升級到 Windows Server 2012 R2 和 Windows Server 2012 的網域控制站Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主題提供 Active Directory Domain Services Windows Server 2012 R2 和 Windows Server 2012 中的背景資訊與解釋升級網域控制站的 Windows Server 2008 或 Windows Server 2008 R2 的程序。This topic provides background information about Active Directory Domain Services in Windows Server 2012 R2 and Windows Server 2012 and explains the process for upgrading domain controllers from Windows Server 2008 or Windows Server 2008 R2.

網域控制站升級步驟Domain controller upgrade steps

升級網域的建議的方式是升級執行較新版本的 Windows Server 並降級視較舊的網域控制站的網域控制站。The recommended way to upgrade a domain is to promote domain controllers that run newer versions of Windows Server and demote older domain controllers as needed. 升級現有的網域控制站的作業系統最好的方法。That method is preferable to upgrading the operating system of an existing domain controller. 這份清單涵蓋一般到您的網域控制站執行 Windows Server 有較新版本的升級之前,請依照下列步驟:This list covers general steps to follow before you promote a domain controller that runs a newer version of Windows Server:

  1. 確認目標伺服器符合系統需求Verify the target server meets system requirements.

  2. 確認的應用程式的相容性Verify Application compatibility.

  3. 檢查安全性設定。Verify security settings. 如需詳細資訊,請查看到 AD DS,Windows Server 2012 中相關的 Deprecated 功能和變更行為安全的 Windows Server 2008 和 Windows Server 2008 R2 的預設設定For more information, see Deprecated features and behavior changes related to AD DS in Windows Server 2012 and Secure default settings in Windows Server 2008 and Windows Server 2008 R2.

  4. 檢查您想要執行安裝電腦的目標伺服器連接。Check connectivity to the target server from the computer where you plan to run the installation.

  5. 檢查有可用的必要作業主機的角色:Check for availability of necessary operation master roles:

    • 若要安裝 Windows Server 2012 上執行的現有的網域和樹系的第一個 DC,執行安裝所在的電腦需要連接為了執行 adprep /forestprep 主機和為了執行 adprep /domainprep 基礎結構主機。To install the first DC that runs Windows Server 2012 in an existing domain and forest, the machine where you run the installation needs connectivity to the schema master in order to run adprep /forestprep and the infrastructure master in order to run adprep /domainprep.

    • 若要安裝的第一個 DC 樹系架構會已經延伸的網域中,您只需要連接基礎結構主機。To install the first DC in a domain where the forest schema is already extended, you only need connectivity to infrastructure master.

    • 若要安裝或在現有的樹系移除網域,您需要網域命名主機連接。To install or remove a domain in an existing forest, you need connectivity to the domain naming master.

    • 任何網域控制站安裝也需要連接 RID 主機。Any domain controller installation also requires connectivity to the RID master.

    • 如果您第一個唯讀網域控制站安裝現有的樹系,您會需要為每個應用程式 directory 磁碟分割,也就是非網域命名操作或 NDNC 基礎結構主機連接。If you are installing the first read-only domain controller in an existing forest, you need connectivity to the infrastructure master for each application directory partition, also known as a non-domain naming context or NDNC.

  6. 請務必提供執行 AD DS 安裝必要的認證。Be sure to supply the necessary credentials to run the AD DS installation.

    安裝動作Installation action 認證需求Credential requirements
    安裝新的樹系Install a new forest 本機目標伺服器上的系統管理員Local Administrator on the target server
    在現有的樹系安裝新的網域Install a new domain in an existing forest 企業系統管理員Enterprise Admins
    安裝其他俠現有網域中Install an additional DC in an existing domain 網域系統管理員 」Domain Admins
    執行 adprep /forestprepRun adprep /forestprep 架構系統管理員企業系統管理員,網域系統管理員Schema Admins, Enterprise Admins, and Domain Admins
    執行 adprep /domainprepRun adprep /domainprep 網域系統管理員 」Domain Admins
    執行 adprep /domainprep /gpprepRun adprep /domainprep /gpprep 網域系統管理員 」Domain Admins
    執行 adprep /rodcprepRun adprep /rodcprep 企業系統管理員Enterprise Admins

    您可以委派 AD DS 的權限。You can delegate permissions to install AD DS. 如需詳細資訊,請查看安裝管理工作For more information, see Installation Management Tasks.

在以下連結中可以找到宣傳新的與 Windows Server 2012 複本網域控制站使用 Windows PowerShell cmdlet 和伺服器管理員步驟來執行 「 步驟的指示執行:Steps-by-step instructions to promote new and replica Windows Server 2012 domain controllers using Windows PowerShell cmdlets and Server Manager can be found in the following links:

Windows Server 2012 中的新功能?What's new in Windows Server 2012?

伺服器角色所列出的新功能和技術區域的如下表所示。New features listed by server role and technology area are listed in the following table. 如需詳細白皮書、 視訊示範,以及簡報關於 Windows Server 2012 中的其他功能,請查看Server 和雲端平台For more whitepapers, video demonstrations, and presentations about other features in Windows Server 2012, see Server and Cloud Platform.

Active Directory 憑證 Services (AD CS)Active Directory Certificate Services (AD CS) Active Directory 權限 Management Services (AD RMS)Active Directory Rights Management Services (AD RMS) BitLocker 磁碟機加密BitLocker Drive Encryption
BranchCacheBranchCache 動態主機設定通訊協定 」 (DHCP)Dynamic Host Configuration protocol (DHCP) 網域名稱系統」(DNS)Domain Name System (DNS)
容錯Failover Clustering 檔案伺服器資源管理員File Server Resource Manager 群組原則Group Policy
Hyper-vHyper-V (IPAM) 的 IP 位址管理IP Address Management (IPAM) F:kerberos 驗證Kerberos Authentication
管理帳號服務Managed Service Accounts 網路功能Networking 遠端桌面服務Remote Desktop Services
安全性稽核Security Auditing 伺服器管理員Server Manager 智慧卡Smart Cards
TLS SSL (Schannel SSP)TLS/SSL (Schannel SSP) Windows 部署服務Windows Deployment Services Windows PowerShell 3.0Windows PowerShell 3.0

自動維護和變更 Windows Update 來套用更新之後,請重新開機行為Automatic Maintenance and changes to restart behavior after updates are applied by Windows Update

之前版本的 Windows 8,Windows Update 來管理它自己內部排程來檢查有更新,以及下載及安裝它們。Prior to the release of Windows 8, Windows Update managed its own internal schedule to check for updates, and to download and install them. 它所需的 Windows 更新代理程式正在永遠執行在背景中耗用記憶體和其他的系統資源。It required that the Windows Update Agent was always running in the background, consuming memory and other system resources.

Windows 8 和 Windows Server 2012 引進新功能,稱為自動維護Windows 8 and Windows Server 2012 introduce a new feature called Automatic Maintenance. 每可用來管理它自己排程並執行邏輯自動維護將彙總許多不同的功能。Automatic Maintenance consolidates many different features that each used to manage its own scheduling and execution logic. 這個彙總允許所有元件使用少系統資源、 一致運作,請尊重新的連接待命狀態的新裝置類型,並使用較少可移植裝置上的電池。This consolidation allows for all these components to use far less system resources, work consistently, respect the new Connected Standby state for new device types, and consume less battery on portable devices.

Windows Update 會自動維護 Windows 8 和 Windows Server 2012 中的一部分,因為已不再生效內部排程它自己設定的日期和時間,若要安裝的更新。Because Windows Update is a part of Automatic Maintenance in Windows 8 and Windows Server 2012, its own internal schedule for setting a day and time to install updates is no longer effective. 若要協助確保一致性與可預測重新企業的所有裝置與電腦的行為,包括以及執行 Windows 8 和 Windows Server 2012,請查看 Microsoft 知識庫文章2885694 (看到累積 2013 年 10 月的彙總或2883201),然後原則設定 WSUS 部落格文章中所述讓更多可預測的 Windows Update 體驗適用於 Windows 8 和 Windows Server 2012 (KB 2885694)To help ensure consistent and predictable restart behavior for all devices and computers in your enterprise, including those that run Windows 8 and Windows Server 2012, see Microsoft KB article 2885694 (or see October 2013 cumulative rollup 2883201), then configure policy settings described in the WSUS blog post Enabling a more predictable Windows Update experience for Windows 8 and Windows Server 2012 (KB 2885694).

在 Windows Server 2012 R2 AD DS 中的新功能?What's new in AD DS in Windows Server 2012 R2?

下表摘要的更多詳細資訊,都能連結 AD DS,在 Windows Server 2012 R2 的新功能。The following table summarizes new features for AD DS in Windows Server 2012 R2, with a link to more detailed information where it is available. 更多需某些功能,包括其需求,請查看在 Windows Server 2012 R2 的 Active Directory 中的新功能For a more detailed explanation of some features, including their requirements, see What's New in Active Directory in Windows Server 2012 R2.

