将 AD RMS 升级到 Windows Server 2016Upgrading AD RMS to Windows Server 2016

简介Introduction

Active Directory Rights Management Services (AD RMS) 是一种保护敏感文档和电子邮件的 Microsoft 服务。Active Directory Rights Management Services (AD RMS) is a Microsoft service that protects sensitive documents and emails. 与传统的保护方法(如防火墙和 Acl)不同的是,无论文件的位置或传输方式如何,AD RMS 加密和保护都是永久性的。Unlike traditional protection methods, such as firewalls and ACLs, AD RMS encryption and protection are persistent no matter where a file goes or how it is transported.

本文档提供有关从 Windows Server 2012 2012 SQL Server R2 迁移到 Windows Server 2016 和 SQL Server 2016 的指南。This document provides guidance for migrating from Windows Server 2012 R2 with SQL Server 2012 to Windows Server 2016 and SQL Server 2016. 同一过程可用于从 AD RMS 的旧但受支持的版本中迁移。The same process can be used to migrate from older but supported versions of AD RMS. 请注意,Active Directory Rights Management Services 不再处于活动状态,并且对于最新功能,客户应考虑迁移到Azure 信息保护,这提供了更全面的功能,同时提供了更完整的设备和应用程序支持。Please note that Active Directory Rights Management Services is no longer in active development, and for the latest capabilities customers should consider migrating to Azure Information Protection, which offers a much more comprehensive set of features with more complete device and application support.

有关从 AD RMS 迁移到 Azure 信息保护的信息,而无需重新保护内容,请参阅Azure 信息保护迁移文档For information on migrating to Azure Information Protection from AD RMS without having to re-protect your content see the Azure Information Protection migration documentation.

关于本指南中使用的环境About the environment used in this guide

AD FS 是 AD RMS 安装的可选组件。AD FS is an optional component of an AD RMS installation. 在本指南中,假定使用 ADFS。In this guide, the use of ADFS is assumed. 如果在你的环境中没有使用 ADFS 支持 AD RMS 用户,则可以跳过引用 ADFS 的所有步骤。If ADFS hasn't been used in your environment for supporting AD RMS users, you can skip all steps that refer to ADFS.

在本指南中,通过执行并行安装并通过备份移动数据库,将 SQL Server 升级到 SQL Server 2016。In this guide, SQL Server is upgraded to SQL Server 2016 by performing a parallel install and moving the databases over via a backup. 或者,如果你可以将 AD RMS 和 ADFS 数据库服务器升级到 SQL Server 2016,则在完成此操作后,你可以转到本文档中的下一节,无需执行本部分中的步骤。Alternatively, if you can upgrade your AD RMS and ADFS database servers to SQL Server 2016 in-place, you can move to the next section in this document after having done that without having to follow the steps in this section.

安装Installation

配置 SQL Server 2016Configuring SQL Server 2016

以下部分详细介绍了直接与 SQL Server 2016 配置相关的实现任务。The following section details implementation tasks related directly to the SQL Server 2016 configuration. 本指南重点介绍如何使用服务器管理器和 SQL Server Management Studio 完成这些任务。This guide focuses on using the Server Manager and the SQL Server Management Studio to complete these tasks.

必须在 SQL Server 2016 安装中完成这些步骤。These steps must be completed on a SQL Server 2016 installation. 根据组织的标准做法和策略,将 SQL Server 2016 安装在合适的硬件上。Install SQL Server 2016 on suitable hardware as per your organization's standard practices and policies.

准备 SQL ServerPreparing the SQL Server

以下部分详细介绍了如何准备 SQL Server 以便升级到 SQL Server 2016,然后再升级 AD RMS 平台中的其他服务以使用 Windows Server 2016。The following section details how to prepare the SQL Server so that it can be upgraded to SQL Server 2016 before upgrading other services in the AD RMS platform to use Windows Server 2016.

将 SQL Server 2016 的 CNAME 添加到 DNSAdding CNAME for SQL Server 2016 to DNS

CNAME 用于帮助确保 Windows Server 2016 安装程序将获取适当的数据,因为它将指向新的 SQL Server 2016。The CNAME is used to help ensure that the Windows Server 2016 setup will be getting the appropriate data since it will be pointed at the new SQL Server 2016. 注意:如果已对 ADFS 和 AD RMS 服务使用 CNAME,则可以继续执行后续步骤。Note: If already using a CNAME for the ADFS and AD RMS service, you can move on to the next steps.

将 SQL Server 2016 的 CNAME 添加到 DNSTo add a CNAME for SQL Server 2016 to DNS

  1. 用域管理员凭据登录到 Windows Server 2012 R2 域控制器。Log on to the Windows Server 2012 R2 Domain Controller with Domain admin credentials.

  2. 打开服务器管理器。Open Server Manager.

  3. 单击 "工具",然后选择 " DNS " 打开 dns 管理器。Click Tools and select DNS to open the DNS Manager.

  4. 从左侧导航窗格中,展开 DC 并打开 "正向查找区域"。From the left navigation pane, expand the DC and open up Forward Lookup Zones.

  5. 打开相应的域资源,然后右键单击右侧的 "视图" 窗格,然后选择 "**新别名 (cname) **开始创建 CNAME。Open the appropriate domain resources then right click in the right view pane and select New Alias (CNAME) to begin creating the CNAME.

  6. 对于 "别名",请输入逻辑名称,使其有别于可能存在 (Ex 的其他名称。For the alias name enter in a logical name to differentiate it from other that may be present (Ex. SQLADRMS 或 SQLADFS) SQLADRMS or SQLADFS)

  7. 输入名称后,为目标主机提供 FQDN,这将是新的 SQL Server 2016 服务器。After entering the name, provide the FQDN for the target host which will be the new SQL Server 2016 server. (例如:(ex. SQL2016.contoso.com) SQL2016.contoso.com)

  8. 输入所有信息后,单击 "确定"Once all the information has been entered, click OK.

备份 AD RMS 和 ADFS 数据库Backup the AD RMS and ADFS Databases

AD RMS 和 ADFS 数据库保存了 AD RMS 所需的重要信息,例如服务器许可方证书的公钥、权限策略模板、ADFS 配置数据和日志记录信息。The AD RMS and ADFS databases hold critical information necessary to AD RMS, such as the public key of the Server Licensor Certificate, rights policy templates, ADFS configuration data, and logging information. 如果没有这些数据库,客户端将无法颁发许可证来使用受保护的内容,还有其他问题。Without these databases, clients cannot issue licenses to consume protected content, among other issues.

