AD 林恢复-提高可用 RID 池的值AD Forest Recovery - Raising the value of available RID pools

适用于: Windows Server 2016、Windows Server 2012 和 2012 R2、Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

使用以下过程来引发 RID 操作主机在该 DC 还原后分配的相对 ID (RID) 池的值。Use the following procedure to raise the value of the relative ID (RID) pools that the RID operations master will allocate after that DC is restored. 通过提高可用 RID 池的值,你可以确保没有 DC 为在用于还原域的备份之后创建的安全主体分配 RID。By raising the value of the available RID pools, you can ensure that no DC allocates a RID for a security principal that was created after the backup that was used to restore the domain.

关于 Active Directory RID 池和 rIDAvailablePoolAbout Active Directory RID Pools and rIDAvailablePool

每个域都有一个对象 CN = RID Manager $,CN = System,DC =< domain_name >。Each domain has an object CN=RID Manager$,CN=System,DC=<domain_name >. 此对象具有名为 rIDAvailablePool 的属性。This object has an attribute named rIDAvailablePool . 此属性值维护整个域的全局 RID 空间。This attribute value maintains the global RID space for an entire domain. 该值是一个大整数,其中包含上半部分和下半部分。The value is a large integer with upper and lower parts. 上半部分定义了可以为每个域 (0x3FFFFFFF 分配的安全主体数,或仅限 1000000000) 。The upper part defines the number of security principals that can be allocated for each domain (0x3FFFFFFF or just over 1 billion). 下半部分是已在域中分配的 Rid 的数目。The lower part is the number of RIDs that have been allocated in the domain.

备注

在 Windows Server 2016 和2012中,可分配的安全主体数量将增加到超过2000000000。In Windows Server 2016 and 2012, the number of security principals that can be allocated is increased to just over 2 billion. 有关详细信息,请参阅 管理 RID 颁发For more information, see Managing RID issuance.

  • 示例值:4611686014132422708Sample Value: 4611686014132422708
  • 低部分: 2100 (要分配的下一个 RID 池的开始) Low Part: 2100 (beginning of the next RID pool to be allocated)
  • 上半部分: 1073741823 (可在域中创建的 Rid 总数) Upper Part: 1073741823 (total number of RIDs that can be created in a domain)

增大大整数的值时,会增加低部分的值。When you increase the value of the large integer, you increase the value of the low part. 例如,如果将100000的样本4611686014132422708值添加到4611686014132522708的总和,则新的低部分为102100。For example, if you add 100,000 to the sample value of 4611686014132422708 for a sum of 4611686014132522708, the new low part is 102100. 这表示 RID 主机将分配的下一个 RID 池的开头为102100,而不是2100。This indicates that the next RID pool that will be allocated by the RID master will begin with 102100 instead of 2100.

使用 adsiedit 和计算器提高可用 RID 池的值To raise the value of available RID pools using adsiedit and the calculator

  1. 打开服务器管理器,单击 " 工具 ",然后单击 " ADSI 编辑器 "。Open Server Manager, click Tools and click ADSI Edit .
  2. 右键单击,选择 " 连接到 ",然后单击 "确定"Right-click, select Connect to and connect do the Default Naming Context and click OK . ADSI 编辑器ADSI Edit
  3. 浏览到以下可分辨名称路径: cn = RID Manager $,cn = System,DC = Browse to the following distinguished name path: CN=RID Manager$,CN=System,DC= . ADSI 编辑器ADSI Edit
  4. 右键单击并选择 "CN = RID Manager $" 的属性。Right-click and select the properties of CN=RID Manager$.
  5. 选择属性 rIDAvailablePool ,单击 " 编辑 ",然后将大整数值复制到剪贴板。Select the attribute rIDAvailablePool , click Edit , and then copy the large integer value to the clipboard. ADSI 编辑器ADSI Edit
  6. 启动计算器,然后在 " 视图 " 菜单中选择 " 科学模式 "。Start calculator, and from the View menu, select Scientific Mode .
  7. 将100000添加到当前值。Add 100,000 to the current value. ADSI 编辑器ADSI Edit
  8. 使用 ctrl + c 或 " 编辑 " 菜单中的 " 复制 " 命令,将值复制到剪贴板。Using ctrl-c, or the Copy command from the Edit menu, copy the value to the clipboard.
  9. 在 adsiedit 的 "编辑" 对话框中,粘贴此新值。In the edit dialog of adsiedit, paste this new value. ADSI 编辑器ADSI Edit
  10. 单击对话框中的 "确定" ,并在属性表中 应用 以更新 rIDAvailablePool 属性。Click OK in the dialog, and Apply in the property sheet to update the rIDAvailablePool attribute.

使用 LDP 提高可用 RID 池的值To raise the value of available RID pools using LDP

  1. 在命令提示符下,键入以下命令,然后按 ENTER: ldpAt the command prompt, type the following command, and then press ENTER: ldp
  2. 单击 " 连接 ",单击 " 连接 ",键入 RID 管理器的名称,然后单击 "确定"Click Connection , click Connect , type the name of RID manager, and then click OK . LDPLDP
  3. 依次单击 " 连接 "、" 绑定 "、" 绑定 " 和 "凭据",然后单击 "确定"Click Connection , click Bind , select Bind with credentials and type your administrative credentials, and then click OK . LDPLDP
  4. 单击 " 查看 ",单击 " ",然后键入以下可分辨名称路径: cn = RID Manager $,cn = System,DC = 域名 LDPClick View , click Tree and then type the following distinguished name path: CN=RID Manager$,CN=System,DC= domain name LDP
  5. 单击 " 浏览 ",然后单击 " 修改 "。Click Browse , and then click Modify .
  6. 将100000添加到当前的 rIDAvailablePool 值,然后将 Sum 键入 Add 100,000 to the current rIDAvailablePool value, and then type the sum into Values .
  7. 在 " Dn " 中,键入 cn=RID Manager$,cn=System,dc= ><域名In Dn , type cn=RID Manager$,cn=System,dc=<domain name> .
  8. 在 " 编辑项属性 " 中,键入 rIDAvailablePoolIn Edit Entry Attribute , type rIDAvailablePool.
  9. 选择 " 替换 为操作",然后单击 " Enter "。Select Replace as the operation, and then click Enter . LDPLDP
  10. 单击 " 运行 " 以运行该操作。Click Run to run the operation. 单击“关闭”。Click Close .
  11. 若要验证更改,请单击 " 查看 ",单击 " ",然后键入以下可分辨名称路径: cn = RID Manager $,CN = System,DC = 域名To validate the change, click View , click Tree , and then type the following distinguished name path: CN=RID Manager$,CN=System,DC= domain name . 检查 rIDAvailablePool 属性。Check the rIDAvailablePool attribute. LDPLDP

后续步骤Next Steps