功能Feature 描述Description
加入的工作地點Workplace Join 可讓資訊背景工作加入存取公司資源和服務的公司使用個人裝置。Allows information workers to join their personal devices with their company to access company resources and services.
Web 應用程式 ProxyWeb Application Proxy 提供 web 應用程式使用新的遠端存取的角色服務的存取。Provides access to web application using a new Remote Access role service.
Active Directory 同盟服務Active Directory Federation Services AD FS 已經簡化的部署與改良功能,讓使用者可以存取資源的個人裝置,並協助管理存取控制 IT 部門。AD FS has simplified deployment and improvements to enable users to access resources from personal devices and help IT departments manage access control.
SPN 和 UPN 唯一性SPN and UPN uniqueness 執行 Windows Server 2012 R2 網域控制站封鎖建立主體名稱 (Spn) 重複服務及使用者主體名稱 (Upn)。Domain Controllers running Windows Server 2012 R2 block the creation of duplicate service principal names (SPNs) and user principal names (UPNs).
Winlogon 自動重新登入 (ARSO)Winlogon Automatic Restart Sign-On (ARSO) 可讓鎖定畫面應用程式會重新啟動和 Windows 8.1 裝置上提供。Enables lock screen applications to be restarted and available on Windows 8.1 devices.
TPM 金鑰證明TPM Key Attestation 可讓 Ca 密碼編譯證明在發行憑證的申請者私密金鑰確實由信賴平台模組 」 (TPM) 受保護的憑證。Enables CAs to cryptographically attest in an issued certificate that the certificate requester private key is actually protected by a Trusted Platform Module (TPM).
認證保護與管理Credentials Protection and Management 新 credential 保護和網域驗證控制項,以減少認證竊取。New credential protection and domain authentication controls to reduce credential theft.
取代了檔案複寫服務 (FRS)Deprecation of File Replication Service (FRS) Windows Server 2003 網域功能層級也會取代 FRS 使用複寫 SYSVOL 層級正常運作,因為。The Windows Server 2003 domain functional level is also deprecated because at the functional level, FRS is used to replicate SYSVOL. 表示您在執行 Windows Server 2012 R2 的伺服器上建立新的網域時,網域功能等級必須 Windows Server 2008,或較新版本。That means when you create a new domain on a server that runs Windows Server 2012 R2, the domain functional level must be Windows Server 2008 or newer. 您仍然可以加入現有的 Windows Server 2003 網域功能等級; 網域執行 Windows Server 2012 R2 網域控制站您只是無法建立新的網域該層級。You can still add a domain controller that runs Windows Server 2012 R2 to an existing domain that has a Windows Server 2003 domain functional level; you just can't create a new domain at that level.
新的網域及森林功能等級New domain and forest functional levels 有新功能的層級的 Windows Server 2012 R2。There are new functional levels for Windows Server 2012 R2. 新的功能都可在 Windows Server 2012 R2 DFL。New features are available at Windows Server 2012 R2 DFL.
LDAP 查詢最佳化的變更LDAP query optimizer changes LDAP 搜尋效率和 LDAP 搜尋查詢複雜時間效能改進。Performance improvement in LDAP search efficiency and LDAP search time of complex queries.
1644 事件改良功能1644 Event improvements 事件,協助您疑難排解 ID 1644 已加入 LDAP 搜尋結果統計資料。LDAP search result statistics were added to event ID 1644 to aid in troubleshooting.
Active Directory 複寫輸送量改進Active Directory replication throughput improvement 調整至約 600 Mbps 40Mbps 從最大 AD 複寫輸送量Adjusts the maximum AD Replication throughput from 40Mbps to around 600 Mbps

Windows Server 2012 中 AD DS 中的新功能?What's new in AD DS in Windows Server 2012?

下表摘要的更多詳細資訊,都能連結 AD ds,在 Windows Server 2012 中的新功能。The following table summarizes the new features for AD DS in Windows Server 2012, with a link to more detailed information where it is available. 更多需某些功能,包括其需求,請查看在 Active Directory Domain Services (AD DS) 中的新功能For a more detailed explanation of some features, including their requirements, see What's New in Active Directory Domain Services (AD DS).

功能Feature 描述Description
Active Directory 型啟動 (廣告 BA) 查看磁碟區啟動概觀Active Directory-Based Activation (AD BA) see Volume Activation Overview 簡化的設定散發和管理磁碟區軟體授權的工作。Simplifies the task of configuring the distribution and management of volume software licenses.
Active Directory 同盟服務 (AD FS)Active Directory Federation Services (AD FS) 新增角色安裝透過伺服器管理員中,簡化信任-設定、 自動信任的管理、 SAML-通訊協定支援,及更多。Adds role install via Server Manager, simplified trust-setup, automatic trust management, SAML-protocol support, and more.
Active Directory 遺失的頁面清除事件Active Directory lost page flush events 使用 jet 錯誤-1119 NTDS ISAM 事件 530 是偵測到 Active Directory 資料庫遺失的頁面清除事件登入。NTDS ISAM event 530 with jet error -1119 is logged to detect lost page flush events to Active Directory databases.
Active Directory 資源回收筒使用者介面Active Directory Recycle Bin User Interface Active Directory 管理中心 (ADAC) 新增資源回收筒] 功能在 Windows Server 2008 R2 原始導入了 GUI 管理。Active Directory Administrative Center (ADAC) adds GUI management of recycle bin feature originally introduced in Windows Server 2008 R2.
Active Directory 複寫和拓撲 Windows PowerShell cmdletActive Directory Replication and Topology Windows PowerShell cmdlets 支援的建立及管理 Active Directory 網站網站連結、 連接物件,以及更多使用 Windows PowerShell。Supports the creation and management of Active Directory sites, site-links, connection objects, and more using Windows PowerShell.
動態存取控制Dynamic Access Control 新宣告為基礎的授權平台美化舊版存取控制模型。New claims-based authorization platform that enhances the legacy access control model.
微調密碼原則使用者介面Fine-Grained Password Policy User Interface ADAC 新增 GUI 建立、 編輯及指派 Pso 原始加入 Windows Server 2008 的支援。ADAC adds GUI support for the creating, editing and assignment of PSOs originally added in Windows Server 2008.
群組管理服務帳號 (gMSA)Group Managed Service Accounts (gMSA) 安全性主體新型稱為 gMSA。A new security principal type known as a gMSA. 在多部主機上執行之服務可以在同一個 gMSA account 執行。Services running on multiple hosts can run under the same gMSA account.
DirectAccess 離線網域加入DirectAccess Offline Domain Join 延伸離線加入網域,包括 DirectAccess 必要條件。Extends offline domain-join by including DirectAccess prerequisites.
快速部署透過 virtual 網域控制站 DC 複製Rapid deployment via virtual domain controller (DC) cloning 可以複製使用 Windows PowerShell cmdlet 現有 virtual 網域控制站快速部署模擬的 Dc。Virtualized DCs can be rapidly deployed by cloning existing virtual domain controllers using Windows PowerShell cmdlets.
移除集區的變更RID pool changes 新增監視新的事件和配額以對抗過消耗全球 RID 集區。Adds new monitoring events and quotas to safeguard against excessive consumption of the global RID pool. 選擇增加一倍全球 RID 集區大小如果在用完原始集區。Optionally doubles the size of the global RID pool if the original pool becomes exhausted.
安全時間服務Secure Time service 美化 W32tm 的安全性,藉由移除可從網路、 移除 MD5 hash 功能需要驗證與 Windows 8 的時間用戶端伺服器Enhances security for W32tm by removing secrets from the wire, removing the MD5 hash functions and requiring the server to authenticate with Windows 8 time clients
USN 回復模擬網域控制站的保護USN rollback protection for virtualized DCs 不小心將模擬網域控制站快照備份還原不會再造成 USN 復原。Accidentally restoring snapshot backups of virtualized DCs no longer causes USN rollback.
Windows PowerShell 歷史檢視器Windows PowerShell History Viewer 讓系統管理員,若要檢視使用 ADAC 執行的 Windows PowerShell 命令。Allow administrators to view the Windows PowerShell commands executed when using ADAC.

自動維護和變更 Windows Update 來套用更新之後,請重新開機行為Automatic Maintenance and changes to restart behavior after updates are applied by Windows Update

之前版本的 Windows 8,Windows Update 來管理它自己內部排程來檢查有更新,以及下載及安裝它們。Prior to the release of Windows 8, Windows Update managed its own internal schedule to check for updates, and to download and install them. 它所需的 Windows 更新代理程式正在永遠執行在背景中耗用記憶體和其他的系統資源。It required that the Windows Update Agent was always running in the background, consuming memory and other system resources.

Windows 8 和 Windows Server 2012 引進新功能,稱為自動維護Windows 8 and Windows Server 2012 introduce a new feature called Automatic Maintenance. 每可用來管理它自己排程並執行邏輯自動維護將彙總許多不同的功能。Automatic Maintenance consolidates many different features that each used to manage its own scheduling and execution logic. 這個彙總允許所有元件使用少系統資源、 一致運作,請尊重新的連接待命狀態的新裝置類型,並使用較少可移植裝置上的電池。This consolidation allows for all these components to use far less system resources, work consistently, respect the new Connected Standby state for new device types, and consume less battery on portable devices.

Windows Update 會自動維護 Windows 8 和 Windows Server 2012 中的一部分,因為已不再生效內部排程它自己設定的日期和時間,若要安裝的更新。Because Windows Update is a part of Automatic Maintenance in Windows 8 and Windows Server 2012, its own internal schedule for setting a day and time to install updates is no longer effective. 若要可協助確保您的企業,以及執行 Windows 8 和 Windows Server 2012,包括中的所有的裝置和電腦的一致性與可預測重新開機行為,您可以設定群組原則設定下列:To help ensure consistent and predictable restart behavior for all devices and computers in your enterprise, including those that run Windows 8 and Windows Server 2012, you can configure the following Group Policy settings:

  • 電腦設定 |原則 |系統管理範本 |Windows 元件 |Windows Update |設定自動更新Computer Configuration|Policies|Administrative Templates|Windows Components|Windows Update|Configure Automatic Updates

  • 電腦設定 |原則 |系統管理範本 |Windows 元件 |Windows Update |不自動重新登入的使用者使用Computer Configuration|Policies|Administrative Templates|Windows Components|Windows Update|No auto-restart with logged on users

  • 電腦設定 |原則 |系統管理範本 |Windows 元件 |維護排程器 |維護隨機延遲Computer Configuration|Policies|Administrative Templates|Windows Components|Maintenance Scheduler|Maintenance Random Delay

下表列出如何進行這些設定,以提供您想要重新開機問題的一些事情。The following table lists some examples of how to configure these settings to provide desired restart behavior.