在数据库中,将 AD RMS 配置数据库视为最重要,因为它存储了 SLC、权限策略模板、用户的密钥和配置信息。Of the databases, the AD RMS configuration database is considered the most important, as it stores the SLC, rights policy templates, users' keys, and configuration information. 因此,尽管您应该注意备份所有 AD RMS 和 ADFS 数据库,但您应该计划定期备份配置数据库。Therefore, though you should take care to back up all of the AD RMS and ADFS databases, you should plan to back up the configuration database regularly.

日志数据库将有关用户请求的信息存储在证书的 AD RMS 群集中,并使用许可证。The logging database stores information about user requests to the AD RMS cluster for certificates and use licenses. 此数据库的备份策略应基于用于保留此类信息的公司政策。Your backup strategy of this database should be based on company policy for retaining this type of information.

目录服务数据库对 AD RMS 功能并不重要,如果丢失最新的数据,则数据库将使用信息重新填充,因为 AD RMS 服务器接收证书请求并使用许可证。The directory services database is not critical to AD RMS functionality and, if the latest data is lost, the database will repopulate with information as the AD RMS server receives requests for certificates and use licenses. 不需要定期备份此数据库,但需要至少具有数据库的副本,因为部署 AD RMS 后它最初已配置。You do not need to backup this database regularly, but you do need to have at least a copy of the database as it was originally configured after deploying AD RMS.

使用 Microsoft SQL Server 备份 AD RMS 和/或 ADFS 数据库To backup an AD RMS and/or ADFS database with Microsoft SQL Server

  1. 通过 SQL 2012 登录到 Windows Server 2012 R2 AD RMS 数据库服务器。Log on to the Windows Server 2012 R2 AD RMS database server with SQL 2012.

  2. 依次单击 "开始"、"所有程序"、" Microsoft SQL Server",然后单击 " SQL Server Management Studio"。Click Start, click All Programs, click Microsoft SQL Server, and click SQL Server Management Studio.

  3. 在 "连接到服务器" 窗口中,确认承载 AD RMS 数据库的服务器在 "服务器名称" 框中,然后单击 "连接"。In the Connect to Server window, confirm the server hosting the AD RMS databases is in the Server Name box and click Connect.

  4. 展开“数据库”。Expand Databases. 右键单击相应的数据库 (drmAdfs) ,指向 "任务",然后选择 "备份"。Right click the appropriate database (DRMS and Adfs), point to Tasks, and select Backup.

  5. 对于剩余的数据库,重复步骤4。Repeat step 4 for the remaining databases.

  6. 确保可以通过网络上的其他计算机访问数据库的备份,或者使用存储设备,因为在迁移过程中后面的步骤需要用到它们。Ensure that the backup of the databases can be accessed by other machines on the network or using a storage device as they will be needed for later steps during the migration.

现在,你可以将数据库副本存储在安全的位置。Now you can store the database copies in a secure location. 请记住经常备份数据库。Remember to back up your databases frequently.

向 SQL Server 2016 添加域管理员、SQL、AD RMS 和/或 ADFS 服务帐户Adding Domain Admin, SQL, AD RMS, and/or ADFS Service Account to SQL Server 2016

以下步骤将演示如何将各种服务帐户添加到 SQL Server 2016,以帮助从 Windows Server 2012 R2 环境迁移数据。The following steps will showcase how to add the various Service Accounts to SQL Server 2016 to assist with migrating the data from the Windows Server 2012 R2 environment. 这会在尝试访问内容并处理数据时给予适当的权限。This will give the proper permissions when trying to access the content and handle the data.

将域管理员、SQL、AD RMS 和/或 ADFS 服务帐户添加到 SQL ServerTo add the Domain Admin, SQL, AD RMS, and/or ADFS Service Account to SQL Server

  1. 用 SQL Server 2016 作为本地管理员帐户登录到服务器。Log on to the server with SQL Server 2016 as the Local Admin account.

  2. 依次单击 "开始"、"所有程序"、" Microsoft SQL Server",然后单击 " SQL Server Management Studio"。Click Start, click All Programs, click Microsoft SQL Server, and click SQL Server Management Studio.

  3. 在 "连接到服务器" 窗口中,确认承载 AD RMS 数据库的服务器在 "服务器名称" 框中,然后,对于 "身份验证",请单击下拉菜单,然后选择 " SQL Server 身份验证"。In the Connect to Server window, confirm the server hosting the AD RMS databases is in the Server Name box then for Authentication click the drop-down menu and select SQL Server Authentication.

  4. 在 "登录名" 字段中,输入本地管理员帐户的名称 (例如。In the Login field enter the name of the Local Admin account (Ex. "localadmin") 然后提供相应的密码,然后单击 "连接"。localadmin) and then provide the appropriate password and click Connect.

  5. 展开 "安全性",然后右键单击 "登录名",然后从显示的上下文菜单中选择 "新建登录名"。Expand Security and then right-click Logins and select New Login from the context menu that appears.

  6. 窗口出现后,请在 "登录名" 字段中的域管理员帐户中输入 (例如。Once the window appears enter in the Domain Admin account in the Login name field (Ex. Contoso \ ContosoAdmin) Contoso\ContosoAdmin)

  7. 从左侧导航窗格中,选择 "服务器角色"。From the left navigation pane, choose Server Roles.

  8. 然后,在服务器角色下将sysadmin的复选框标记为,并单击 "确定"Then mark the checkbox for sysadmin under the server roles and click OK.

  9. 重新启动SQL Server 管理Restart SQL Server Management.

  10. 在 "连接到服务器" 窗口中,确认承载 AD RMS 数据库的服务器在 "服务器名称" 框中,单击下拉菜单,然后选择 " Windows 身份验证",然后单击 "连接"。In the Connect to Server window, confirm the server hosting the AD RMS databases is in the Server Name box then for Authentication click the drop-down menu and select Windows Authentication and click Connect.

将 AD RMS 和 ADFS 数据库还原到 SQL Server 2016Restoring the AD RMS and ADFS Databases to SQL Server 2016

以下步骤将演示如何将数据从上一个 SQL Server 实例还原到新的2016实例。The following steps will showcase how to restore the data from the previous SQL Server instance to the new 2016 instance. 这将允许新 SQL 利用以前 AD RMS 和 ADFS 数据库中的相关配置数据。This will allow the new SQL to utilize the relevant configuration data from the previous AD RMS and ADFS databases.

将以前 SQL Server 的数据还原到新 SQL ServerTo restore the data from the previous SQL Server to the new SQL Server

  1. 用适当的帐户登录到带有 SQL Server 2016 的服务器。Log on to the server with SQL Server 2016 with the appropriate account.

