识别问题Identify the problem

适用于: Windows Server 2016、Windows Server 2012 和 2012 R2、Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

当出现林范围的故障时,例如在事件日志或其他监视解决方案中时,请使用 Microsoft 支持部门来确定失败的原因,并评估任何可能的补救措施。When symptoms of a forest-wide failure appear, such as in event logs or other monitoring solutions, work with Microsoft Support to determine the cause of the failure, and evaluate any possible remedies.

林范围的故障的示例Examples of forest-wide failures

  • 所有 Dc 都已逻辑损坏或物理损坏,无法实现业务连续性;例如,依赖于 AD DS 的所有业务应用程序都不能正常工作。All DCs have been logically corrupted or physically damaged to a point that business continuity is impossible; for example, all business applications that depend on AD DS are nonfunctional.

  • 恶意管理员已损坏 Active Directory 环境。A rogue administrator has compromised the Active Directory environment.

  • 攻击者有意或管理员意外地运行了跨林传播数据损坏的脚本。An attacker intentionally—or an administrator accidentally—runs a script that spreads data corruption across the forest.

  • 攻击者有意或管理员意外地扩展了 Active Directory 架构,并发生了恶意或发生冲突的更改。An attacker intentionally—or an administrator accidentally—extends the Active Directory schema with malicious or conflicting changes.

  • 攻击者已设法在 Dc 上安装恶意软件,并已 Microsoft 支持部门从备份中恢复林。An attacker has managed to install malicious software on DCs, and you have been advised by Microsoft Support to recover the forest from backup.

    重要

    本文不介绍有关如何恢复受到黑客攻击的林的安全建议。This paper does not cover security recommendations about how to recover a forest that has been hacked or compromised. 通常,建议遵循传递哈希缓解技术来强化环境。In general, it is recommended to follow Pass-the-Hash mitigation techniques to harden the environment. 有关详细信息,请参阅 缓解哈希传递 (PtH) 攻击和其他凭据盗窃技术For more information, see Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques.

  • 不能将任何 Dc 与其复制伙伴进行复制。None of the DCs can replicate with their replication partners.

  • 不能对任何域控制器 AD DS 更改。Changes cannot be made to AD DS at any domain controller.

  • 新 Dc 不能安装在任何域中。New DCs cannot be installed in any domain.

后续步骤Next Steps