案例Scenario 建議的組態Recommended configuration(s)
WSUS 管理WSUS managed

-星期每一次更新安裝- Install updates once per week
-下午 11 開機星期五- Reboot Fridays at 11PM
自動安裝、 防止自動重新開機至您想要的時間來設定電腦Set machines to auto-install, prevent auto-reboot until desired time

原則: 設定自動更新] (功能)Policy: Configure Automatic Updates (Enabled)

設定自動更新: 4-自動下載和排程安裝Configure automatic updating: 4 - Auto download and schedule the install

原則: 不自動重新登入的使用者 (停用)Policy: No auto-restart with logged-on users (Disabled)

WSUS 期限: 下午 11 星期五設定WSUS deadlines: set to Fridays at 11PM
WSUS 管理WSUS managed

-偏位安裝跨不同的時間日期- Stagger installs across different hours/days
設定不同群組的電腦應一起更新的目標群組Set target groups for different groups of machines that should be updated together

使用上述步驟之前案例Use above steps for previous scenario

設定不同的期限不同的目標群組Set different deadlines for different target groups
不 WSUS 管理-不支援期限Not WSUS-managed - no support for deadlines

-偏位安裝在不同時間- Stagger installs at different times
原則: 設定自動更新] (功能)Policy: Configure Automatic Updates (Enabled)

設定自動更新: 4-自動下載和排程安裝Configure automatic updating: 4 - Auto download and schedule the install

登錄鍵:讓 Microsoft 知識庫文章討論登錄2835627Registry key: Enable the registry key discussed in Microsoft KB article 2835627

原則:自動維護隨機延遲 (功能)Policy: Automatic Maintenance Random Delay (Enabled)

設定定期維護隨機延遲來提供下列行為 6 個小時的隨機延遲 PT6H:Set Regular maintenance random delay to PT6H for 6-hour random delay to provide the following behavior:

的設定的維護時間加上隨機延遲會安裝更新- Updates will install at the configured maintenance time plus a random delay

-重新開機的每一部電腦不會發生完全 3 天之後- Restart for each machine will take place exactly 3 days later

或者,設定為每一組電腦不同維護時間Alternatively, set a different maintenance time for each group of machines

如需有關原因 Windows 工程小組實作這些變更,查看在 Windows Update 自動更新後的重新開機最小化For more information about why the Windows engineering team implemented these changes, see Minimizing restarts after automatic updating in Windows Update.

AD DS 伺服器角色安裝變更AD DS server role installation changes

在 Windows Server 2008 R2 到 Windows Server 2003,在 x86 或 X64 版本的之前,請先執行 Active Directory 安裝精靈、 Dcpromo.exe,以及 Dcpromo.exe Adprep.exe 命令列工具必須自動安裝或從媒體安裝選用的變化。In Windows Server 2003 through Windows Server 2008 R2, you ran the x86 or X64 version of the Adprep.exe command-line tool before running the Active Directory Installation Wizard, Dcpromo.exe, and Dcpromo.exe had optional variants to install from media or for unattended installation.

從 Windows Server 2012,命令列安裝是使用 Windows PowerShell 模組 ADDSDeployment 來執行。Beginning in Windows Server 2012, command-line installations are performed by using the ADDSDeployment Module in Windows PowerShell. Gui 促銷,在伺服器管理員中使用全新 AD DS 設定精靈會執行。GUI-based promotions are performed in Server Manager using a completely new AD DS Configuration Wizard. 若要簡化的安裝程序,ADPREP 已經整合到 AD DS 安裝,並且會視自動執行。To simplify the installation process, ADPREP has been integrated into the AD DS installation and runs automatically as needed. Windows PowerShell 型 AD DS 設定精靈會自動目標 Dc 位置新增,然後遠端相關網域控制站執行所需的 ADPREP 命令網域中的架構與基礎結構主要角色。The Windows PowerShell-based AD DS Configuration Wizard automatically targets the schema and infrastructure master roles in the domains where DCs are being added, then remotely runs the required ADPREP commands on the relevant domain controllers.

開始安裝之前,必要條件檢查 AD DS 安裝精靈中的找出潛在的錯誤。Prerequisite checks in the AD DS Installation Wizard identify potential errors before the installation begins. 若要排除關注事項的部分完成升級可以修正錯誤條件。Error conditions can be corrected to eliminate concerns from a partially complete upgrade. 精靈會也匯出包含所有選項圖形安裝期間所指定的 Windows PowerShell 指令碼。The wizard also exports a Windows PowerShell script that contains all the options that were specified during the graphical installation.

數位簽章 AD DS 安裝變更簡化俠角色安裝程序,並減少管理錯誤的機率,尤其是當您要部署多網域控制站在全球地區和網域。Taken together, the AD DS installation changes simplify the DC role installation process and reduce the likelihood of administrative errors, especially when you are deploying multiple domain controllers across global regions and domains.
如需詳細資訊 GUI 及 Windows PowerShell 型安裝,包括命令列語法與逐步精靈中的指示,請查看安裝 Active Directory Domain ServicesMore detailed information on GUI and Windows PowerShell-based installations, including command line syntax and step-by-step wizard instructions, see Install Active Directory Domain Services. 對於想要控制引入架構變更獨立安裝 Windows Server 2012 網域控制站在現有的樹系的 Active Directory 森林中的系統管理員,Adprep.exe 命令仍然可以執行在已提升權限的命令提示字元。For administrators that want to control the introduction of schema changes in an Active Directory forest independent of the installation of Windows Server 2012 DCs in an existing forest, Adprep.exe commands can still be run at an elevated command prompt.

有一些到 AD DS 有關的變更:There are some changes related to AD DS:

  • 取代 Adprep32.exe 了Deprecation of Adprep32.exe

    只有一個 Adprep.exe 版本,並可以視需要執行 Windows Server 2008 64 位元的伺服器上執行或更新版本。There is only one version of Adprep.exe and it can be run as needed on 64-bit servers that run Windows Server 2008 or later. 它可以在遠端電腦上,執行,而且如果的目標的作業裝載主角或 Windows Server 2003 32 位元作業系統上必須遠端執行。It can be run remotely, and must be run remotely if that targeted operations master role is hosted on a 32-bit operating system or Windows Server 2003.

  • 取代 Dcpromo.exe 了Deprecation of Dcpromo.exe

    Windows Server 2012 中它只,仍然可以執行回應檔案或命令列參數,讓組織時間轉換到新的 Windows PowerShell 安裝選項現有自動化雖然已被取代帶領。Dcpromo is deprecated although in Windows Server 2012 only it can still be run with an answer file or command line parameters to give organizations time to transition existing automation to the new Windows PowerShell installation options.

  • LMHash 帳號已停用LMHash is disabled on user accounts

    在 Windows Server 2008、 Windows Server 2008 R2 和 Windows Server 2012 上的範本可讓 NoLMHash 原則已停用安全性範本 Windows 2000 和 Windows Server 2003 網域控制站中的安全性安全的預設值。Secure defaults in Security templates on Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 enable the NoLMHash policy which is disabled in the security templates of Windows 2000 and Windows Server 2003 domain controllers. 使用 KB 文件中的步驟必要時,LMHash 相關戶端 NoLMHash 原則停用946405Disable the NoLMHash policy for LMHash-dependent clients as required, using the steps in KB article 946405.

開始使用 Windows Server 2008、 網域控制站也有下列安全預設設定,相較於執行 Windows Server 2003 或 Windows 2000 的網域控制站。Beginning with Windows Server 2008 , domain controllers also have the following secure default settings, compared to domain controllers that run Windows Server 2003 or Windows 2000.

加密類型或原則Encryption type or policy Windows Server 2008 預設Windows Server 2008 default Windows Server 2012 和 Windows Server 2008 R2 預設Windows Server 2012 and Windows Server 2008 R2 default 意見Comment
AllowNT4CryptoAllowNT4Crypto 停用Disabled 停用Disabled 第三方伺服器訊息區 (SMB) 戶端可能會不相容的網域控制站在安全的預設設定。Third-party Server Message Block (SMB) clients may be incompatible with the secure default settings on domain controllers. 在所有案例中,這些設定可以允許交互操作,但僅限執行安全性於輕鬆置於。In all cases, these settings can be relaxed to allow interoperability, but only at the expense of security. 如需詳細資訊,請查看文章 942564中 「 Microsoft 知識庫 (http://go.microsoft.com/fwlink/?LinkId=164558)。For more information, see article 942564 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=164558).
DESDES 支援Enabled 停用Disabled 文章 977321在 「 Microsoft 知識庫 (http://go.microsoft.com/fwlink/?LinkId=177717)Article 977321 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=177717)
延伸 CBT 日保護的整合式驗證CBT/Extended Protection for Integrated Authentication 不適用N/A 支援Enabled 查看Microsoft 安全性建議 (937811) (http://go.microsoft.com/fwlink/?LinkId=164559) 及文章 976918中 「 Microsoft 知識庫 (http://go.microsoft.com/fwlink/?LinkId=178251)。See Microsoft Security Advisory (937811) (http://go.microsoft.com/fwlink/?LinkId=164559) and article 976918 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=178251).