  2. 从左侧导航窗格中,右键单击 "数据库",然后选择 "还原数据库" 以开始还原过程。From the left navigation pane, right-click Databases and select Restore Database to begin the restoration process.

  3. 在 "" 下选择 "设备",然后浏览到在前面的步骤中存储数据库文件的位置。Under Source choose Device and then browse for the location where the database files were stored in the earlier steps.

  4. 选择文件后,单击 "确定"Once the files have been selected, click OK.

  5. 请确保已添加所有数据库文件,并单击 "确定" 完成该过程。Ensure that all the database files have been added and complete the process by clicking OK.

配置 Windows Server 2016 Active Directory 联合身份验证服务 (AD FS) Configuring Windows Server 2016 Active Directory Federation Services (AD FS)

部署 AD FS 是为了提供单一登录 (SSO) AD RMS 作为应用程序的访问。AD FS has been deployed to provide single sign-on (SSO) access to AD RMS as an application. 它还配置了 AD RMS 移动设备扩展 (MDE) ,为最终用户启用 Mac 和移动设备支持。It has also been configured with the AD RMS Mobile Device Extension (MDE), which enables Mac and mobile device support for end users.

以下各节提供有关可能需要在 AD FS 部署中执行的操作任务的指导。The following sections provide guidance on operational tasks you may need to perform on your AD FS deployment.

向场添加 2016 AD FS 服务器Adding a 2016 AD FS Server to the Farm

你可以部署其他 AD FS 服务器以支持 AD RMS 部署。You can deploy additional AD FS servers to support the AD RMS deployment. 如果要增加 AD RMS 服务器或其他应用程序的流量,或者需要停用当前用于 AD FS 的一台服务器,则可以选择执行此操作。You may choose to perform this action in the event of increased traffic to the AD RMS servers, or additional applications, or if you need to retire one of the servers currently being used for AD FS.

将 2016 AD FS 服务器添加到场To add the 2016 AD FS server to the farm

  1. 在 Azure AD Connect 服务器上,双击 " Azure AD Connect " 图标以启动 Azure AD Connect 向导。From the Azure AD Connect server, double click the Azure AD Connect icon to launch the Azure AD Connect wizard.

  2. 在欢迎页中,单击 "配置"。In the Welcome page, click Configure.

  3. 在 "其他任务" 页上,单击 "部署其他联合服务器",然后单击 "下一步"。In the Additional Tasks page, click Deploy an additional Federation Server and then click Next.

  4. 在 "连接到 Azure AD" 页中,输入具有全局管理权限的帐户的用户名和密码,然后单击 "下一步"。In the Connect to Azure AD page, enter the user name and password of an account with Global Administrative permissions and then click Next.

  5. 在 "域管理员凭据" 页上,输入具有域管理员权限的帐户的用户名和密码,然后单击 "下一步"。In the Domain Administrator credentials page, enter the user name and password of an account with Domain Admin permissions and click Next.

  6. 单击 "浏览",并选择使用 Azure AD Connect 配置 AD FS 场时使用的证书文件。Click Browse and select the certificate file used when configuring the AD FS farm using the Azure AD Connect.

  7. 单击 "输入密码" 以打开 "证书密码" 对话框。Click Enter Password to open the Certificate Password dialog box.

  8. 在 "密码" 字段中输入证书的密码,然后单击 "确定"Enter the password of the certificate in the Password field and then click OK.

  9. 单击“下一步”。Click Next.

  10. 在 "AD FS 服务器" 页上,输入新 AD FS 服务器的名称或 IP 地址,然后单击 "添加"。In the AD FS Servers page, enter the name or the IP address of the new AD FS server and click Add.

  11. 在 "已准备好配置" 页上,单击 "安装"。In the Ready to Configure page, click Install.

  12. 在 "安装完成" 页上,单击 "退出"。In the Installation Complete page, click Exit.

提高 ADFS 场行为级别Raising the ADFS Farm Behavior Level

当部署的 ADFs 服务器超过当前环境级别(例如)时,在 Windows Server 2012 R2 上拥有一个 ADFS,然后添加 ADFS Windows Server 2016,将需要增加场行为级别。When deploying an ADFs server that exceeds the current environment level such as, having an ADFS on Windows Server 2012 R2 and then adding an ADFS Windows Server 2016, the Farm Behavior Level will need to be increased. 这是确保环境使用最新信息和功能所需的。This is needed to ensure that the environment is using the most up to date information and functions.

提高 ADFS 场行为级别To raise the ADFS Farm Behavior Level

  1. 导航至 Windows Server 2016 ADFS。Navigate to the Windows Server 2016 ADFS.

  2. 打开管理员 PowerShell 会话。Open an admin PowerShell session.

  3. 输入以下命令: ** $ 凭据 = Get-Credential**Enter the following command: $cred = Get-Credential

  4. 将显示一个窗口,要求提供凭据,请输入域管理员凭据。A window will appear asking for credentials, enter in the domain admin credentials.

  5. 然后输入以下命令: **AdfsFarmBehaviorLevelRaise-Credential $ **凭据Then enter this command: Invoke-AdfsFarmBehaviorLevelRaise -Credential $cred

  6. 此时将显示一条提示,询问你是否要继续此操作?A prompt will appear asking, Do you want to continue with this operation? 然后输入接受提示。Then enter a to accept the prompt.

  7. 命令完成后,场行为级别将设置并准备就绪。After the command has completed, the Farm Behavior Level will be setup and ready.

启用移动设备扩展日志记录Enabling Mobile Device Extension Logging

移动设备扩展可以记录从最终用户设备接收的请求。The Mobile Device Extension can log requests it receives from end user devices. 日志记录在默认情况下处于禁用状态,我们建议仅在故障排除方案中启用日志记录。Logging is disabled by default and we recommend only enabling logging in a troubleshooting scenario. 来自移动设备和台式计算机的所有请求都将记录在 AD RMS 日志记录数据库或 Azure 存储帐户中。All requests, from mobile devices and desktop machines, to bootstrap or acquire an end use license are logged in the AD RMS logging database or Azure storage account. MDE 日志记录将为 AD RMS 使用的 SQL Server 另外创建两个表:客户端调试日志表和客户端性能日志表。MDE logging will create two additional tables to the SQL Server used by AD RMS: the client debug log table and the client performance log table.

启用移动设备扩展日志记录To enable Mobile Device Extension logging

  1. 在 AD RMS 服务器上,以管理员身份打开 Windows PowerShell。From an AD RMS server, open Windows PowerShell as an administrator.

