,因为 PDC 仿真器未曾执行域分区的入站复制,这可能是由于角色传送造成的。Cloning fails because the PDC emulator has not performed inbound replication of the domain partition, likely because the role was transferred.
2742927:“索引超出范围”New-AdDcCloneConfig 错误2742927: "Index was out of range" New-AdDcCloneConfig error 虚拟 DC 克隆Virtual DC cloning 在克隆虚拟 DC 期间,当运行 New-ADDCCloneConfigFile cmdlet 后会收到此错误,这可能是因为没有从提升的命令提示符中运行该 cmdlet,或者是因为你的访问令牌不包含管理员组。You receive the error after you run New-ADDCCloneConfigFile cmdlet while cloning virtual DCs, either because the cmdlet was not run from an elevated command prompt or because your access token does not contain the Administrators group.
2742959:域控制器克隆失败,出现错误 8437:“为这个复制操作指定了一个无效的参数”2742959: Domain controller cloning fails with error 8437: "invalid parameter was specified for this replication operation" 虚拟 DC 克隆Virtual DC cloning 克隆失败,因为指定了无效的克隆名称或重复的 NetBIOS 名称。Cloning failed because an invalid clone name or a duplicate NetBIOS name was specified.
2742970:DC 克隆失败,没有 DSRM、重复的源和克隆计算机2742970: DC Cloning fails with no DSRM, duplicate source and clone computer 虚拟 DC 克隆Virtual DC cloning 克隆后的虚拟 DC 使用重复名称作为源 DC,以目录服务修复模式 (DSRM) 启动,这是因为没有在正确的位置创建 DCCloneConfig.xml 文件,或者因为源 DC 在克隆前已经重新启动。The cloned virtual DC boots in Directory Services Repair Mode (DSRM), using a duplicate name as the source DC because the DCCloneConfig.xml file was not created in the correct location or because the source DC was rebooted before cloning.
2743278:域控制器克隆错误 0x800410052743278: Domain controller cloning error 0x80041005 虚拟 DC 克隆Virtual DC cloning 克隆后的 DC 以 DSRM 模式启动,因为仅指定了一个 WINS 服务器。The cloned DC boots into DSRM because only one WINS server was specified. 如果指定了任意的 WINS 服务器,则必须同时指定首选的和备用的 WINS 服务器。If any WINS server is specified, both Preferred and Alternate WINS servers must be specified.
2745013:如果在 Windows Server 2012 中运行 New-AdDcCloneConfigFile,则会出现“该服务器不可操作”的错误消息2745013: "Server is not operational" error message if you run New-AdDcCloneConfigFile in Windows Server 2012 虚拟 DC 克隆Virtual DC cloning 在运行 New-ADDCCloneConfigFile cmdlet 后会收到此错误,这是因为服务器无法联系全局编录服务器。You receive this error after you run the New-ADDCCloneConfigFile cmdlet because the server cannot contact a global catalog server.
2747974:域控制器克隆事件 2224 提供了不正确的指导2747974: Domain controller cloning event 2224 provides incorrect guidance 虚拟 DC 克隆Virtual DC cloning 事件 ID 2224 错误地指出在克隆之前必须删除托管服务帐户。Event ID 2224 incorrectly states that managed service accounts must be removed before cloning. 必须删除独立的 MSA,然而组 MSA 并不阻止克隆。Standalone MSAs must be removed but Group MSAs do not block cloning.
2748266:在升级到 Windows 8 后,无法解锁 BitLocker 加密的驱动器2748266: You cannot unlock a BitLocker-encrypted drive after you upgrade to Windows 8 BitLockerBitLocker 当你尝试解锁从 Windows 7 升级的计算机上的驱动器时,会收到 "找不到应用程序" 错误。You receive an "Application not found" error when you try to unlock a drive on a computer that was upgraded from Windows 7.

另请参阅See Also

Windows Server 2012 评估资源 Windows Server 2012 评估指南 安装和部署 Windows Server 2012Windows Server 2012 Evaluation Resources Windows Server 2012 Evaluation Guide Install and Deploy Windows Server 2012