檢視並安裝中的文章 977073 (http://go.microsoft.com/fwlink/?LinkId=186394) 中所需 Microsoft 知識庫。Review and install the hotfix in article 977073 (http://go.microsoft.com/fwlink/?LinkId=186394) in the Microsoft Knowledge Base as required.
LMv2LMv2 支援Enabled 停用Disabled 文章 976918在 「 Microsoft 知識庫 (http://go.microsoft.com/fwlink/?LinkId=178251)Article 976918 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=178251)

系統需求Operating system requirements

下表列出的 Windows Server 2012 的最低系統需求。The minimum system requirements for Windows Server 2012 are listed in the following table. 系統需求的相關詳細資訊和預先安裝的資訊,請查看安裝 Windows Server 2012For more information about system requirements and pre-installation information, see Installing Windows Server 2012. 有安裝新的 Active Directory 樹系不額外的系統需求,但您應該會新增以改善效能網域控制站、 LDAP client 要求和 Active Directory 功能的應用程式的快取的 Active Directory 資料庫到記憶體不足。There are no additional system requirements to install a new Active Directory forest, but you should add sufficient memory to cache the contents of Active Directory database in order to improve performance for domain controllers, LDAP client requests, and Active Directory-enabled applications. 如果您升級現有的網域控制站或新增新的網域控制站現有的樹系,檢視下一節,以確保伺服器符合磁碟空間需求。If you are upgrading an existing domain controller or adding a new domain controller to an existing forest, review the next section to ensure the server meets disk space requirements.

處理器Processor 1.4 Ghz 64 位元處理器1.4 Ghz 64-bit processor
RAMRAM 512 MB512 MB
可用磁碟空間需求Free disk space requirements 32 GB32 GB
螢幕解析度Screen resolution 800 x 600 或更高版本800 x 600 or higher
其他Miscellaneous DVD 光碟機、 鍵盤、 網際網路存取權DVD drive, keyboard, Internet access

升級網域控制站的磁碟空間需求Disk space requirements for upgrading domain controllers

本章節涵蓋僅適用於升級網域控制站的 Windows Server 2008 或 Windows Server 2008 R2 的磁碟空間需求。This section covers disk space requirements only for upgrading domain controllers from Windows Server 2008 or Windows Server 2008 R2 . 如升級到較舊版本的 Windows Server 的網域控制站的磁碟空間需求的相關詳細資訊,請查看磁碟空間需求升級到 Windows Server 2008 的磁碟空間需求升級到 Windows Server 2008 R2 的For more information about disk space requirements for upgrading domain controllers to earlier versions of Windows Server, see Disk space requirements for upgrading to Windows Server 2008 or Disk space requirements for upgrading to Windows Server 2008 R2.

調整大小裝載 Active Directory 資料庫並登入檔案,以配合自訂和導向的應用程式架構延伸、 應用程式和系統管理員車載機起始索引加物件的屬性,您會新增至 directory 部署的使用時間的網域控制站 (通常是到 8 5 年) 上的空間的磁碟。Size the disk that hosts the Active Directory database and log files in order to accommodate the custom and application-driven schema extensions, application and administrator-initiated indexes, plus space for the objects and attributes that you will be added to the directory over deployment life of the domain controller (typically 5 to 8 years). 立即縮放部署的時間,通常是很好的投資相較於部署後展開存放磁碟區所需的更多觸控成本。Right sizing at deployment time is typically a good investment compared to greater touch costs required to expand disk storage after deployment. 如需詳細資訊,請查看的 Active Directory Domain Services 容量計劃For more information, see Capacity Planning for Active Directory Domain Services.

在 [網域控制站想要升級,請確定主控 Active Directory 的磁碟機資料庫 (NTDS。DIT) 具有代表至少 20%NTDS 的可用磁碟空間。在您開始作業系統升級之前的 DIT 檔案。On domain controllers that you plan to upgrade, make sure that the drive that hosts the Active Directory database (NTDS.DIT) has free disk space that represents at least 20% of the NTDS.DIT file before you begin the operating system upgrade. 如果磁碟區的磁碟空間不足,升級將會失敗並升級的相容性報告傳回錯誤,指出可用磁碟空間不足:If there is insufficient free disk space on the volume, the upgrade can fail and the upgrade compatibility report returns an error indicating insufficient free disk space:

若是如此,您可以嘗試重新擷取額外的空間的 Active Directory 資料庫離線磁碟重組並再試一次升級。In this case, you can try an offline defragmentation of the Active Directory database to recapture additional space, and then retry the upgrade. 如需詳細資訊,請查看以壓縮 Directory 資料庫檔案 (Offline 重組)For more information, see Compact the Directory Database File (Offline Defragmentation).

使用 SkuAvailable SKUs

有 4 版本的 Windows Server: 基本知識、 Essentials、 Standard 和 Datacenter。There are 4 editions of Windows Server: Foundation, Essentials, Standard and Datacenter.
支援 AD DS 角色兩個版本的 Standard 和 Datacenter。The two editions that support the AD DS role are Standard and Datacenter.

先前的版本,在 Windows Server 版本得到在他們的伺服器角色、 處理器計數與大量記憶體支援的支援。In previous releases, Windows Server editions differed in their support of server roles, processor counts and large memory support. Standard 和 Datacenter 版本的 Windows Server 支援所有的功能和硬體基礎,但在他們的模擬權利-而有所不同標準版允許兩個 virtual 執行個體,Datacenter edition 允許無限制 virtual 執行個體。The Standard and Datacenter editions of Windows Server support all features and underlying hardware but vary in their virtualization rights - two virtual instances are allowed for Standard edition and unlimited virtual instances are allowed for Datacenter edition.

Windows client 與 Windows Server 支援加入網域 Windows 伺服器作業系統Windows client and Windows Server operating systems that are supported to join Windows Server domains

下列 Windows client 與 Windows Server 作業系統為支援執行 Windows Server 2012 」 的網域控制站的網域成員電腦或更新版本:The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012 or later:

  • Client 作業系統: Windows 8.1、 Windows 8、 Windows 7、 Windows VistaClient operating systems: Windows 8.1, Windows 8, Windows 7, Windows Vista

    執行 Windows 8.1 或 Windows 8 的電腦都也能加入網域的網域控制站該執行的舊版 Windows Server、 Windows Server 2003 包括或更新版本。Computers that run Windows 8.1 or Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. 在這種情形下不過,某些 Windows 8 功能可能需要額外的設定或可能無法使用。In this case however, some Windows 8 features may require additional configuration or may not be available. 如需有關這些功能來管理 Windows 8 戶端舊版網域中的其他建議,請查看在 Windows Server 2003 網域中的執行 Windows 8 成員電腦For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see Running Windows 8 member computers in Windows Server 2003 domains.

  • 伺服器作業系統: Windows Server 2012 R2、 Windows Server 2012、 Windows Server 2008 R2、 Windows Server 2008、 Windows Server 2003 R2、 Windows Server 2003Server operating systems: Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003

支援的就地升級路徑Supported in-place upgrade paths

執行 64 位元版本的 Windows Server 2008 或 Windows Server 2008 R2 網域控制站可以升級到 Windows Server 2012。Domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 can be upgraded to Windows Server 2012 . 您無法升級執行 Windows Server 2003 或 Windows Server 2008 32 位元版本的網域控制站。You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. 若要將它們安裝執行網域中的較新版的 Windows Server 網域控制站並移除網域控制站的 Windows Server 2003。To replace them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.

如果您正在執行這些版本If you are running these editions 您可以這些版本升級You can upgrade to these editions
SP2 與 Windows Server 2008 StandardWindows Server 2008 Standard with SP2

OR

SP2 與 Windows Server 2008 EnterpriseWindows Server 2008 Enterprise with SP2
Windows Server 2012 標準Windows Server 2012 Standard

OR

Windows Server 2012 資料中心Windows Server 2012 Datacenter
SP2 與 Windows Server 2008 DatacenterWindows Server 2008 Datacenter with SP2 Windows Server 2012 資料中心Windows Server 2012 Datacenter
Windows Server 2008 的 WebWindows Web Server 2008 Windows Server 2012 標準Windows Server 2012 Standard
Windows Server 2008 R2 標準 sp1Windows Server 2008 R2 Standard with SP1

OR

Windows Server 2008 R2 企業 sp1Windows Server 2008 R2 Enterprise with SP1
Windows Server 2012 標準Windows Server 2012 Standard

OR

Windows Server 2012 資料中心Windows Server 2012 Datacenter
Windows Server 2008 R2 Datacenter sp1Windows Server 2008 R2 Datacenter with SP1 Windows Server 2012 資料中心Windows Server 2012 Datacenter
Windows Server 2008 R2 的 WebWindows Web Server 2008 R2 Windows Server 2012 標準Windows Server 2012 Standard

如需支援的升級路徑,請查看評估版本和升級選項適用於 Windows Server 2012For more information about supported upgrade paths, see Evaluation Versions and Upgrade Options for Windows Server 2012. 請注意,您無法將轉換網域控制站所執行的 Windows Server 2012 評估版直接到零售版。Note that you cannot convert a domain controller that runs an evaluation version of Windows Server 2012 directly to a retail version. 而執行零售版的伺服器上安裝其他網域控制站 AD DS 移除網域控制站的試用版上執行。Instead, install an additional domain controller on a server that runs a retail version and remove AD DS from the domain controller that runs on the evaluation version.