  2. 键入以下命令,然后按enterimport-module AdRmsAdminType the following command and press Enter: Import-Module AdRmsAdmin

  3. 键入以下命令,然后按enter: **New-psdrive-Name AdrmsCluster-PsProvider AdRmsAdmin-Root https://localhost **Type the following command and press Enter: New-PSDrive -Name AdrmsCluster -PsProvider AdRmsAdmin -Root https://localhost

  4. 键入以下命令并按enterSet-itemproperty-Path AdrmsCluster: \ -Name IsLoggingEnabled-Value $ trueType the following command and press Enter: Set-ItemProperty -Path AdrmsCluster:\ -Name IsLoggingEnabled -Value $true

如果使用 MDE 日志记录进行故障排除,则建议在解决问题后禁用它。If you are using MDE logging for troubleshooting, we recommend disabling it after addressing the issue.

禁用移动设备扩展日志记录To disable Mobile Device Extension logging

  1. 在 AD RMS 服务器上,以管理员身份打开 Windows PowerShell。From an AD RMS server, open Windows PowerShell as an administrator.

  2. 键入以下命令,然后按enterimport-module AdRmsAdminType the following command and press Enter: Import-Module AdRmsAdmin

  3. 键入以下命令,然后按enter: **New-psdrive-Name AdrmsCluster-PsProvider AdRmsAdmin-Root https://localhost **Type the following command and press Enter: New-PSDrive -Name AdrmsCluster -PsProvider AdRmsAdmin -Root https://localhost

  4. 键入以下命令并按enterSet-itemproperty-Path AdrmsCluster: \ -Name IsLoggingEnabled-Value $ falseType the following command and press Enter: Set-ItemProperty -Path AdrmsCluster:\ -Name IsLoggingEnabled -Value $false

将 AD RMS 升级到 Windows Server 2016Upgrading AD RMS to Windows Server 2016

以下部分提供有关如何将基于 Windows Server 2016 的 AD RMS 服务器添加到当前 Windows Server 2012 R2 群集的指导。The following sections provide guidance on how to add a Windows Server 2016-based AD RMS Server into the current Windows Server 2012 R2 cluster. 服务器将添加到群集中,并将信息复制到该群集中,以便可以弃用以前的 AD RMS 服务器以释放资源。The server will be added into the cluster and the information will be replicated to it so that the previous AD RMS server can be deprecated to free up resources.

将基于 Windows Server 2016 的 AD RMS 服务器添加到 AD RMS 群集后,基于 Windows 的早期版本的所有节点将变为不活动状态。After you add one Windows Server 2016-based AD RMS server has been added to your AD RMS cluster, all nodes based on older versions of Windows will become inactive. 完成此操作后,你可以取消预配这些服务器 (例如关闭、重新调整用途或重新安装 Windows Server 2016,以便加入 AD RMS 群集) 。After this is done you can deprovision those servers (e.g. shut down, repurpose or reinstall with Windows Server 2016 to join the AD RMS cluster).

你可以向群集部署其他 AD RMS 服务器,以支持 AD RMS 部署上的负载。You can deploy additional AD RMS servers to the cluster to support the load on your AD RMS deployment. 如果 AD RMS 服务器的流量增加,还可以选择执行此操作。You may also choose to perform this action in the event of increased traffic to the AD RMS servers.

本指南不涉及更改你的环境中可能使用的负载均衡机制以排除你正在弃用的服务器,并包括要添加到群集中的服务器所需的步骤。This guide doesn't cover the steps required to alter the load balancing mechanisms you might be using in your environment to exclude the servers you are deprecating and to include the ones you are adding to the cluster.

添加 2016 AD RMS 服务器Adding a 2016 AD RMS Server

如果 AD RMS 群集使用的是硬件安全模块,而不是其服务器许可方证书的集中管理的密钥,则需要安装软件和其他 HSM 项目 (例如,在安装 AD RMS 之前,服务器上) 的密钥和配置文件。If your AD RMS cluster is using a Hardware Security Module instead of a Centrally Managed key for its Server Licensor Certificate, you will need to install the software and other HSM artifacts (e.g. key and configuragtion files) on the server before installing AD RMS. 还需要通过物理方式或通过相关的网络配置将 HSM 连接到服务器。You will also need to connect the HSM to the server, either physically or through the relevant network configurations. 遵循以下步骤的 HSM 指导。Follow your HSM guidance for these steps.

添加 2016 AD RMS 服务器To add a 2016 AD RMS Server

  1. 在所需的 Windows Server 2016 部署上安装 AD RMS 角色。Install the AD RMS Role on the desired Windows Server 2016 deployment.

  2. 安装完成后,选择要执行其他配置的链接。After installation completes, select the link to Perform additional configuration.

  3. 选择 "加入现有 AD RMS 群集",然后单击 "下一步"。Select Join an existing AD RMS cluster and click Next.

  4. 在 "选择配置数据库" 页上,输入在 DNS 中为 2016 SQL SERVER (FQDN) 指定的 CNAME。On the Select Configuration Database page, enter the CNAME specified in the DNS for the 2016 SQL server (FQDN).

  5. 单击第二行中的 "列表",然后从下拉列表中选择 " DefaultInstance "。Click List on the second line and select the DefaultInstance from the drop-down.

  6. 在 "配置数据库名称" 下,选择下拉菜单,然后选择显示的 "drm" 配置。Under Configuration Database Name, select the drop-down menu and choose the DRMS configuration that appears. 然后单击“下一步”。Then click Next.

  7. 在 "数据库信息" 页上,在提供的字段中输入群集密钥密码。On the Database Information page, enter the cluster key password in the field provided. 完成后,单击 "下一步"。After that, click Next.

  8. 在向导的下一页上,指定 AD RMS 服务帐户并提供该帐户的密码,并在验证后单击 "下一步"。In the next page of the wizard, specify the AD RMS service account and provide the password for it and click Next once it has been verified.

  9. 出现 "群集网站" 页面后,只需确保已选择相应的网站,然后单击 "下一步"。Once the Cluster Web Site page appears, simply ensure that the appropriate web site has been selected and click Next.

  10. 在 "选择服务器身份验证证书" 页上,选择导入的 SSL 证书,然后单击 "下一步"。On the Choose a Server Authentication Certificate page, select the imported SSL certificate and click Next.

  11. 单击“安装”**** 以开始安装。Click Install to begin the installation.

  12. 配置完成后,需要注销并重新登录,以便管理 AD RMS。After configuration completes, you will need to log off and back on to administer AD RMS.

