AD 林恢复-添加 GCAD Forest Recovery - Adding the GC

适用于: Windows Server 2016、Windows Server 2012 和 2012 R2、Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

使用以下过程将全局编录添加到 DC。Use the following procedure to add the global catalog to a DC.

添加全局编录To add the global catalog

  1. 单击 " 开始 ",指向 " 所有程序 ",指向 " 管理工具 ",然后单击 " Active Directory 站点和服务 "。Click Start , point to All Programs , point to Administrative Tools , and then click Active Directory Sites and Services .
  2. 在控制台树中,展开 " 站点 " 容器,然后选择包含目标服务器的相应站点。In the console tree, expand the Sites container, and then select the appropriate site that contains the target server.
  3. 展开 " 服务器 " 容器,然后展开要向其添加全局编录的 DC 的服务器对象。Expand the Servers container, and then expand the server object for the DC to which you want to add the global catalog.
  4. 右键单击 " NTDS 设置 ",然后单击 " 属性 "。Right-click NTDS Settings , and then click Properties .
  5. 选中 " 全局编录 " 复选框。Select the Global Catalog check box. 添加 GCAdd GC

使用 Repadmin 添加全局编录To add the global catalog using Repadmin

  • 打开提升的命令提示符,键入以下命令,然后按 ENTER:Open an elevated command prompt, type the following command, and press ENTER:

    repadmin.exe /options DC_NAME +IS_GC

以下是加快将全局编录添加到根域中 DC 的过程的方法:The following are ways to speed up the process of adding the global catalog to the DC in the root domain:

  • 理想情况下,根域中的 DC 应为非根域中已还原 Dc 的复制伙伴。Ideally, the DC in the root domain should be a replication partner of the restored DCs in the non-root domains. 如果是这样,请确认知识一致性检查器 (KCC) 为源 DC 和根 DC 中的分区创建了相应的 repsFrom 对象。If so, confirm that the Knowledge Consistency Checker (KCC) has created the corresponding repsFrom object for the source DC and partition in the root DC. 可以通过运行 repadmin/showreps/v 命令来确认这一点。You can confirm this by running the repadmin /showreps /v command.

  • 如果未创建任何 repsFrom 对象,则为配置分区创建此对象。If there is no repsFrom object created, create this object for the configuration partition. 这样一来,根域中的 DC 可以确定已删除非根域中的 dc。This way, the DC in the root domain can determine which DCs in the non-root domain have been deleted. 可以通过以下命令执行此操作:You can do this with the following commands:

    repadmin /add ConfigurationNamingContext DestinationDomainController SourceDomainControllerCNAME
    repadmin /options DSA -Disable_NTDSCONN_XLATE

    SourceDomainControllerCNAME 的格式为:The format for the SourceDomainControllerCNAME is:

    sourceDCGuid._msdcs.root domain

    例如, 域的配置分区的 repadmin/add 命令可能是:For example, the repadmin /add command for the configuration partition of the domain could be:

    repadmin /add cn=configuration,DC=contoso,DC=com DC01
  • 如果 repsFrom 对象存在,请尝试将根域中的 dc 与非根域中的 dc 同步,如下所示:If the repsFrom object is present, try to sync the DC in the root domain with the DC in the non-root domain as follows:

    Repadmin /sync DomainNamingContext DestinationDomainController SourceDomainControllerGUID

    其中, DestinationDomainController 是根域中的 Dc, SourceDomainController 是非根域中的还原 dc。Where DestinationDomainController is the DC in the root domain and SourceDomainController is the restored DC in the non-root domain.

  • 根域 DNS 服务器应该具有源 DC 的别名 (CNAME) 资源记录。The root domain DNS server should have the alias (CNAME) resource records for the source DC. 请确保父 DNS 区域包含 (名称服务器的委派资源记录 (NS) ,并 (主机) 资源记录) 从子区域中的备份 (还原的 Dc。Ensure that the parent DNS zone contains delegation resource records (name server (NS) and host (A) resource records) for the correct DCs (the DCs that have been restored from backup) in the child zone.

  • 请确保根域中的 DC 正在联系正确的密钥发行中心 (KDC) 在非根域中。Make sure that the DC in the root domain is contacting the correct Key Distribution Center (KDC) in the non-root domain. 若要对此进行测试,请在命令提示符下键入以下命令,然后按 ENTER:To test this, at the command prompt, type the following command, and then press ENTER:

    nltest /dsgetdc:nonroot domain name /KDC /Force

后续步骤Next Steps