已知問題,因為您無法升級至 Server Core 安裝的 Windows Server 2012 執行了 Server Core 所安裝的 Windows Server 2008 R2 網域控制站。Due to a known issue, you cannot upgrade a domain controller that runs a Server Core installation of Windows Server 2008 R2 to a Server Core installation of Windows Server 2012 . 升級將會在升級程序實心黑色畫面上停止回應。The upgrade will hang on a solid black screen late in the upgrade process. 這類 Dc 重新開機一次公開回復到先前的作業系統版本 boot.ini 檔案的選項。Rebooting such DCs exposes an option in boot.ini file to roll back to the previous operating system version. 其他重新開機觸發自動回復到舊版的作業系統。An additional reboot triggers the automatic rollback to the previous operating system version. 之前方案,建議您安裝新的網域控制站執行而不是就地升級執行 Windows Server 2008 R2 的 Server Core 安裝現有網域控制站的 Windows Server 2012 Server Core 安裝。Until a solution is available, it is recommended that you install a new domain controller running a Server Core installation of Windows Server 2012 instead of in-place upgrading an existing domain controller that runs a Server Core installation of Windows Server 2008 R2. 如需詳細資訊,查看知識庫文章2734222For more information, see KB article 2734222.

層級的功能和需求Functional level features and requirements

Windows Server 2012 需要 Windows Server 2003 森林功能層級。Windows Server 2012 requires a Windows Server 2003 forest functional level. 是的您可以加入現有的 Active Directory 樹系執行 Windows Server 2012 」 的網域控制站之前的樹系功能層級必須 Windows Server 2003 或更高版本。That is, before you can add a domain controller that runs Windows Server 2012 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. 這表示執行 Windows Server 2008 R2、 Windows Server 2008 或 Windows Server 2003 的網域控制站相同的樹系,可以運作,但不是執行 Windows 2000 Server 的網域控制站支援且將會封鎖安裝執行 Windows Server 2012 」 的網域控制站。This means that domain controllers that run Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 can operate in the same forest, but domain controllers that run Windows 2000 Server are not supported and will block installation of a domain controller that runs Windows Server 2012. 如果樹系包含執行 Windows Server 2003 網域控制站或更新版本正常運作的樹系但層級仍是 Windows 2000,也會封鎖安裝。If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked.

Windows Server 2012 網域控制站新增到您的樹系前必須移除 Windows 2000 的網域控制站。Windows 2000 domain controllers must be removed prior to adding Windows Server 2012 domain controllers to your forest. 若是如此,請考慮將下列工作流程:In this case, consider the following workflow:

  1. 安裝網域控制站執行 Windows Server 2003 或更新版本。Install domain controllers that run Windows Server 2003 or later. 這些網域控制站可以在 Windows Server 的試用版部署。These domain controllers can be deployed on an evaluation version of Windows Server. 這個步驟也需要執行 adprep.exe針對該作業系統版本成必要條件。This step also requires running adprep.exe for that operating system release as a prerequisite.

  2. Windows 2000 的網域控制站中移除。Remove the Windows 2000 domain controllers. 尤其是、 適當降級或強制移除 Windows Server 2000 網域控制站網域使用 Active Directory 使用者及移除所有已移除的網域控制站的網域控制站帳號電腦。Specifically, gracefully demote or forcibly remove Windows Server 2000 domain controllers from the domain and used Active Directory Users and Computers to remove the domain controller accounts for all removed domain controllers.

  3. 提高或更高到 Windows Server 2003 森林功能等級。Raise the forest functional level to Windows Server 2003 or higher.

  4. 安裝執行 Windows Server 2012 」 的網域控制站。Install domain controllers that run Windows Server 2012.

  5. 移除網域控制站執行較舊的 Windows Server 版本。Remove domain controllers that run earlier versions of Windows Server.

新的 Windows Server 2012 網域功能等級可讓一個新功能: \ [KDC 支援宣告、 複合驗證以及 Kerberos 保護 \ \ [KDC 系統管理範本原則有兩種設定 (永遠提供宣告失敗護身的驗證要求) 需要的 Windows Server 2012 網域功能層級。The new Windows Server 2012 domain functional level enables one new feature: the KDC support for claims, compound authentication, and Kerberos armoring KDC administrative template policy has two settings (Always provide claims and Fail unarmored authentication requests) that require Windows Server 2012 domain functional level.

Windows Server 2012 森林功能層級不提供任何新的功能,但確保任何新的網域建立森林中將會自動操作網域層級 Windows Server 2012 正常運作。The Windows Server 2012 forest functional level does not provide any new features, but it ensures that any new domain created in the forest will automatically operate at the Windows Server 2012 domain functional level. Windows Server 2012 網域功能等級不提供宣告、 複合驗證以及 Kerberos 保護 \ \ [KDC 支援以外的其他新功能。The Windows Server 2012 domain functional level does not provide other new features beyond KDC support for claims, compound authentication, and Kerberos armoring. 但它可以確保網域中的任何網域控制站執行 Windows Server 2012。But it ensures that any domain controller in the domain runs Windows Server 2012 . 如需有關其他功能,可正常運作的不同層級,請查看Active Directory Domain Services 了解 (AD DS) 功能的層級For more information about other features that are available at different functional levels, see Understanding Active Directory Domain Services (AD DS) Functional Levels.

森林功能層級設定為某個值之後,您無法復原或降低森林功能等級,使用下列例外: 您升級到 Windows Server 2012 的樹系功能層級之後,您可以降低以 Windows Server 2008 R2。After you set the forest functional level to a certain value, you cannot roll back or lower the forest functional level, with the following exceptions: after you raise the forest functional level to Windows Server 2012 , you can lower it to Windows Server 2008 R2 . 如果 Active Directory 資源回收桶尚未,您也可以降低回到功能層級的 Windows Server 2012 的 Windows Server 2008 R2 或 Windows Server 2008,或 Windows Server 2008 R2 的 Windows Server 2008 的樹系。If Active Directory Recycle Bin has not been enabled, you can also lower the forest functional level from Windows Server 2012 to Windows Server 2008 R2 or Windows Server 2008 or from Windows Server 2008 R2 back to Windows Server 2008 . 如果的樹系功能層級設定為 Windows Server 2008 R2,它無法復原,例如,Windows Server 2003。If the forest functional level is set to Windows Server 2008 R2 , it cannot be rolled back, for example, to Windows Server 2003.

網域功能層級設定為某個值之後,您無法復原或降低網域功能等級,使用下列例外: 循環網域功能等級的選項時您提高網域功能等級 Windows Server 2008 R2 或 Windows Server 2012,如果 Windows Server 2008 或較低的樹系功能的等級,您有回到 Windows Server 2008 或 Windows Server 2008 R2。After you set the domain functional level to a certain value, you cannot roll back or lower the domain functional level, with the following exceptions: when you raise the domain functional level to Windows Server 2008 R2 or Windows Server 2012 , and if the forest functional level is Windows Server 2008 or lower, you have the option of rolling the domain functional level back to Windows Server 2008 or Windows Server 2008 R2 . 您可以降低只從 Windows Server 2008 R2 或 Windows Server 2008 的 Windows Server 2012 或 Windows Server 2008 R2 到 Windows Server 2008 網域功能等級。You can lower the domain functional level only from Windows Server 2012 to Windows Server 2008 R2 or Windows Server 2008 or from Windows Server 2008 R2 to Windows Server 2008 . 如果網域功能層級設定為 Windows Server 2008 R2,它無法復原,例如,以 Windows Server 2003。If the domain functional level is set to Windows Server 2008 R2 , it cannot be rolled back, for example, to Windows Server 2003.

如需較低的功能層級的功能,請查看Active Directory Domain Services 了解 (AD DS) 功能的層級For more information about features that are available at lower functional levels, see Understanding Active Directory Domain Services (AD DS) Functional Levels.

功能層級以外執行 Windows Server 2012」的網域控制站提供並不適用於執行較舊版本的 Windows Server 的網域控制站的額外功能。Beyond functional levels, a domain controller that runs Windows Server 2012 provides additional features that are not available on a domain controller that runs an earlier version of Windows Server. 例如,執行 Windows Server 2012」的網域控制站可用於 virtual 網域控制站複製,而無法執行較舊版本的 Windows Server 的網域控制站。For example, a domain controller that runs Windows Server 2012 can be used for virtual domain controller cloning, whereas a domain controller that runs an earlier version of Windows Server cannot. 但 virtual 網域控制站複製與 Windows Server 2012 中的 virtual 網域控制站保護不需要任何功能層級需求。But virtual domain controller cloning and virtual domain controller safeguards in Windows Server 2012 do not have any functional level requirements.

注意

Microsoft Exchange Server 2013 需要森林功能層級的 Windows server 2003 或更高版本。Microsoft Exchange Server 2013 requires a forest functional level of Windows server 2003 or higher.

Windows 作業系統其他伺服器角色與 AD DS 交互操作AD DS interoperability with other server roles and Windows operating systems

在下列 Windows 作業系統 AD DS 不支援:AD DS is not supported on the following Windows operating systems:

  • Windows 單多點 ServerWindows MultiPoint Server

  • Windows Server 2012 程式集Windows Server 2012 Essentials

AD DS 無法也會執行下列伺服器角色或角色服務的伺服器上安裝:AD DS cannot be installed on a server that also runs the following server roles or role services:

  • HYPER-V ServerHyper-V Server

  • 遠端桌面連接代理人Remote Desktop Connection Broker

操作主機角色Operations master roles

一些新功能在 Windows Server 2012 中的影響作業主機的角色:Some new features in Windows Server 2012 affect operations master roles:

  • 支援複製 virtual 網域控制站的 Windows Server 2012 必須執行肯定。The PDC emulator must be running Windows Server 2012 to support cloning virtual domain controllers. 有其他複製網域控制站的必要條件。There are additional prerequisites for cloning DCs. 如需詳細資訊,請查看Active Directory Domain Services (AD DS) 模擬For more information, see Active Directory Domain Services (AD DS) Virtualization.