  13. 登录后,打开服务器管理器选择 "工具",然后Active Directory Rights Management"。Once logged back on, open Server Manager select Tools and then Active Directory Rights Management. 将显示 "管理" 窗口,并指示群集在群集中具有其他服务器。The management window should appear and indicate that the cluster has the additional server in the cluster.

  14. 如果在原始 AD RMS 群集中安装了 AD RMS 移动设备扩展,则还需要在更新的群集节点中安装 MDE。If the AD RMS Mobile Device Extension was installed in the original AD RMS cluster, you need to also install the MDE in the updated cluster nodes. 按照 MDE 文档中的说明将 MDE 添加到 AD RMS 群集。Follow the instructions in the MDE documentation to add MDE to your AD RMS cluster. 此时,你可以重新使用所有预先存在的节点或将其升级到 Windows Server 2016,并使用上文概述的相同过程将它们重新加入到 AD RMS 群集。At this point, you can repurpose all the preexisting nodes or upgrade them to Windows Server 2016 and re-join them to the AD RMS cluster using the same process outlined above.

将 Windows Server 2016 Web 应用程序代理配置 (WAP) Configuring Windows Server 2016 Web Application Proxy (WAP)

以下各节提供有关可能需要在 Web 应用程序代理部署中执行的操作任务的指导。The following sections provide guidance on operational tasks you may need to perform on your Web Application Proxy deployment. 这是一个可选步骤,如果要通过其他机制将 AD RMS 发布到 Internet,则不需要此步骤。This is an optional step, not required if you are publishing AD RMS to the Internet through other mechanisms.

添加 Windows Server 2016 WAP 服务器Adding a Windows Server 2016 WAP Server

你可以部署其他 Web 应用程序代理服务器以支持 AD RMS 部署。You can deploy additional Web Application Proxy servers to support the AD RMS deployment. 如果 AD RMS 服务器增加了流量,或者需要停用当前用于 Web 应用程序代理的服务器之一,则可以选择执行此操作。You may choose to perform this action in the event of increased traffic to the AD RMS servers or if you need to retire one of the servers currently being used for the Web Application Proxy.

添加 2016 Web 应用程序代理服务器To add a 2016 Web Application Proxy server

  1. 在要设置为 Web 应用程序代理的服务器中,导航到服务器管理器控制台,然后单击 "添加角色和功能"。From the server you wish to setup as a Web Application Proxy, navigate to the Server Manager console and click Add roles and features.

  2. 在 "添加角色和功能向导" 中,单击 "下一步",直到进入服务器角色选择屏幕。In the Add Roles and Features Wizard, click Next until you get to the Server Role selection screen.

  3. 在 "选择服务器角色" 屏幕上,选择 "远程访问",然后单击 "下一步",直到返回到 "选择服务器角色" 屏幕。On the Select Server Roles screen, select Remote Access, and then click Next until you are back at the Select Server Roles screen.

  4. 在 "选择服务器角色" 屏幕上,选择 " Web 应用程序代理",单击 "添加功能",然后单击 "下一步"。On the Select Server Roles screen, select Web Application Proxy, click Add Features, and then click Next.

  5. 在“确认安装选择” 屏幕上,单击“安装” ****。On the Confirm Installation Selections screen, click Install.

  6. 安装完成后,单击 "关闭"。Once the installation has completed, click Close.

  7. 现在可以配置服务器。Now it is time to configure the server. 为此,请在 Web 应用程序代理服务器上打开远程访问管理控制台。To do this, open the Remote Access Management console on the Web Application Proxy server. 打开 "开始" 菜单,键入RAMgmtUI.exe,然后选择该应用程序。Open the Start menu, type RAMgmtUI.exe, and then select the application.

  8. 在导航窗格中,单击 “Web 应用程序代理”In the navigation pane, click Web Application Proxy.

  9. 在远程访问管理控制台中,单击 "运行 Web 应用程序代理配置向导"In the Remote Access Management console click Run the Web Application Proxy Configuration Wizard. 进入向导后,单击 "下一步"。Once in the wizard, click Next.

  10. 在 "联合服务器" 屏幕上,输入 AD FS 服务器的完全限定域名 (例如。On the Federation Server screen enter the fully qualified domain name of the AD FS server (Ex. adfs.contoso.com) ,然后在 AD FS 服务器上为管理员输入凭据。adfs.contoso.com) and then enter credentials for an administrator on the AD FS server.

  11. 在 "AD FS 代理证书" 屏幕上,在当前安装在 Web 应用程序代理服务器上的证书列表中,选择要供 AD FS Proxy 的 Web 应用程序代理使用的证书,然后单击 "下一步"。On the AD FS Proxy Certificate screen, in the list of certificates currently installed on the Web Application Proxy server, select a certificate to be used by Web Application Proxy for AD FS proxy, and then click Next.

  12. 在确认屏幕上,查看设置,然后单击 "配置"。On the Confirmation screen, review the settings then click Configure.

  13. 配置完成后,单击 "关闭"。Once the configuration is complete, click Close.

2016 WAP 服务器的 DNS 配置DNS Configuration for 2016 WAP Server

将 Windows Server 2016 Web 应用程序代理服务器放入到位后,将需要进行一些 DNS 更改。Once the Windows Server 2016 Web Application Proxy server has been put in place, some DNS changes will need to be made. 这将要求使用 GoDaddy 等服务指向 2016 WAP 服务器上的 ADFS 和 AD RMS 服务。This will require using a service such as GoDaddy to point the ADFS and AD RMS services at the 2016 WAP server.

将 DNS 指向 WAP 服务器To point the DNS at the WAP server

  1. 导航到提供商的网站 (例如。Navigate to your provider's website (ex. GoDaddy) 。GoDaddy).

  2. 进入域管理和 DNS 管理。Go into Domain Management and then DNS Management.

  3. 找到 ADFS 并 AD RMS 服务,并用 2016 WAP 服务器的公共 IP 地址替换,并保存Locate the ADFS and AD RMS service and replace the Points to portion with the Public IP Address of the 2016 WAP server and Save.

  4. 更改可能需要一段时间才能传播,但一旦完成,此设置就会完成。The changes may take time to propagate, but once they do this setup will be complete.

启用调试日志Enabling Debugging Logs

Web 应用程序代理服务器上提供详细的日志记录信息。Detailed logging information is available on the Web Application Proxy servers. 你可以使用事件查看器配置高级调试日志记录。You can configure advanced debugging logging using the Event Viewer. 还可以为日志的大小选择其他设置,以帮助确保分析对查看器有用。Additional settings can also be selected for the size of the logs to help ensure that the analytics are useful to the viewer.

