廣告樹系修復-失效目前 RID 集區AD Forest Recovery - Invalidating the current RID pool

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

使用下列程序給我們的 Windows PowerShell 失效網域控制站目前 RID 集區。Use the following procedure to us Windows PowerShell to invalidate the current RID pool on a domain controller. Windows PowerShell 在 Windows Server 2012 和 Windows Server 2008 R2,但不是 Windows Server 2008,就必須安裝使用預設支援[新增功能Windows PowerShell is enabled by default on Windows Server 2012 and Windows Server 2008 R2, but not Windows Server 2008 where it must be installed by using Add Features. 它可以是下載在 Windows Server 2003 上執行。It can be downloaded to run on Windows Server 2003.

若要確認命令已成功完成,檢查 263 16654 (來源是 Directory-服務-坡) 在 Windows Server 2012 中事件檢視器中系統登入。To verify the command completed successfully, check for event ID 16654 (source is Directory-Services-SAM) in the System log in Event Viewer in Windows Server 2012. 較舊的 Windows 版本不登入這個事件。Earlier versions of Windows do not log this event.

注意

您使 RID 集區之後,您會收到一則錯誤,當您第一次建立安全性原則 (使用者、 電腦或群組) 時。After you invalidate the RID pool, you will receive an error when you first attempt to create security principal (user, computer, or group). 嘗試將建立物件觸發 RID 新集區的要求。The attempt to create an object triggers a request for a new RID pool. 重試作業的成功因為將配置 RID 新集區。Retry of the operation succeeds because the new RID pool will be allocated.

若要使目前移除集區To invalidate the current RID pool

  1. 打開提升權限的 Windows PowerShell 工作階段,執行下列命令並按下 ENTER 鍵:Open an elevated Windows PowerShell session, run the following command and press ENTER:

    $Domain = New-Object System.DirectoryServices.DirectoryEntry  
    $DomainSid = $Domain.objectSid  
    $RootDSE = New-Object System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")  
    $RootDSE.UsePropertyCache = $false  
    $RootDSE.Put("invalidateRidPool", $DomainSid.Value)  
    $RootDSE.SetInfo()  
    

後續步驟Next Steps