  • 肯定執行 Windows Server 2012 時,會建立新的安全性原則。New security principals are created when the PDC emulator runs Windows Server 2012 .

  • 移除主機有新 RID 發行及監視功能。The RID Master has new RID issuance and monitoring functionality. 改進包括好事件登入,更適當限制,以及一個位元能力-緊急位在增加整體 RID 集區的配置。The improvements include better event logging, more appropriate limits, and the ability to - in an emergency - increase the overall RID pool allocation by one bit. 如需詳細資訊,請查看管理移除發行For more information, see Managing RID Issuance.

注意

雖然不是操作主機角色 AD DS 安裝在另一項變更是所有網域控制站執行 Windows Server 2012 預設會安裝 DNS 伺服器角色與通用。Though they are not operations master roles, another change in AD DS installation is that DNS server role and the global catalog are installed by default on all domain controllers that run Windows Server 2012 .

化網域控制站Virtualizing domain controllers

AD DS 開始在 Windows Server 2012 中的改進支援的網域控制站安全模擬與複製網域控制站的能力。Improvements in AD DS beginning in Windows Server 2012 enable safer virtualization of domain controllers and the ability to clone domain controllers. 依序複製網域控制站可快速在新的網域和其他優點其他網域控制站部署。Cloning domain controllers in turn enables rapid deployment of additional domain controllers in a new domain and other benefits. 如需詳細資訊,請查看Active Directory Domain Services 和 #40; 簡介AD DS 和 #41;模擬與 #40;層級 100 和 #41;.For more information, see Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100).

管理 Windows Server 2012 伺服器Administration of Windows Server 2012 servers

使用遠端伺服器管理工具適用於 Windows 8以管理網域控制站與其他執行 Windows Server 2012 的伺服器。Use the Remote Server Administration Tools for Windows 8 to manage domain controllers and other servers that run Windows Server 2012 . 您可以在執行 Windows 8 的電腦上執行 Windows Server 2012 遠端伺服器管理工具。You can run the Windows Server 2012 Remote Server Administration Tools on a computer that runs Windows 8.

應用程式的相容性Application compatibility

下表包含一般的 Active Directory 整合 Microsoft 應用程式。The following table covers common Active Directory-integrated Microsoft applications. 下表包含何種版本的應用程式可以在安裝 Windows Server 與 Windows Server 2012 網域控制站導入是否會影響應用程式的相容性。The table covers what versions of Windows Server that the applications can be installed on and whether the introduction of Windows Server 2012 DCs affects application compatibility.

ProductProduct 筆記Notes
2007 Microsoft 組態管理員Microsoft Configuration Manager 2007 組態管理員 2007 sp2 (包括組態管理員 2007 R2 和組態管理員 2007 R3):Configuration Manager 2007 with SP2 (includes Configuration Manager 2007 R2 and Configuration Manager 2007 R3):

Windows 8 專業版- Windows 8 Pro
-Windows 8 企業版- Windows 8 Enterprise
Windows Server 2012 標準- Windows Server 2012 Standard
Windows Server 2012 Datacenter請注意:這些將為戶端完全支援,但已新增使用 Configuration Manager 2007 作業系統部署功能來部署這些作業系統為支援不計劃。- Windows Server 2012 Datacenter Note: Though these will be fully supported as clients, there is no plan to add support for deploying these as operating systems by using the Configuration Manager 2007 operating system deployment feature. 此外,不需要網站伺服器或網站系統將會支援在所有 SKU 的 Windows Server 2012 」。Also, no site servers or site systems will be supported on any SKU of Windows Server 2012.
Microsoft SharePoint 2007Microsoft SharePoint 2007 Microsoft Office SharePoint 伺服器 2007年不支援在 Windows Server 2012 上進行安裝。Microsoft Office SharePoint Server 2007 is not supported for installation on Windows Server 2012.
Microsoft SharePoint 2010Microsoft SharePoint 2010 SharePoint 2010 Service Pack 2,才能安裝及操作SharePoint 2010 Service Pack 2 is required to install and operate
Windows Server 2012 的伺服器上 SharePoint 2010SharePoint 2010 on Windows Server 2012 Servers

安裝與操作 SharePoint 2010 基礎 Windows Server 2012 的伺服器上所需 SharePoint 2010 基本知識 Service Pack 2SharePoint 2010 Foundation Service Pack 2 is required to install and operate SharePoint 2010 Foundation on Windows Server 2012 Servers

在 Windows Server 2012 上失敗,SharePoint Server 2010 (不含 service pack) 的安裝程序The SharePoint Server 2010 (without service packs) installation process fails on Windows Server 2012

SharePoint Server 2010 必要條件安裝程式 (PrerequisiteInstaller.exe) 失敗,並顯示錯誤 「 此程式都擁有相容性問題 」。The SharePoint Server 2010 prerequisite installer (PrerequisiteInstaller.exe) fails with error "This program has compatibility issues." 按一下 [未取得協助執行程式 」,會顯示錯誤 「 確認如果可以安裝 SharePoint 和 #124;SharePoint Server 2010 (不含 service pack) 無法安裝 Windows Server 2012。 」Clicking "Run the program without getting help" displays the error "Verifying if SharePoint can be installed | SharePoint Server 2010 (without service packs) cannot be installed on Windows Server 2012."
Microsoft SharePoint 2013Microsoft SharePoint 2013 資料庫中發電廠伺服器的最低需求Minimum requirements for a database server in a farm

64 位元版本的 Windows Server 2008 R2 Service Pack 1 (SP1) 標準、 企業版或 Datacenter 或 64 位元版本的 Windows Server 2012 標準或 DatacenterThe 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter

建資料庫單一伺服器的最低需求:Minimum requirements for a single server with built-in database:

64 位元版本的 Windows Server 2008 R2 Service Pack 1 (SP1) 標準、 企業版或 Datacenter 或 64 位元版本的 Windows Server 2012 標準或 DatacenterThe 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter

伺服器前端網頁和應用程式伺服器的最低需求:Minimum requirements for front-end web servers and application servers in a farm:

64 位元版本的 Windows Server 2008 R2 Service Pack 1 (SP1) 標準、 企業版或 Datacenter 或 64 位元版本的 Windows Server 2012 標準或資料中心。The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter.
Microsoft System Center Configuration Manager 2012Microsoft System Center Configuration Manager 2012 系統中心 2012年組態管理員 Service Pack 1:System Center 2012 Configuration Manager Service Pack 1:

Microsoft 會在下列作業系統加入 Service Pack 1 發行我們 client 支援矩陣:Microsoft will add the following operating systems to our client support matrix with the release of Service Pack 1:

Windows 8 專業版- Windows 8 Pro
-Windows 8 企業版- Windows 8 Enterprise
Windows Server 2012 標準- Windows Server 2012 Standard
Windows Server 2012 資料中心- Windows Server 2012 Datacenter

可以包括網站伺服器、 簡訊提供者和管理點-所有網站伺服器角色都部署到伺服器作業系統版本:All site server roles - including site servers, SMS providers, and management points - can be deployed to servers with the following operating system editions:

Windows Server 2012 標準- Windows Server 2012 Standard
Windows Server 2012 資料中心- Windows Server 2012 Datacenter
Microsoft Lync Server 2013Microsoft Lync Server 2013 Windows Server 2008 R2 或 Windows Server 2012,需要 Lync Server 2013。Lync Server 2013 requires with Windows Server 2008 R2 or Windows Server 2012. 無法在 Server Core 安裝執行它。It cannot be run on a Server Core installation. 它可以執行virtual 伺服器]It can be run on virtual servers.
Lync Server 2010Lync Server 2010 Lync Server 2010 可以安裝新 (不升級) 安裝 Windows Server 2012 上,如果Lync Server 2012 年 10 月累積更新安裝。Lync Server 2010 can be installed on a new (not upgraded) installation Windows Server 2012 if October 2012 cumulative updates for Lync Server are installed. 不支援的 Lync Server 2010 的現有的安裝升級到 Windows Server 2012 的作業系統。Upgrading the operating system to Windows Server 2012 for an existing installation of Lync Server 2010 is not supported. Windows Server 2012 上也不支援 Microsoft Lync Server 2010 群組聊天伺服器。Microsoft Lync Server 2010 Group Chat Server is also not supported on Windows Server 2012.
System Center 2012 Endpoint ProtectionSystem Center 2012 Endpoint Protection System Center 2012 Endpoint Protection Service Pack 1 將更新以包含在下列作業系統 client 支援矩陣System Center 2012 Endpoint Protection Service Pack 1 will update the client support matrix to include the following operating systems

Windows 8 專業版- Windows 8 Pro
-Windows 8 企業版- Windows 8 Enterprise
Windows Server 2012 標準- Windows Server 2012 Standard
Windows Server 2012 資料中心- Windows Server 2012 Datacenter
System Center 2012 Forefront Endpoint ProtectionSystem Center 2012 Forefront Endpoint Protection 更新彙總套件 1 FEP 2010 將更新以包含在下列作業系統 client 支援矩陣:FEP 2010 with Update Rollup 1 will update the client support matrix to include the following operating systems:

