廣告樹系修復常見問題集AD Forest Recovery - FAQ

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2、 Windows Server 2003Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2, Windows Server 2003

本文件包含有關樹系修復常見問題的解答 (Faq):This document contains frequently asked questions (FAQs) regarding forest recovery:

一般復原General Recovery

問: 項目執行加速修復?Q: What can I do to speed up recovery?

雖然復原的速度並不本書的主要目標,一種由短復原時間:Although speed of recovery is not the primary goal of this guide, you can achieve shorter recovery times by:

  • 建立詳細的樹系修復計劃,定期更新,以及練習模擬的測試環境合理的大小的每年至少一次Creating a detailed forest recovery plan, updating it on a regular basis, and practicing it in a simulated test environment of reasonable size at least once a year

  • 使用複製的模擬的網域控制站 (DC)Using virtualized domain controller (DC) cloning

    可以模擬俠複製加速取得其他執行一個從每個網域中的備份還原俠之後的網域控制站的程序。Virtualized DC cloning expedites the process to get additional DCs running after one DC is restored from backup in each domain. 除了等待長 AD DS 安裝完成後,以及完成安裝之後嚴重的複寫可以複製其他模擬網域控制站。The additional virtualized DCs can be cloned rather than waiting for potentially lengthy AD DS installations to be completed and for the completion of non-critical replication after installation.

    森林 virtual 網域控制站放置在較小許多連接良好的資料中心可能前提最複製復原期間。Forests where virtual DCs are hosted in a relatively small number of well-connected data centers potentially benefit most from cloning during recovery. 不過,應該前提任何環境多個模擬網域控制站在相同的網域一起位置 hypervisor 主機。However, any environment where multiple virtualized DCs for the same domain are co-located on the same hypervisor host should benefit.

  • 部署唯讀網域控制站 (Rodc)Deploying read-only domain controllers (RODCs)

    Rodc 可以提供業務持續性的修復程序期間,因為它們不需要像寫入 Dc 中斷網路。RODCs can provide business continuity during the recovery process because they do not have to be disconnected from the network as writable DCs do. Rodc 並執行輸出複寫。RODCs do not perform outbound replication. 因此,它們不會存在寫入 Dc 造成損害資料複寫回修復環境相同風險。Therefore, they do not present the same risk that writable DCs pose for replicating damaging data back into the recovered environment.

    其他因素而有所不同影響的樹系的修復程序的持續時間,包含下列類型:Other factors that affect the duration of the forest recovery process include the following:

  • 從備份還原 Dc 時, 所需的時間:When you restore DCs from backups, it takes time to:

    • 找出實體備份媒體,例如磁帶。Locate the physical backup media, such as tapes.

    • 重新安裝作業系統。Reinstall the operating system.

    • 從媒體備份還原資料。Restore data from backup media.

      您可以減少重新安裝作業系統,並從備份還原資料,來執行完整伺服器修復系統狀態還原而所需的時間。You can reduce the time required to reinstall the operating system and restore data from backup by performing full server recovery instead of system state restore. 完整伺服器復原是二進位為基礎,因為它是比系統狀態還原更快。Because full server recovery is binary-based, it completes much faster than system state restore.

      不過,如果伺服器包含排除系統狀態資料,您不想要還原的資料,完整伺服器復原可能無法系統狀態還原可行替代物取代。However, if the server contains data that is excluded from system state data that you do not want to restore, full server recovery might not be a viable alternative to system state restore. 考慮優點具體而言,執行而不是狀態系統還原完整伺服器復原您的伺服器,並依此準備執行適當想要稍後還原備份的類型。Consider the advantages of performing a full server recovery instead of a system state restore for your servers specifically, and prepare accordingly by performing the appropriate type of backup that you plan to restore later.

  • 當您重新建立網域控制站時,它花一些時間複寫網路促銷活動的資料。When you rebuild DCs, it takes time to replicate data for network-based promotions.

    您可以減少還原 Dc 下列步驟來執行所需的時間:You can decrease the time required for restoring DCs by performing the following steps:

  • 減少正在透過備份的媒體擷取的時間:Reduce the time for retrieving backup media by:

  • 強制 AD DS 移除的網域控制站而不是重新安裝作業系統。Force the removal of AD DS from the DCs instead of reinstalling the operating system. 如果完全中 AD DS 的範圍是已知的樹系失敗的原因,您不必網域控制站上重新安裝作業系統。If the cause of the forest-wide failure has been identified to be purely within the scope of AD DS, you do not have to reinstall the operating system on the DCs.

    如需有關移除 AD DS 強迫從 DC 執行 Windows Server 2008,或更新版本,請查看強迫移除 Windows Server 2008 網域控制站的(https://go.microsoft.com/fwlink/?LinkId=132627)。For more information about forcing the removal of AD DS from a DC that runs Windows Server 2008 or later, see Forcing the Removal of a Windows Server 2008 Domain Controller (https://go.microsoft.com/fwlink/?LinkId=132627). 如需有關從執行 Windows Server 2003 DC 強迫移除 AD DS,請查看文章 332199中「Microsoft 知識庫 (https://go.microsoft.com/fwlink/?LinkId=70780)。For more information about forcing the removal of AD DS from a DC that runs Windows Server 2003, see article 332199 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=70780).

  • 使用更快速地磁帶裝置或減少所需的時間磁碟備份還原操作。Use faster tape devices or disk backups to reduce the time that is required for restore operations.

    您也可以協助加快 AD DS 安裝重建網域控制站在每個網域中的使用安裝媒體 (IFM) 功能。You can also help accelerate AD DS installations by using the Install from Media (IFM) feature to rebuild DCs in each domain. IFM 減少當您重新建立網域控制站在每個網域收取複寫延遲。IFM reduces the replication latency that is incurred when you rebuild DCs in each domain.

    企業有更多積極層級服務合約 (SLA),可能會考慮改變快速修復的樹系修復程序。Businesses that have a more aggressive service-level agreement (SLA) might consider altering the forest recovery procedures to speed recovery.

問: 樹系修復程序可以自動化嗎?Q: Can I automate the forest recovery process?
複雜和重要的樹系的修復程序的性質,因為有是目前的任何端點-自動化。Because of the complex and critical nature of the forest recovery process, there is currently no end-to-end automation of it. 樹系的修復程序是更邏輯及組織挑戰還原比的程序自動化技術問題的業務持續性。The forest recovery process is more a logistical and organizational challenge of restoring business continuity than a technical problem of process automation. 因此,管理環境人才應該建立特定的環境樹系復原計畫,再將它可以成功自動化的各節。Therefore, the individual who administers the environment should create a forest recovery plan that is specific to that environment and then automate sections of it that can be automated successfully.

您可以使用命令列工具來執行大多數的樹系修復的步驟。You can perform most of the forest recovery steps by using command-line tools. 因此,這些步驟是編寫指令碼。Therefore, most of the steps are scriptable. 例如,Ntdsutil.exe 是最常使用的樹系的修復程序的工具之一。For example, Ntdsutil.exe is one of the most frequently used tools in the forest recovery process.

雖然指令碼可以速度復原,您必須在先真實的環境中所套用完全測試這些指令碼。Although scripts can speed recovery, you must thoroughly test these scripts before you apply them in a real environment. 同時,您必須更新這些根據 Active Directory 環境,例如加入新的網域或俠或新版的 Active Directory 中變更。Also, you must update them according to changes in the Active Directory environment, such as the addition of a new domain or DC, or a new version of Active Directory.

後續步驟Next Steps