廣告樹系修復-引發提供 RID 集區的值AD Forest Recovery - Raising the value of available RID pools

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

使用下列程序提高值的相關 ID (RID) 集區 RID 操作主機,將會配置之後 DC 還原。Use the following procedure to raise the value of the relative ID (RID) pools that the RID operations master will allocate after that DC is restored. 提高提供 RID 集區的值,您就可以確保不俠該配置 RID 的已用來還原網域備份後建立的安全性原則。By raising the value of the available RID pools, you can ensure that no DC allocates a RID for a security principal that was created after the backup that was used to restore the domain.

有關 Active Directory 移除集區與 rIDAvailablePoolAbout Active Directory RID Pools and rIDAvailablePool

每個網域有物件DATA-CN = RID 管理員 $DATA-CN = 系統特區=<domain_name>。Each domain has an object CN=RID Manager$,CN=System,DC=<domain_name>. 此物件具有屬性名為rIDAvailablePoolThis object has an attribute named rIDAvailablePool. 此屬性的值維護整個網域中的全域 RID 空間。This attribute value maintains the global RID space for an entire domain. 值是大型整數與上下部分。The value is a large integer with upper and lower parts. 上半定義的安全性原則,可以針對每個網域 (0x3FFFFFFF 或超過 1 億) 配置。The upper part defines the number of security principals that can be allocated for each domain (0x3FFFFFFF or just over 1 billion). 下方為 Rid 有尚未配置網域中的數字。The lower part is the number of RIDs that have been allocated in the domain.

注意

在 Windows Server 2016 和 2012年,可以配置的安全性原則的數目增加超過 2 億到。In Windows Server 2016 and 2012, the number of security principals that can be allocated is increased to just over 2 billion. 如需詳細資訊,請查看排除管理發行For more information, see Managing RID issuance.

  • 範例值: 4611686014132422708Sample Value: 4611686014132422708

  • 低一部分: 2100 (開頭配置的下一步 RID 集區)Low Part: 2100 (beginning of the next RID pool to be allocated)

  • 上方: 1073741823 (總數 Rid,您可以建立網域中)Upper Part: 1073741823 (total number of RIDs that can be created in a domain)

    當您提高大整數的值時,也會增加少部分的值。When you increase the value of the large integer, you increase the value of the low part. 例如,您新增 100000 範例 4611686014132422708 4611686014132522708 總和的值,新少部分 102100。For example, if you add 100,000 to the sample value of 4611686014132422708 for a sum of 4611686014132522708, the new low part is 102100. 這表示而配置 RID 主機的下一步 RID 集區的開頭 102100 而不是 2100年。This indicates that the next RID pool that will be allocated by the RID master will begin with 102100 instead of 2100.

若要提高提供 RID 集區 adsiedit 和小算盤使用的值 'To raise the value of available RID pools using adsiedit and the calculator `

  1. 打開伺服器管理員中,按一下工具,按一下 [ AdsiOpen Server Manager, click Tools and click ADSI Edit.
  2. 以滑鼠右鍵按一下,選取連接到,並連接執行預設命名操作,按[確定]Right-click, select Connect to and connect do the Default Naming Context and click OK. 編輯 ADSI
  3. 瀏覽至下列分辨的名稱路徑: DATA-CN = RID 管理員 $DATA-CN = 系統特區 =Browse to the following distinguished name path: CN=RID Manager$,CN=System,DC=. 編輯 ADSI
  4. 以滑鼠右鍵按一下並選取的屬性 DATA-CN = RID 管理員 $。Right-click and and select the properties of CN=RID Manager$.
  5. 請選取屬性rIDAvailablePool,按一下 [編輯,然後將大型整數複製到剪貼簿。Select the attribute rIDAvailablePool, click Edit, and then copy the large integer value to the clipboard. 編輯 ADSI
  6. 小算盤,[開始] 和檢視功能表上,選取工程型] 模式Start calculator, and from the View menu, select Scientific Mode. 6.6. 新增 100000 目前的值。Add 100,000 to the current value.
    編輯 ADSI
  7. 使用 ctrl c 或複製命令的編輯功能表中,將值複製到剪貼簿。Using ctrl-c, or the Copy command from the Edit menu, copy the value to the clipboard.
  8. Adsiedit 的 [編輯] 對話方塊,以貼到這個新的值。In the edit dialog of adsiedit, paste this new value. 編輯 ADSI
  9. 按一下[確定]對話方塊中和套用更新屬性表中rIDAvailablePool屬性。Click OK in the dialog, and Apply in the property sheet to update the rIDAvailablePool attribute.

提高可使用 LDP RID 集區的值To raise the value of available RID pools using LDP

  1. 在命令提示字元中,輸入下列命令,,然後按 ENTER 鍵:At the command prompt, type the following command, and then press ENTER:

    ldpldp

  2. 按一下連接,按一下 [連接、 輸入 RID 管理員名稱,然後再按[確定]Click Connection, click Connect, type the name of RID manager, and then click OK.
    LDP

  3. 按一下連接,按一下 [繫結、 選取繫結的認證並輸入您的系統管理認證,然後按一下 [ [確定]Click Connection, click Bind, select Bind with credentials and type your administrative credentials, and then click OK.
    LDP
  4. 按一下檢視,按一下 [,然後輸入下列分辨的名稱路徑: DATA-CN = RID 管理員 $DATA-CN = 系統特區 =的網域名稱Click View, click Tree and then type the following distinguished name path: CN=RID Manager$,CN=System,DC=domain name
    LDP
  5. 按一下瀏覽],然後按修改Click Browse, and then click Modify.
  6. 新增 100000 目前rIDAvailablePool值,而且然後輸入到總和的值Add 100,000 to the current rIDAvailablePool value, and then type the sum into Values.
  7. Dn,輸入cn=RID Manager$,cn=System,dc= < 網域 name\ >In Dn, type cn=RID Manager$,cn=System,dc=<domain name>.
  8. 編輯項目屬性,輸入rIDAvailablePoolIn Edit Entry Attribute, type rIDAvailablePool.
  9. 選取 [取代操作,然後再按一下為輸入Select Replace as the operation, and then click Enter.
    LDP
  10. 按一下執行若要執行的作業。Click Run to run the operation. 按一下關閉Click Close.
  11. 若要驗證變更,按一下 [檢視,按一下 [,然後輸入下列分辨的名稱路徑: DATA-CN = RID 管理員 $DATA-CN = 系統特區 =網域名稱To validate the change, click View, click Tree, and then type the following distinguished name path: CN=RID Manager$,CN=System,DC=domain name. 查看rIDAvailablePool屬性。Check the rIDAvailablePool attribute.
    LDP

後續步驟Next Steps