Windows 8 專業版- Windows 8 Pro
-Windows 8 企業版- Windows 8 Enterprise
Windows Server 2012 標準- Windows Server 2012 Standard
Windows Server 2012 資料中心- Windows Server 2012 Datacenter
Forefront 威脅管理閘道 (TMG)Forefront Threat Management Gateway (TMG) TMG 支援在 Windows Server 2008 和 Windows Server 2008 R2 上執行。TMG is supported to run only on Windows Server 2008 and Windows Server 2008 R2. 如需詳細資訊,請查看系統需求 Forefront TMGFor more information, see System requirements for Forefront TMG.
Windows Server Update ServicesWindows Server Update Services 此版本的 WSUS 已經支援 Windows 8 電腦或 Windows Server 2012 為基礎的電腦做為戶端。This release of WSUS already supports Windows 8-based computers or Windows Server 2012-based computers as clients.
Windows Server Update Services 3.0Windows Server Update Services 3.0 更新知識庫文章2734608可讓伺服器正在執行 Windows Server Update Services (WSUS) 3.0 SP2 提供的電腦執行 Windows 8 或 Windows Server 2012 的更新:請注意: WSUS 3.0 sp2 的獨立 WSUS 3.0 SP2 環境或 System Center Configuration Manager 2007 Service Pack 2 的環境針對需要2734608正確管理 Windows 8 電腦或 Windows Server 2012 電腦為戶端。Update KB article 2734608 lets servers that are running Windows Server Update Services (WSUS) 3.0 SP2 provide updates to computers that are running Windows 8 or Windows Server 2012: Note: Customers with standalone WSUS 3.0 SP2 environments or System Center Configuration Manager 2007 Service Pack 2 environments with WSUS 3.0 SP2 require 2734608 to properly manage Windows 8-based computers or Windows Server 2012-based computers as clients.
換貨 2013Exchange 2013 Windows Server 2012 標準和 Datacenter 支援下列的角色: 架構主機、 通用伺服器、 網域控制站信箱和 client 存取伺服器角色Windows Server 2012 Standard and Datacenter are supported for the following roles: schema master, global catalog server, domain controller, mailbox and client access server role

森林功能層級: Windows Server 2003 或更高版本Forest Functional Level: Windows Server 2003 or higher

來源: 換貨 2013年系統需求Source: Exchange 2013 System Requirements
換貨 2010Exchange 2010 來源: 換貨 2010 Service Pack 3Source: Exchange 2010 Service Pack 3

換貨 2010 含 Service Pack 3 可以安裝 Windows Server 2012 成員伺服器上。Exchange 2010 with Service Pack 3 can be installed on Windows Server 2012 member servers.

換貨 2010年系統需求列出最新支援的架構主要,,全球 catalog 和網域控制站與 Windows Server 2008 R2。Exchange 2010 System Requirements lists the latest supported schema master, global catalog and domain controller as Windows Server 2008 R2.

森林功能層級: Windows Server 2003 或更高版本Forest Functional Level: Windows Server 2003 or higher
SQL Server 2012SQL Server 2012 來源: KB 2681562Source: KB 2681562

Windows Server 2012 上 SQL Server 2012 RTM 支援。SQL Server 2012 RTM is supported on Windows Server 2012.
SQL Server 2008 R2SQL Server 2008 R2 來源: KB 2681562Source: KB 2681562

若要在 Windows Server 2012 上安裝需要 SQL Server 2008 R2 含 Service Pack 1 或更新版本。Requires SQL Server 2008 R2 with Service Pack 1 or later to install on Windows Server 2012.
SQL Server 2008SQL Server 2008 來源: KB 2681562Source: KB 2681562

若要在 Windows Server 2012 上安裝需要 SQL Server 2008 含 Service Pack 3 或更新版本。Requires SQL Server 2008 with Service Pack 3 or later to install on Windows Server 2012.
SQL Server 2005SQL Server 2005 來源: KB 2681562Source: KB 2681562

不支援 Windows Server 2012 上安裝。Not supported to install on Windows Server 2012.

已知的問題Known issues

下表列出到 AD DS 安裝相關的已知的問題。The following table lists known issues related to AD DS installation.

