升級到 Windows Server 2016 的網域控制站Upgrade Domain Controllers to Windows Server 2016

適用於:Windows Server 2016Applies To: Windows Server 2016

本主題提供 Active Directory Domain Services Windows Server 2016 中的背景資訊與解釋從 Windows Server 2012 或 Windows Server 2012 R2 網域控制站的程序。This topic provides background information about Active Directory Domain Services in Windows Server 2016 and explains the process for upgrading domain controllers from Windows Server 2012 or Windows Server 2012 R2.

必要條件Pre-requisites

升級網域的建議的方式是促銷網域控制站執行較新版本的 Windows Server,而且降級舊版網域控制站視。The recommended way to upgrade a domain is to promote domain controllers that run newer versions of Windows Server and demote the older domain controllers as needed. 升級現有的網域控制站的作業系統最好的方法。That method is preferable to upgrading the operating system of an existing domain controller. 這份清單涵蓋一般到您的網域控制站執行 Windows Server 有較新版本的升級之前,請依照下列步驟:This list covers general steps to follow before you promote a domain controller that runs a newer version of Windows Server:

  1. 請確認目標伺服器符合系統需求。Verify the target server meets system requirements.
  2. 請確認應用程式的相容性。Verify Application compatibility.
  3. 移轉到 Windows Server 2016 檢視建議Review Recommendations for moving to Windows Server 2016
  4. 檢查安全性設定。Verify security settings. 如需詳細資訊,請查看在 Windows Server 2016 AD DS 相關 Deprecated 功能和變更行為For more information, see Deprecated features and behavior changes related to AD DS in Windows Server 2016.
  5. 檢查您想要執行安裝電腦的目標伺服器連接。Check connectivity to the target server from the computer where you plan to run the installation.
  6. 檢查有可用的必要作業主機的角色:Check for availability of necessary operation master roles:
    • 若要安裝 Windows Server 2016 上執行的現有的網域和樹系的第一個 DC,您執行安裝所在的電腦需要連接到架構主機為了執行 adprep /domainprep 為了執行 adprep /forestprep 與基礎結構主機。To install the first DC that runs Windows Server 2016 in an existing domain and forest, the machine where you run the installation needs connectivity to the schema master in order to run adprep /forestprep and the infrastructure master in order to run adprep /domainprep.
    • 若要安裝的第一個 DC 樹系架構會已經延伸的網域中,您只需要連接基礎結構主機。To install the first DC in a domain where the forest schema is already extended, you only need connectivity to infrastructure master.
    • 若要安裝或在現有的樹系移除網域,您需要連接到網域命名主機To install or remove a domain in an existing forest, you need connectivity to the domain naming master.
    • 任何網域控制站安裝也必須連接到RID 主機。Any domain controller installation also requires connectivity to the RID master.
    • 如果您第一個唯讀網域控制站安裝現有的樹系,您會需要為每個應用程式 directory 磁碟分割,也就是非網域命名操作或 NDNC 基礎結構主機連接。If you are installing the first read-only domain controller in an existing forest, you need connectivity to the infrastructure master for each application directory partition, also known as a non-domain naming context or NDNC.

安裝步驟和所需的系統層級Installation steps and required administrative levels

下表提供摘要升級步驟,才能完成這些步驟的權限要求The following table provides a summary of the upgrade steps and the permission requirements to accomplish these steps

安裝動作Installation action 認證需求Credential requirements
安裝新的樹系Install a new forest 本機目標伺服器上的系統管理員Local Administrator on the target server
在現有的樹系安裝新的網域Install a new domain in an existing forest 企業系統管理員Enterprise Admins
安裝其他俠現有網域中Install an additional DC in an existing domain 網域系統管理員 」Domain Admins
執行 adprep /forestprepRun adprep /forestprep 架構系統管理員企業系統管理員,網域系統管理員Schema Admins, Enterprise Admins, and Domain Admins
執行 adprep /domainprepRun adprep /domainprep 網域系統管理員 」Domain Admins
執行 adprep /domainprep /gpprepRun adprep /domainprep /gpprep 網域系統管理員 」Domain Admins
執行 adprep /rodcprepRun adprep /rodcprep 企業系統管理員Enterprise Admins

適用於在 Windows Server 2016 中的新功能的詳細資訊,請查看Windows Server 2016 中的新功能For additional information on new features in Windows Server 2016, see What's new in Windows Server 2016.