为 Web 应用程序代理启用调试日志Enabling Debugging Logs for the Web Application Proxy

  1. 在 Web 应用程序代理上打开事件查看器控制台。Open the Event Viewer console on the Web Application Proxy.

  2. 展开 " Microsoft " 节点。Expand the Microsoft node.

  3. 展开 " Windows " 节点。Expand the Windows node.

  4. 打开Web 应用程序代理日志。Open the Web Application Proxy logs.

  5. 然后,你将能够打开 "管理日志"。You will then be able to open the Admin logs.

  6. 打开位于左上角的 "操作" 菜单,然后选择 "属性"。Open the Action menu, located in the top left, and select Properties.

  7. 在 "常规" 选项卡下,选择用于启用日志记录的选项。Under the General tab, choose the option to Enable Logging.

  8. 最后,你可以自定义最大日志大小,以及达到最大事件日志大小时所发生的情况。Finally, you are able to customize maximum log size and what happens when the maximum event log size is reached.

为 Windows Server 2016 服务配置高可用性Configuring High Availability for Windows Server 2016 Services

以下各节提供有关在高可用性下设置 Windows Server 2016 环境所需的操作任务的指导。The following sections provide guidance on operational tasks you may need to setup your Windows Server 2016 environment in High Availability.

添加 2016 AD RMS 服务器以实现高可用性Adding a 2016 AD RMS Server for High Availability

你可以部署其他 AD RMS 服务器以设置高可用性。You can deploy additional AD RMS servers to setup High Availability. 如果 AD RMS 服务器的流量增加,则可以选择执行此操作。You may choose to perform this action in the event of increased traffic to the AD RMS servers.

添加 2016 AD RMS 服务器以实现高可用性To add a 2016 AD RMS server for High Availability

  1. 在所需的 Windows Server 2016 部署上安装 AD RMS 角色。Install the AD RMS Role on the desired Windows Server 2016 deployment.

  2. 安装完成后,选择要执行其他配置的链接。After installation completes, select the link to Perform additional configuration.

  3. 选择 "加入现有 AD RMS 群集",然后单击 "下一步"。Select Join an existing AD RMS cluster and click Next.

  4. 在 "选择配置数据库" 页上,输入在 DNS 中为 2016 SQL SERVER (FQDN) 指定的 CNAME。On the Select Configuration Database page, enter the CNAME specified in the DNS for the 2016 SQL server (FQDN).

  5. 单击第二行中的 "列表",然后从下拉列表中选择 " DefaultInstance "。Click List on the second line and select the DefaultInstance from the drop-down.

  6. 在 "配置数据库名称" 下,选择下拉菜单,然后选择显示的 "drm" 配置。Under Configuration Database Name, select the drop-down menu and choose the DRMS configuration that appears. 然后单击“下一步”。Then click Next.

  7. 在 "数据库信息" 页上,在提供的字段中输入群集密钥密码。On the Database Information page, enter the cluster key password in the field provided. 完成后,单击 "下一步"。After that, click Next.

  8. 在向导的下一页上,指定 AD RMS 服务帐户并提供该帐户的密码,并在验证后单击 "下一步"。In the next page of the wizard, specify the AD RMS service account and provide the password for it and click Next once it has been verified.

  9. 出现 "群集网站" 页面后,只需确保已选择相应的网站,然后单击 "下一步"。Once the Cluster Web Site page appears, simply ensure that the appropriate web site has been selected and click Next.

  10. 在 "选择服务器身份验证证书" 页上,选择导入的 SSL 证书,然后单击 "下一步"。On the Choose a Server Authentication Certificate page, select the imported SSL certificate and click Next.

  11. 单击“安装”**** 以开始安装。Click Install to begin the installation.

  12. 配置完成后,需要注销并重新登录,以便管理 AD RMS。After configuration completes, you will need to log off and back on to administer AD RMS.

  13. 登录后,打开服务器管理器选择 "工具",然后Active Directory Rights Management"。Once logged back on, open Server Manager select Tools and then Active Directory Rights Management. 将显示 "管理" 窗口,并指示群集在群集中具有其他服务器。The management window should appear and indicate that the cluster has the additional server in the cluster.

  14. 确认服务器安装后,配置负载平衡服务,平衡群集中不同 AD RMS 服务器之间的负载。After confirming the server setup, configure your Load Balancing service to balance the load between the different AD RMS servers in the cluster.

添加 Windows Server 2016 AD FS Server 以实现高可用性Adding a Windows Server 2016 AD FS Server for High Availability

你可以部署其他 AD FS 服务器以设置高可用性。You can deploy additional AD FS servers to setup High Availability. 如果 AD FS 服务器的流量增加,则可以选择执行此操作。You may choose to perform this action in the event of increased traffic to the AD FS servers. 注意:提高场行为级别后,新的数据库条目将进入 SQL Server 2016 (Adfs Configv3) ,并且必须删除旧的配置数据库,然后才能继续执行这些步骤。Note: after raising the farm behavior level, a new database entry will be entered into the SQL Server 2016(Adfs Configv3) and the old configuration database must be deleted before continuing with these steps.

添加 Windows Server 2016 AD FS Server 以实现高可用性To add the Windows Server 2016 AD FS server for High Availability

  1. 在所需的 Windows Server 2016 部署上安装 AD RMS 角色。Install the AD RMS Role on the desired Windows Server 2016 deployment.

  2. 安装完成后,选择要在此服务器上配置联合身份验证服务的链接。After installation completes, select the link to Configure the federation service on this server.

  3. 在向导的 "欢迎" 部分中,选择 "将联合服务器添加到联合服务器场" 选项,然后单击 "下一步"。In the welcome section of the wizard, choose the option to Add a federation server to a federation server farm and then click Next.

  4. 指定正确的管理员帐户,然后单击 "下一步"。Specify the proper admin account and click Next.

  5. 在 "指定场" 页上,使用 SQL Server 选择 "指定现有场的数据库位置",然后为 "SQL 服务" 输入数据库主机名的 CNAME,然后单击 "下一步"。On the Specify Farm page, pick the Specify database location for an existing farm using SQL Server then enter the CNAME for the SQL service for the Database Host Name and click Next.

  6. 在向导的 "指定服务帐户" 区域下,输入 AD FS 服务帐户的凭据,然后单击 "下一步"。Under the Specify Service Account area of the wizard, enter the credentials for the AD FS service account and then click Next.

  7. 在 "查看选项" 中,单击 "下一步"。In Review Options, click Next.

  8. 按钮变为可用时,单击 "配置"。Click Configure when the button becomes available.

  9. 配置后,重新启动计算机。After the configuration, restart the machine.

