AD 林恢复-用于还原林的步骤AD Forest Recovery - Steps for Restoring the forest

适用于: Windows Server 2016、Windows Server 2012 和 2012 R2、Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

本部分概述了用于恢复林的推荐路径。This section provides an overview of the recommended path for recovering a forest. 稍后将详细介绍林恢复步骤。The forest recovery steps are described in detail later.

以下列表汇总了高级别的恢复步骤:The following list summarizes the recovery steps at a high level:

  1. 识别问题Identify the problem

    使用它和 Microsoft 支持部门来确定问题的范围和可能的原因,并评估所有业务利益干系人可能的补救措施。Work with IT and Microsoft Support to determine the scope of the problem and potential causes, and evaluate possible remedies with all business stakeholders. 在许多情况下,林完全恢复总计应为最后一个选项。In many cases total forest recovery should be the last option.

  2. 决定如何恢复林Decide how to recover the forest

    确定林恢复是必需的后,请完成准备工作的预备步骤:确定当前林结构,确定每个 DC 执行的功能,确定要为每个域还原哪个 DC,并确保所有可写 Dc 都处于脱机状态。After you determine that forest recovery is necessary, complete preliminary steps to prepare for it: determine the current forest structure, identify the functions that each DC performs, decide which DC to restore for each domain, and ensure that all writeable DCs are taken offline.

  3. 执行初始恢复Perform initial recovery

    隔离时,为每个域恢复一个 DC,对其进行清理,然后重新连接到域。In isolation, recover one DC for each domain, clean them, and reconnect the domains. 重置特权帐户,并纠正此阶段的安全漏洞导致的问题。Reset privileged accounts, and rectify problems caused by security breaches in this phase.

  4. 重新部署剩余 DcRedeploy remaining DCs

    重新部署林,使其返回到失败之前的状态。Redeploy the forest to return it to its state before the failure. 需要根据具体的设计和要求调整此步骤。This step will need to be adapted to your specific design and requirements. 虚拟化域控制器克隆有助于加速此过程。Virtualized domain controller cloning can help expedite this process.

  5. 清理Cleanup

    还原功能后,根据需要重新配置名称解析,并使 LOB 应用程序正常工作。After functionality has been restored, reconfigure name resolution as needed, and get LOB applications working.

本指南中的步骤旨在最大程度地减少将危险数据重新引入到已恢复的林中。The steps in this guide are designed to minimize the possibility of reintroducing dangerous data into the recovered forest. 可能需要修改这些步骤,以考虑以下因素:You might have to modify these steps to account for such factors as:

  • 可伸缩性Scalability
  • 远程管理Remote manageability
  • 恢复速度Speed of recovery