支援的就地升級路徑Supported in-place upgrade paths

執行 64 位元版本的 Windows Server 2012 或 Windows Server 2012 R2 網域控制站可以升級到 Windows Server 2016。Domain controllers that run 64-bit versions of Windows Server 2012 or Windows Server 2012 R2 can be upgraded to Windows Server 2016. 因為只是在 64 位元版本的 Windows Server 2016 支援只 64 位元版本的升級。Only 64-bit version upgrades are supported because Windows Server 2016 only comes in a 64-bit version.

如果您執行此版本:If you are running this edition: 您可以升級至這些版本:You can upgrade to these editions:
Windows Server 2012 標準Windows Server 2012 Standard Windows Server 2016 Standard 或 DatacenterWindows Server 2016 Standard or Datacenter
Windows Server 2012 資料中心Windows Server 2012 Datacenter Windows Server 2016 DatacenterWindows Server 2016 Datacenter
Windows Server 2012 R2 標準Windows Server 2012 R2 Standard Windows Server 2016 Standard 或 DatacenterWindows Server 2016 Standard or Datacenter
Windows Server 2012 R2 資料中心Windows Server 2012 R2 Datacenter Windows Server 2016 DatacenterWindows Server 2016 Datacenter
Windows Server 2012 R2 的基本資訊Windows Server 2012 R2 Essentials Windows Server 2016 EssentialsWindows Server 2016 Essentials
Windows Storage Server 2012 標準Windows Storage Server 2012 Standard Windows Storage Server 2016 StandardWindows Storage Server 2016 Standard
Windows Storage Server 2012 群組Windows Storage Server 2012 Workgroup Windows Storage Server 2016 群組Windows Storage Server 2016 Workgroup
Windows Storage Server 2012 R2 標準Windows Storage Server 2012 R2 Standard Windows Storage Server 2016 StandardWindows Storage Server 2016 Standard
Windows Storage Server 2012 R2 群組Windows Storage Server 2012 R2 Workgroup Windows Storage Server 2016 群組Windows Storage Server 2016 Workgroup

如需支援的升級路徑,請查看支援的升級路徑For more information about supported upgrade paths, see Supported Upgrade Paths

Adprep,並且準備網域Adprep and Domainprep

如果您正在進行就地升級現有的網域控制站到 Windows Server 2016 的作業系統,您必須手動執行 adprep /forestprep adprep /domainprep。If you are doing an in-place upgrade of an existing domain controller to the Windows Server 2016 operating system, you will need to run adprep /forestprep and adprep /domainprep manually. Adprep /forestprep 需要森林中執行一次。Adprep /forestprep needs to be run only once in the forest. Adprep /domainprep 需要在每個網域中,您有您要升級到 Windows Server 2016 的網域控制站執行一次。Adprep /domainprep needs to be run once in each domain in which you have domain controllers that you are upgrading to Windows Server 2016.

如果您不需要手動執行這些新的 Windows Server 2016 伺服器升級。If you are promoting a new Windows Server 2016 server you do not need to run these manually. 這些整合 PowerShell 和伺服器管理員體驗。These are integrated into the PowerShell and Server Manager experiences.

如需有關執行 adprep 查看執行 AdprepFor more information on running adprep see Running Adprep

層級的功能和需求Functional level features and requirements

Windows Server 2016 需要 Windows Server 2003 森林功能層級。Windows Server 2016 requires a Windows Server 2003 forest functional level. 是的您可以加入現有的 Active Directory 樹系執行 Windows Server 2016 的網域控制站之前的樹系功能層級必須 Windows Server 2003 或更高版本。That is, before you can add a domain controller that runs Windows Server 2016 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. 如果樹系包含執行 Windows Server 2003 網域控制站或更新版本正常運作的樹系但層級仍是 Windows 2000,也會封鎖安裝。If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked.