  10. 确认服务器设置后,根据需要对 AD FS 服务器进行负载平衡。After confirming the server setup, Load Balance the AD FS servers as required.

添加 Windows Server 2016 WAP 服务器以实现高可用性Adding a Windows Server 2016 WAP Server for High Availability

你可以部署更多 WAP 服务器来设置高可用性。You can deploy additional WAP servers to setup High Availability. 如果 AD RMS 服务器的流量增加,则可以选择执行此操作。You may choose to perform this action in the event of increased traffic to the AD RMS servers.

添加 Windows Server 2016 Web 应用程序代理服务器以实现高可用性To add a Windows Server 2016 Web Application Proxy server for High Availability

  1. 在要设置为 Web 应用程序代理的服务器中,导航到服务器管理器控制台,然后单击 "添加角色和功能"。From the server you wish to setup as a Web Application Proxy, navigate to the Server Manager console and click Add roles and features.

  2. 在 "添加角色和功能向导" 中,单击 "下一步",直到进入服务器角色选择屏幕。In the Add Roles and Features Wizard, click Next until you get to the Server Role selection screen.

  3. 在 "选择服务器角色" 屏幕上,选择 "远程访问",然后单击 "下一步",直到返回到 "选择服务器角色" 屏幕。On the Select Server Roles screen, select Remote Access, and then click Next until you are back at the Select Server Roles screen.

  4. 在 "选择服务器角色" 屏幕上,选择 " Web 应用程序代理",单击 "添加功能",然后单击 "下一步"。On the Select Server Roles screen, select Web Application Proxy, click Add Features, and then click Next.

  5. 在“确认安装选择” 屏幕上,单击“安装” ****。On the Confirm Installation Selections screen, click Install.

  6. 安装完成后,单击 "关闭"。Once the installation has completed, click Close.

  7. 现在可以配置服务器。Now it is time to configure the server. 为此,请在 Web 应用程序代理服务器上打开远程访问管理控制台。To do this, open the Remote Access Management console on the Web Application Proxy server. 打开 "开始" 菜单,键入RAMgmtUI.exe,然后选择该应用程序。Open the Start menu, type RAMgmtUI.exe, and then select the application.

  8. 在导航窗格中,单击 “Web 应用程序代理”In the navigation pane, click Web Application Proxy.

  9. 在远程访问管理控制台中,单击 "运行 Web 应用程序代理配置向导"In the Remote Access Management console click Run the Web Application Proxy Configuration Wizard. 进入向导后,单击 "下一步"。Once in the wizard, click Next.

  10. 在 "联合服务器" 屏幕上,输入 AD FS 服务器的完全限定域名 (例如。On the Federation Server screen enter the fully qualified domain name of the AD FS server (Ex. adfs.contoso.com) ,然后在 AD FS 服务器上为管理员输入凭据。adfs.contoso.com) and then enter credentials for an administrator on the AD FS server.

  11. 在 "AD FS 代理证书" 屏幕上,在当前安装在 Web 应用程序代理服务器上的证书列表中,选择要供 AD FS Proxy 的 Web 应用程序代理使用的证书,然后单击 "下一步"。On the AD FS Proxy Certificate screen, in the list of certificates currently installed on the Web Application Proxy server, select a certificate to be used by Web Application Proxy for AD FS proxy, and then click Next.

  12. 在确认屏幕上,查看设置,然后单击 "配置"。On the Confirmation screen, review the settings then click Configure.

  13. 配置完成后,单击 "关闭"。Once the configuration is complete, click Close.

  14. 确认服务器设置后,对外围网络中的 WAP 服务器进行负载平衡。After confirming the server setup, Load Balance the WAP servers in the DMZ.

添加 SQL Server 2016 节点以 Always On 高可用性Adding a SQL Server 2016 node for Always On High Availability

你可以将其他 SQL server 部署到安装程序 Always On 高可用性。You can deploy additional SQL servers to setup Always On High Availability. 如果 AD RMS 服务器的流量增加,则可以选择执行此操作。You may choose to perform this action in the event of increased traffic to the AD RMS servers. 注意:请确保这两个 SQL Server 都打开了入站端口5022。Note: ensure that both SQL Servers have the Inbound port 5022 open.

添加 Always On 高可用性的 SQL server 2016 服务器To add a SQL server 2016 server for Always On High Availability

  1. 在要设置为附加 SQL Server 2016 服务器的服务器中,导航到服务器管理器控制台,然后单击 "添加角色和功能"。From the server you wish to setup as an additional SQL Server 2016 server, navigate to the Server Manager console and click Add roles and features.

  2. 在 "选择功能" 对话框中单击 "下一步"。Click Next till the Select Features dialog box.

  3. 选中 "故障转移群集" 复选框。Select the Failover Clustering checkbox. 注意:请针对原始 SQL server 2016 服务器执行此步骤,以便这两个 SQL server 都具有故障转移群集功能。Note: follow this step for the original SQL server 2016 server as well so that both SQL Servers have the Failover Clustering feature.

  4. 单击 "安装" 以安装故障转移群集功能。Click Install to install the Failover Clustering feature.

  5. 现在,请打开服务器管理器,然后选择 "工具",然后故障转移群集管理器"。Now, open Server Manager and select Tools then Failover Cluster Manager.

  6. 在左侧菜单窗格中,右键单击故障转移群集管理器,然后选择 "创建群集"。From the left menu pane, right-click Failover Cluster Manager and select Create Cluster

  7. 这将打开 "创建群集向导"。This will open the Create Cluster Wizard.

  8. 浏览要用于 Always On 高可用性的 SQL server 2016 服务器并将其输入到中,然后单击 "下一步"。Browse for the SQL server 2016 servers which will be used for Always On High Availability and enter them in then click Next.

  9. 您将收到一个验证警告。You will receive a validation warning. 选择 "是" 以验证群集节点,然后单击 "下一步"。Select Yes to Validate the Cluster nodes and then click Next.

  10. 在 "测试选项" 页上,选择 "运行所有测试" 选项,然后单击 "下一步"。Under the Testing Options page, select the option Run all tests and click Next.

  11. 注意:群集验证向导应返回多条警告消息,尤其是在您不使用共享存储的情况下。不是这样,如果你发现在创建 Windows Server 故障转移群集之前,你需要解决这些错误消息Note: The Cluster Validation Wizard is expected to return several Warning messages, especially if you will not be using shared storage. Other than that, if you find any error messages you need to fix them prior to creating the Windows Server Failover Cluster.