KB 文章數字和標題KB article number and title 少數的技術區域Technology area impacted 問題描述日Issue/description
2830145: 無法在 Windows 7 或 Windows Server 2008 R2 電腦網域環境中的對應 SID 1-18 1 及 SID-1-18-22830145: SID S-1-18-1 and SID S-1-18-2 can't be mapped on Windows 7 or Windows Server 2008 R2-based computers in a domain environment AD DS 管理應用程式相容AD DS Management/App compat 應用程式的地圖 SID 1-18 1 和 SID-1-18-2、 Windows Server 2012 中的新功能,這可能會失敗,因為 Windows 7 或 Windows Server 2008 R2 的電腦上無法解析 Sid。Applications that map SID S-1-18-1 and SID S-1-18-2, which are new in Windows Server 2012, may fail because the SIDs cannot be resolved on Windows 7-based or Windows Server 2008 R2-based computers. 若要修正這個問題的相關,hotfix 網域中的 Windows 7 與 Windows Server 2008 R2 的電腦上。To resolve this issue, install the hotfix on the Windows 7-based and Windows Server 2008 R2-based computers in the domain.
2737129: 準備群組原則不會執行時,會自動準備 Windows Server 2012 的現有的網域2737129: Group Policy preparation is not performed when you automatically prepare an existing domain for Windows Server 2012 AD DS 安裝AD DS Installation Adprep /domainprep /gpprep 無法自動執行安裝執行 Windows Server 2012 網域中的第一個 DC 的一部分。Adprep /domainprep /gpprep is not automatically run as part of installing the first DC that runs Windows Server 2012 in a domain. 如果該從未執行先前網域中,它必須執行以手動方式。If it has never been run previously in the domain, it must be run manually.
2737416: Windows PowerShell 根據網域控制站部署重複警告2737416: Windows PowerShell-based domain controller deployment repeats warnings AD DS 安裝AD DS Installation 可以必要條件在驗證期間會顯示警告,並再重新出現在安裝期間。Warnings can appear during prerequisite validation and then reappear during the installation.
2737424: 「 指定的網域名稱的格式不正確的 「 錯誤,當您嘗試移除網域控制站 Active Directory Domain Services2737424: "Format of the specified domain name is invalid" error when you try to remove Active Directory Domain Services from a domain controller AD DS 安裝AD DS Installation 如果您要移除預先建立的 RODC 帳號仍然存在的網域中的最後一個 DC 會出現這個錯誤。This error appears if you are removing the last DC in a domain where pre-created RODC accounts still exist. 這會影響 Windows Server 2012、 Windows Server 2008 R2 和 Windows Server 2008。This affects Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008.
2737463: 網域控制站不會開始,就會發生 c00002e2 錯誤,或會顯示 [選擇選項]2737463: Domain controller does not start, c00002e2 error occurs, or "Choose an option" is displayed AD DS 安裝AD DS Installation DC 不會開始因為系統管理員使用 Dism.exe、 Pkgmgr.exe 或 Ocsetup.exe 以移除對-DomainController 角色。A DC does not start because an administrator used Dism.exe, Pkgmgr.exe, or Ocsetup.exe to remove the DirectoryServices-DomainController role.
2737516: 在 Windows Server 2012 伺服器管理員中的 IFM 驗證限制2737516: IFM verification limitations in Windows Server 2012 Server Manager AD DS 安裝AD DS Installation IFM 驗證 KB 文件中所述,可以讓限制。IFM verification can have limitations as explained in the KB article.
2737535: 安裝-AddsDomainController cmdlet 傳回參數設定 RODC 錯誤2737535: Install-AddsDomainController cmdlet returns parameter set error for RODC AD DS 安裝AD DS Installation 當您嘗試伺服器附加至 RODC 帳號,如果您已經會填入引數指定預先建立 RODC 帳號,您可以收到錯誤。You can receive an error when you try to attach a server to an RODC account if you specify arguments that are already populated on the pre-created RODC account.
2737560: 「 無法執行換貨架構衝突檢查 」 錯誤,以及必要條件檢查失敗2737560: "Unable to perform Exchange schema conflict check" error, and prerequisites check fails AD DS 安裝AD DS Installation 當您設定 Windows Server 2012 DC 第一次現有網域中,因為網域控制站的遺失 SeServiceLogonRight 網路的服務,或封鎖 WMI 或 DCOM 通訊協定因為必要條件檢查將會失敗。Prerequisite check fails when you configure the first Windows Server 2012 DC in an existing domain because DCs are missing the SeServiceLogonRight for Network Service or because WMI or DCOM protocols are blocked.
2737797: AddsDeployment 模組-引數則會顯示不正確的 DNS 結果2737797: AddsDeployment module with the -Whatif argument shows incorrect DNS results AD DS 安裝AD DS Installation -參數顯示 DNS 伺服器將不會安裝,但它將會。The -WhatIf parameter shows DNS server will not be installed but it will be.
2737807: 網域控制站選項] 頁面上不適下一步]2737807: The Next button is not available on the Domain Controller Options page AD DS 安裝AD DS Installation [下一步] 按鈕已停用網域控制站選項] 頁面上,因為目標俠的 IP 位址未對應現有子網路或網站,或是無法輸入並確認正確 DSRM 密碼。The Next button is disabled on the Domain Controller Options page because the IP address of the target DC does not map to an existing subnet or site, or because the DSRM password is not typed and confirmed correctly.
2737935: active Directory 安裝停止在 [建立 NTDS 設定物件 」 階段2737935: Active Directory installation stalls at the "Creating the NTDS settings object" stage AD DS 安裝AD DS Installation 安裝無回應,因為本機系統管理員密碼和網域系統管理員密碼,或是網路問題讓重要複寫無法完成。The installation hangs because the local Administrator password matches the domain Administrator password, or because networking problems prevent critical replication from completing.
2738060: 「 存取 」 時,您的子女網域從遠端使用建立安裝-AddsDomain 錯誤訊息2738060: "Access is denied" error message when you create a child domain remotely by using Install-AddsDomain AD DS 安裝AD DS Installation 當您執行安裝-ADDSDomain 與叫用命令 cmdlet DNSDelegationCredential 有錯誤的密碼,您會收到的錯誤。You receive the error when you run Install-ADDSDomain with the Invoke-Command cmdlet if the DNSDelegationCredential has a bad password.
2738697: 「 伺服器不操作 「 網域控制站設定錯誤當您使用伺服器管理員中設定伺服器2738697: "The server is not operational" domain controller configuration error when you configure a server by using Server Manager AD DS 安裝AD DS Installation 當您嘗試群組的電腦上安裝 AD DS,因為已停用 NTLM 驗證時,您會收到這個錯誤。You receive this error when you try to install AD DS on a workgroup computer because NTLM authentication is disabled.
2738746: 您收到錯誤拒絕在您登入本機系統管理員核對之後存取2738746: You receive access denied errors after you log on to a local administrator domain account AD DS 安裝AD DS Installation 當您使用本機系統管理員帳號,而非建登入,然後建立新的網域 account 是未加入網域系統管理員 」 群組。When you log on using a local Administrator account rather than the built-in Administrator account and then create a new domain, the account is not added to the Domain Admins group.
2743345: 「 系統找不到指定的檔案] Adprep /gpprep 錯誤或工具當機的問題2743345: "The system cannot find the file specified" Adprep /gpprep error, or tool crashes AD DS 安裝AD DS Installation 您收到這個錯誤當您執行 adprep /gpprep 因為基礎結構主機實作分開命名空間You receive this error when you run adprep /gpprep because the infrastructure master is implements a disjoint namespace
2743367: Adprep 「 不是有效 Win32 應用程式 」 在 Windows Server 2003 64 位元版本的錯誤2743367: Adprep "not a valid Win32 application" error on Windows Server 2003, 64-bit version AD DS 安裝AD DS Installation 因為 Windows Server 2012 Adprep 無法執行 Windows Server 2003,您會收到這個錯誤。You receive this error because Windows Server 2012 Adprep cannot be run on Windows Server 2003.
2753560: 3.2 ADMT 和 PES 3.1 Windows Server 2012 上的安裝錯誤2753560: ADMT 3.2 and PES 3.1 installation errors on Windows Server 2012 ADMTADMT ADMT 3.2 無法安裝 Windows Server 2012 上所設計。ADMT 3.2 cannot be installed on Windows Server 2012 by design.
2750857: DFS 複寫診斷報告無法正確顯示在 Internet Explorer 102750857: DFS Replication diagnostic reports do not display correctly in Internet Explorer 10 DFS 複寫DFS Replication DFS 複寫診斷報告無法正確顯示,因為 Internet Explorer 10 中的變更。DFS Replication diagnostic report does not display correctly because of changes in Internet Explorer 10.
2741537: 遠端群組原則更新使用者都能看見2741537: Remote Group Policy updates are visible to users 群組原則Group Policy 這是因為的層級的每一位使用者登入執行排定的工作。This is due to scheduled tasks run in the context of each user who is logged on. 「 Windows 工作排程器要求在本案例中的互動式提示。The Windows Task Scheduler design requires an interactive prompt in this scenario.
2741591: ADM 檔案無法在 SYSVOL 中有 GPMC 基礎結構狀態] 選項2741591: ADM files are not present in SYSVOL in the GPMC Infrastructure Status option 群組原則Group Policy 因為 GPMC 基礎結構狀態不符合自訂篩選規則 GP 複寫可以報告 「 複寫進行中的]。GP replication can report "replication in progress" because GPMC Infrastructure Status does not follow customized filtering rules.
2737880: 「 無法開始服務 」 時發生錯誤 AD DS 設定2737880: "The service cannot be started" error during AD DS configuration Virtual 俠複製Virtual DC cloning 發生這個錯誤時安裝或移除 AD DS,複製,因為已停用 DS 角色伺服器服務。You receive this error while installing or removing AD DS, or cloning, because the DS Role Server service is disabled.
2742836: 當您使用複製的功能 VDC 兩個 DHCP 租用建立的每個網域控制站2742836: Two DHCP leases are created for each domain controller when you use the VDC cloning feature Virtual 俠複製Virtual DC cloning 這是因為複製的網域控制站收到租用之前,請先複製並再試一次時複製已完成。This happens because the cloned domain controller received a lease before cloning and again when cloning was complete.
2742844: 網域控制站伺服器失敗,且複製重新開機以 Windows Server 2012 中 DSRM2742844: Domain controller cloning fails and the server restarts in DSRM in Windows Server 2012 Virtual 俠複製Virtual DC cloning 複製的俠開始在 DSRM 因為複製各種不同的原因 KB 文章中列出的任何失敗。The cloned DC starts in DSRM because cloning failed for any of a variety of reasons listed in the KB article.
2742874: 網域控制站複製並不會重新建立的所有服務主體名稱2742874: Domain controller cloning does not re-create all service principal names Virtual 俠複製Virtual DC cloning 某些三個部分 Spn 會不重新建立上複製俠因為重新命名程序的限制。Some three-part SPNs are not recreated on the cloned DC because of a limitation of the domain rename process.
2742908: 「 不登入伺服器可 」 之後複製網域控制站的錯誤2742908: "No logon servers are available" error after cloning domain controller Virtual 俠複製Virtual DC cloning 當您嘗試登入失敗,因為複製複製模擬的 DC 後 DC DSRM 在開始時,您會收到這個錯誤。You receive this error when you try to log on after cloning a virtualized DC because cloning failed and the DC is started in DSRM. 登入。 \administrator 疑難排解複製失敗。Log on as .\administrator to troubleshoot the cloning failure.
2742916: 網域控制站複製失敗,錯誤 8610 dcpromo.log 中2742916: Domain controller cloning fails with error 8610 in dcpromo.log Virtual 俠複製Virtual DC cloning 因為網域磁碟分割,可能是由於的角色轉移輸入的複寫不執行肯定,請複製失敗。Cloning fails because the PDC emulator has not performed inbound replication of the domain partition, likely because the role was transferred.
2742927: [索引超出範圍 」 新-AdDcCloneConfig 錯誤2742927: "Index was out of range" New-AdDcCloneConfig error Virtual 俠複製Virtual DC cloning 新增-ADDCCloneConfigFile cmdlet 執行時複製 virtual Dc,可能是因為 cmdlet 已提升權限的命令提示字元中執行,或是您存取權杖不包含系統管理員群組之後,您收到的錯誤。You receive the error after you run New-ADDCCloneConfigFile cmdlet while cloning virtual DCs, either because the cmdlet was not run from an elevated command prompt or because your access token does not contain the Administrators group.
2742959: 網域控制站複製失敗,錯誤 8437︰ 「 不正確的參數指定此複寫操作 」2742959: Domain controller cloning fails with error 8437: "invalid parameter was specified for this replication operation" Virtual 俠複製Virtual DC cloning 複製失敗,因為指定無效複製名稱或重複 NetBIOS 名稱。Cloning failed because an invalid clone name or a duplicate NetBIOS name was specified.
2742970: DC Cloning 失敗,並不 DSRM,重複的來源和複製電腦2742970: DC Cloning fails with no DSRM, duplicate source and clone computer Virtual 俠複製Virtual DC cloning 複製 virtual 俠開機中 Directory 服務修復模式 (DSRM),因為不正確的位置中建立 DCCloneConfig.xml 檔案,或是複製之前來源 DC 重新開機,做為來源俠使用重複的名稱。The cloned virtual DC boots in Directory Services Repair Mode (DSRM), using a duplicate name as the source DC because the DCCloneConfig.xml file was not created in the correct location or because the source DC was rebooted before cloning.
2743278: 網域控制站複製 0x80041005 錯誤2743278: Domain controller cloning error 0x80041005 Virtual 俠複製Virtual DC cloning 複製的俠開機至 DSRM 因為指定只有一個 WINS 伺服器。The cloned DC boots into DSRM because only one WINS server was specified. 如果指定任何 WINS 伺服器,則必須指定慣用和其他贏得伺服器。If any WINS server is specified, both Preferred and Alternate WINS servers must be specified.
2745013: 「 伺服器無法操作 「 錯誤訊息如果您執行 Windows Server 2012 中的新-AdDcCloneConfigFile2745013: "Server is not operational" error message if you run New-AdDcCloneConfigFile in Windows Server 2012 Virtual 俠複製Virtual DC cloning 因為伺服器無法連絡通用伺服器執行新-ADDCCloneConfigFile cmdlet 之後,您會收到這個錯誤。You receive this error after you run the New-ADDCCloneConfigFile cmdlet because the server cannot contact a global catalog server.
2747974: 網域控制站複製事件 2224年提供正確的指導方針2747974: Domain controller cloning event 2224 provides incorrect guidance Virtual 俠複製Virtual DC cloning 事件 ID 2224 正確狀態受管理的服務帳號,必須移除之前,請先複製。Event ID 2224 incorrectly states that managed service accounts must be removed before cloning. 獨立 MSAs 必須移除,但是群組 MSAs 不會封鎖複製。Standalone MSAs must be removed but Group MSAs do not block cloning.
2748266: 之後在您升級到 Windows 8,您無法解除鎖定加密 BitLocker 磁碟機2748266: You cannot unlock a BitLocker-encrypted drive after you upgrade to Windows 8 BitLockerBitLocker 當您嘗試已從 Windows 7 升級的電腦上的磁碟機解除鎖定時,您會收到 「 找不到應用程式 」 錯誤。You receive an "Application not found" error when you try to unlock a drive on a computer that was upgraded from Windows 7.

也了See Also

Windows Server 2012 評估資源Windows Server 2012 Evaluation Resources
Windows Server 2012 評估指南Windows Server 2012 Evaluation Guide
安裝和部署 Windows Server 2012Install and Deploy Windows Server 2012