Windows Server 2016 網域控制站新增到您的樹系前必須移除 Windows 2000 的網域控制站。Windows 2000 domain controllers must be removed prior to adding Windows Server 2016 domain controllers to your forest. 若是如此,請考慮將下列工作流程:In this case, consider the following workflow:

  1. 安裝網域控制站執行 Windows Server 2003 或更新版本。Install domain controllers that run Windows Server 2003 or later. 這些網域控制站可以在 Windows Server 的試用版部署。These domain controllers can be deployed on an evaluation version of Windows Server. 這個步驟也需要執行該作業系統版本 adprep.exe 成必要條件。This step also requires running adprep.exe for that operating system release as a prerequisite.
  2. Windows 2000 的網域控制站中移除。Remove the Windows 2000 domain controllers. 尤其是、 適當降級或強制移除 Windows Server 2000 網域控制站網域使用 Active Directory 使用者及移除所有已移除的網域控制站的網域控制站帳號電腦。Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.
  3. 提高或更高到 Windows Server 2003 森林功能等級。Raise the forest functional level to Windows Server 2003 or higher.
  4. 安裝網域控制站執行 Windows Server 2016。Install domain controllers that run Windows Server 2016.
  5. 移除網域控制站執行較舊的 Windows Server 版本。Remove domain controllers that run earlier versions of Windows Server.

正在復原功能層級Rolling back functional levels

設定為某個值的樹系功能層級 (FFL) 之後,您無法復原或降低森林功能等級,使用下列例外:After you set the forest functional level (FFL) to a certain value, you cannot roll back or lower the forest functional level, with the following exceptions:

  • 如果您從 Windows Server 2012 R2 FFL 進行升級,您可以回復到 Windows Server 2012 R2 降低它。If you are upgrading from Windows Server 2012 R2 FFL, you can lower it back to Windows Server 2012 R2.
  • 如果您從 Windows Server 2008 R2 FFL 進行升級,您可以回復到 Windows Server 2008 R2 降低它。If you are upgrading from Windows Server 2008 R2 FFL, you can lower it back to Windows Server 2008 R2.

網域功能層級設定為某個值之後,您無法復原或降低網域功能等級,使用下列例外:After you set the domain functional level to a certain value, you cannot roll back or lower the domain functional level, with the following exceptions:

  • Windows Server 2012 或 Windows Server 2012 R2 時您網域功能提高到 Windows Server 2016 如果的樹系功能層級是 Windows Server 2012 或較低,您可以備份循環網域功能等級的選項when you raise the domain functional level to Windows Server 2016 and if the forest functional level is Windows Server 2012 or lower, you have the option of rolling the domain functional level back to Windows Server 2012 or Windows Server 2012 R2

如需較低的功能層級的功能,請查看Active Directory Domain Services 了解 (AD DS) 功能的層級For more information about features that are available at lower functional levels, see Understanding Active Directory Domain Services (AD DS) Functional Levels.

Windows 作業系統其他伺服器角色與 AD DS 交互操作AD DS interoperability with other server roles and Windows operating systems

在下列 Windows 作業系統 AD DS 不支援:AD DS is not supported on the following Windows operating systems:

  • Windows 單多點 ServerWindows MultiPoint Server
  • Windows Server 2016 EssentialsWindows Server 2016 Essentials

AD DS 無法也會執行下列伺服器角色或角色服務的伺服器上安裝:AD DS cannot be installed on a server that also runs the following server roles or role services:

  • Microsoft HYPER-V Server 2016Microsoft Hyper-V Server 2016
  • 遠端桌面連接代理人Remote Desktop Connection Broker

管理 Windows Server 2016 伺服器Administration of Windows Server 2016 servers

使用遠端伺服器管理工具適用於 Windows 10 管理網域控制站與其他執行 Windows Server 2016 的伺服器。Use the Remote Server Administration Tools for Windows 10 to manage domain controllers and other servers that run Windows Server 2016. 您可以在執行 Windows 10 的電腦上執行 Windows Server 2016 遠端伺服器管理工具。You can run the Windows Server 2016 Remote Server Administration Tools on a computer that runs Windows 10.