  12. 在 "用于管理群集的访问点" 对话框中,输入 Windows Server 故障转移群集的群集名称和虚拟 IP 地址,然后单击 "下一步"。In the Access Point for Administering the Cluster dialog box, enter the cluster name and virtual IP address for the Windows Server Failover Cluster, then click Next.

  13. 在 "摘要" 中验证配置是否成功,然后单击 "完成"。Verify that the configuration is successful in Summary and click Finish.

  14. 返回故障转移群集管理器, 右键单击群集并选择 "更多操作",然后选择 "配置群集仲裁设置"。Back in the Failover Cluster Manager, right-click on your cluster and select More Actions then choose Configure Cluster Quorum Settings

  15. 单击 "下一步",然后选择选择仲裁见证的选项,然后再次单击 "下一步"。Click Next and then pick the option for Select the quorum witness and hit Next again.

  16. 在 "选择仲裁见证" 页上,选择 "配置文件共享见证" 选项。In the Select Quorum Witness page, select the Configure a file share witness option. 然后单击“下一步”。Then click Next.

  17. 选择 "浏览",然后在 "文件共享路径" 对话框中找到要使用的文件共享的路径。Select Browse and locate the path of the file share that you want to use in the File Share Path dialogue box. 单击“下一步”。Click Next.

  18. 在“确认”页上,单击 “下一步”On the Confirmation page, click Next.

  19. 在 “概要” 页上,单击 “完成”On the Summary page, click Finish.

  20. 现在,请打开 "开始" 菜单,搜索SQL Server 配置管理器Now, open the Start menu and search for SQL Server Configuration Manager.

  21. 右键单击 SQL Server 名称,然后选择 "属性"。Right-click the SQL Server name and pick Properties.

  22. 在 "属性" 对话框中,选择 " AlwaysOn 高可用性" 选项卡。选中 "启用 AlwaysOn 可用性组" 复选框。In the Properties dialog box, select the AlwaysOn High Availability tab. Check the Enable AlwaysOn Availability Groups check box. 单击“确定”。Click OK. 注意:请在两个 SQL server 2016 服务器上执行此操作。Note: do this on both SQL server 2016 servers.

  23. 然后重启 SQL Server 服务。Then restart the SQL Server service.

  24. 现在,请打开 "开始" 菜单,搜索 " SQL Server Management Studio ",然后从左侧导航窗格中,右键单击 "可用性组",然后单击 "新建可用性组向导",然后单击 "下一步"。Now, open the Start menu and search for SQL Server Management Studio and from the left navigation pane, right-click Availability Groups and click New Availability Group Wizard then click Next.

  25. 在 "指定可用性组名称" 页中,选择组名 (SQLAvailabilityGroup2016) "。In the Specify Availability Group Name page pick a group name (Ex.SQLAvailabilityGroup2016). 然后单击“下一步”。Then click Next.

  26. 在 "选择数据库" 部分下,指定数据库。Under the Select Databases section, specify the databases. 然后,单击“下一步”。Then click Next. 注意:某些数据库可能需要再次备份或置于完全恢复模式Note: some database may need to be backed up again or put into Full Recovery mode.

  27. 在 "指定副本" 页上,单击 "添加副本" 按钮,然后选择其他 2016 SQL Server。Once on the Specify Replicas page, click the Add Replica button and pick your other 2016 SQL Server.

  28. 添加另一台服务器后,单击相应的复选框,并将辅助服务器设置为可读辅助服务器。After adding the other server, click the check boxes and set the secondary server to be a readable secondary.

  29. 导航到 "终结点" 选项卡,然后单击 "刷新" 选项。Navigate to the Endpoints tab and click the Refresh option. 同时,还可以滚动浏览并确保主节点和辅助节点上的服务帐户相同。While also here, scroll across and ensure that the same service account is on the primary and secondary node.

  30. 现在,选择 "备份首选项" 选项卡,然后选择 "首选辅助" 选项。Now, choose the Backup Preferences tab and select the Prefer Secondary option.

  31. 转到 "侦听器" 选项卡。Move on to the Listener tab.

  32. (Ex 指定名称。Specify a name (Ex. SQLListener) 并确保端口为1433 ,然后单击 "下一步"。SQLListener) and ensure that the port is 1433 and then click Next.

  33. 在向导的 "选择初始数据同步" 页中,选择 "完全" 选项并指定所有 SQL 服务器都可以访问的网络位置,然后单击 "下一步"。In the Select Initial Data Synchronization page of the wizard, choose the Full option and specify network location accessible by all the SQL servers and then click Next.

  34. 最后,单击 "完成" 即可完成该过程。Finally, click Finish and the process will complete.

停止 Windows Server 2012 R2 节点Decommission Windows Server 2012 R2 nodes

以下各节提供了有关操作任务的指导,在成功将 AD RMS 群集升级到 Windows Server 2016 后,你可能需要删除 Windows Server 2012 R2 服务器。The following sections provide guidance on operational tasks you may need to remove your Windows Server 2012 R2 servers after successfully upgrading the AD RMS cluster to Windows Server 2016.

删除 Windows Server 2012 R2 AD RMS 服务器Removing a Windows Server 2012 R2 AD RMS Server

升级之后,可以删除不必要的 AD RMS 服务器。You can remove unnecessary AD RMS servers after an upgrade. 如果需要解除 AD RMS 服务器的授权,则可以选择执行此操作。You may choose to perform this action when it becomes needed to decommission AD RMS servers.

删除 Windows server 2012 R2 AD RMS 服务器To remove a Windows Server 2012 R2 AD RMS server

  1. 在服务器管理器中的 Windows Server 2012 R2 AD RMS 服务器上,从右上方菜单中选择 "管理",然后选择 "删除角色和功能"。On the Windows Server 2012 R2 AD RMS server in Server Manager, select Manage from the top right menus and then choose Remove Roles and Features.

  2. "删除角色和功能向导" 将打开,并在 "开始之前" 屏幕上,单击 "下一步"。The Remove Roles and Features Wizard will open up and on the Before you Begin screen, click Next.

  3. 服务器选择屏幕上,单击 "下一步"。On the Server Selection Screen, click Next.

  4. 在 "服务器角色" 屏幕上,删除Active Directory Rights Management Services旁边的复选标记,然后单击 "下一步"。On the Server Roles screen, remove the check next to Active Directory Rights Management Services and click Next.

  5. 功能屏幕上,单击 "下一步"。On the Features Screen, click Next.

  6. 确认屏幕上,单击 "删除"。On the Confirmation Screen, click Remove.

  7. 完成此过程后,请重新启动服务器。Once this completes, restart the server.

  8. 你现在可以关闭此服务器,并根据需要重新分配资源。You can now shut down this server and reallocate the resources as needed.