廣告樹系修復-新增 GCAD Forest Recovery - Adding the GC

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

通用新增到 DC 使用下列程序。Use the following procedure to add the global catalog to a DC.

若要新增的通用To add the global catalog

  1. 按一下[開始],指向 [所有程式,指向 [系統管理工具],,然後按一下Active Directory 網站和服務Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
  2. 在主控台中,展開網站容器、,然後選取包含目標伺服器的適當網站。In the console tree, expand the Sites container, and then select the appropriate site that contains the target server.
  3. 展開伺服器]容器,然後針對您要新增的通用網域控制站展開伺服器物件。Expand the Servers container, and then expand the server object for the DC to which you want to add the global catalog.
  4. 以滑鼠右鍵按一下NTDS 設定,然後按屬性Right-click NTDS Settings, and then click Properties.
  5. 選取 [通用核取方塊。Select the Global Catalog check box.
    新增 GC

若要新增通用使用 RepadminTo add the global catalog using Repadmin

  1. 打開提升權限的命令提示字元中,輸入下列命令,並按下 ENTER:Open an elevated command prompt, type the following command, and press ENTER:

    repadmin.exe /options DC_NAME +IS_GC  
    

    加快通用加入 DC 根網域中的程序的方法如下:The following are ways to speed up the process of adding the global catalog to the DC in the root domain:

  • 最好根網域中的 DC 應該複寫合作夥伴還原網域控制站的非根網域中。Ideally, the DC in the root domain should be a replication partner of the restored DCs in the non-root domains. 若是如此,請確認知識一致性檢查程式 (KCC) 適當的對應建立的repsFrom來源 DC 和的磁碟分割中根俠物件。If so, confirm that the Knowledge Consistency Checker (KCC) has created the corresponding repsFrom object for the source DC and partition in the root DC. 您可以執行確認repadmin /showreps /v命令。You can confirm this by running the repadmin /showreps /v command.

  • 如果有任何repsFrom物件建立、建立磁碟分割設定為這個物件。If there is no repsFrom object created, create this object for the configuration partition. 如此一來,根網域中的俠可以判斷已經非根網域中的網域控制站。This way, the DC in the root domain can determine which DCs in the non-root domain have been deleted. 您可以使用下列命令:You can do this with the following commands:

    repadmin /add ConfigurationNamingContext DestinationDomainController SourceDomainControllerCNAME  
    
    repadmin /options DSA -Disable_NTDSCONN_XLATE  
    

    適用於格式SourceDomainControllerCNAME是:The format for the SourceDomainControllerCNAME is:

    
    sourceDCGuid._msdcs.root domain  
    

    例如,可能是設定 contoso.com 網域的磁碟分割 repadmin /add 命令:For example, the repadmin /add command for the configuration partition of the contoso.com domain could be:

    repadmin /add cn=configuration,DC=contoso,DC=com DC01 937ef930-7356-43c8-88dc-8baaaa781cf6._msdcs.dDSP17A22.contoso.com  
    
  • 如果repsFrom物件的話,請試著同步根網域中的 DC 與 DC 非根網域中,如下所示:If the repsFrom object is present, try to sync the DC in the root domain with the DC in the non-root domain as follows:

    Repadmin /sync DomainNamingContext DestinationDomainController SourceDomainControllerGUID  
    

    其中DestinationDomainController是 DC 根網域中的,SourceDomainController是還原網域控制站非根網域中的。Where DestinationDomainController is the DC in the root domain and SourceDomainController is the restored DC in the non-root domain.

  • 根網域 DNS 伺服器應該會有來源俠資源記錄別名 (CNAME)。The root domain DNS server should have the alias (CNAME) resource records for the source DC. 請確定的父系 DNS 區域包含委派資源(名稱伺服器(奈秒)和主機 (A) 資源記錄)正確網域控制站 (已從備份還原 Dc) 中的子女區域。Ensure that the parent DNS zone contains delegation resource records (name server (NS) and host (A) resource records) for the correct DCs (the DCs that have been restored from backup) in the child zone.

  • 請務必根網域中俠洽詢往來正確金鑰 Distribution 中心 (KDC) 非根網域中。Make sure that the DC in the root domain is contacting the correct Key Distribution Center (KDC) in the non-root domain. 若要進行測試,在命令提示字元中,輸入下列命令,,然後按 ENTER 鍵:To test this, at the command prompt, type the following command, and then press ENTER:

    nltest /dsgetdc:nonroot domain name /KDC /Force  
    

    後續步驟Next Steps

  • 廣告樹系復原指南AD Forest Recovery Guide

  • 廣告樹系修復程序AD Forest Recovery - Procedures