升級到 Windows Server 2016 的逐步Step-by-Step for Upgrading to Windows Server 2016

以下是從 Windows Server 2012 R2 的 Contoso 樹系升級到 Windows Server 2016 的簡單範例。The following is a simple example of upgrading the Contoso forest from Windows Server 2012 R2 to Windows Server 2016.

升級

  1. 到您的樹系加入新的 Windows Server 2016。Join the new Windows Server 2016 to your forest. 出現提示時重新開機。Restart when prompted. 升級
  2. 登入新的 Windows Server 2016 核對系統管理員使用。Sign in to the new Windows Server 2016 with a domain admin account.
  3. 伺服器管理員新增角色與功能,安裝Active Directory Domain Services上新的 Windows Server 2016。In Server Manager, under Add Roles and Features, install Active Directory Domain Services on the new Windows Server 2016. 這會自動執行 adprep 2012 R2 的樹系網域上。This will automatically run adprep on the 2012 R2 forest and domain. 升級
  4. 伺服器管理員,按一下黃色三角形,,從下拉式清單中,按為網域控制站伺服器升級In Server Manager, click the yellow triangle, and from the drop-down click Promote the server to a domain controller. 升級
  5. 部署組態畫面上,選取現有的樹系加入網域控制站和 [下一步。On the Deployment Configuration screen, select Add a domain controller to an existing forest and click next. 升級
  6. 網域控制站選項畫面中,輸入Directory 服務還原模式 (DSRM)的密碼並按一下 [下一步。On the Domain Controller options screen, enter the Directory Services Restore Mode (DSRM) password and click next.
  7. 按一下螢幕上的其他部分的下一步For the remainder of the screens click Next.
  8. 必要條件檢查畫面中,按安裝On the Prerequisite Check screen, click install. 完成重新您之後可以重新登入。Once the restart has completed you can sign back in.
  9. 在 Windows Server 2012 R2 伺服器上,在伺服器管理員,選取 [工具] 底下, Active Directory 模組適用於 Windows PowerShellOn the Windows Server 2012 R2 server, in Server Manager, under tools, select Active Directory Module for Windows PowerShell. 升級
  10. PowerShell windows 中使用移動 ADDirectoryServerOperationMasterRole 移動故障。In the PowerShell windows use the Move-ADDirectoryServerOperationMasterRole to move the FSMO roles. 您可以輸入每個-OperationMasterRole 的名稱,或指定的角色使用數字。You can type the name of each -OperationMasterRole or use numbers to specify the roles. 數字。The numbers. 如需詳細資訊請查看移動-ADDirectoryServerOperationMasterRoleFor more information see Move-ADDirectoryServerOperationMasterRole
Move-ADDirectoryServerOperationMasterRole -Identity "DC-W2K16" -OperationMasterRole 0,1,2,3,4

升級

  1. 確認已角色移動,請移到 Windows Server 2016 伺服器,在伺服器管理員,在工具、 選取Active Directory 模組適用於 Windows PowerShellVerify the roles have been moved by going to the Windows Server 2016 server, in Server Manager, under tools, select Active Directory Module for Windows PowerShell. 使用Get-ADDomainGet-ADForestcmdlet 檢視 FSMO 角色位置。Use the Get-ADDomain and Get-ADForest cmdlets to view the FSMO role holders. <span data-ttu-id="bde10-230">升級升級Upgrade Upgrade</span></span>
  2. 降級與 Windows Server 2012 R2 網域控制站移除。Demote and remove the Windows Server 2012 R2 domain controller. 如降級 dc 資訊,請查看降級網域控制站和網域For information on demoting a dc, see Demoting Domain Controllers and Domains
  3. 一旦伺服器會降級並移除您可以提高的樹系的功能和 Windows Server 2016 網域正常運作的層級。Once the server is demoted and removed you can raise the forest functional and domain functional levels to Windows Server 2016.

後續步驟Next Steps