廣告樹系修復重新部署剩餘網域控制站的機會AD Forest Recovery - Redeploy remaining DCs

適用於: Windows Server 2016、 Windows Server 2012 和 2012 R2、 Windows Server 2008 和 2008 R2Applies To: Windows Server 2016, Windows Server 2012 and 2012 R2, Windows Server 2008 and 2008 R2

目前的步驟適用於所有的樹系︰ 有效備份尋找每個網域、 復原隔離的網域、 重新連接,重設通用,並清除。The steps up to this point apply to all forests: find a valid backup for each domain, recover the domains in isolation, reconnect them, reset the global catalog, and clean up. 在下一個步驟中,您將會重新部署樹系。In this next step you will redeploy the forest. 執行此動作的方式會大幅而定,您的樹系設計、 層級服務合約,網站結構,可用的頻寬,和許多其他因素而有所不同。The way to do this will greatly depend on your forest design, your service level agreements, site structure, available bandwidth, and numerous other factors. 您將需要設計自己重新部署的計劃依據原則和建議在本區段中,最適合您的企業需求的方式。You will need to design your own redeployment plan based on the principles and suggestions in this section, in a way that is best suited to your business requirements.

安裝所有的樹系復原當時之前讀音網域控制站 AD DS 是下一個步驟。The next step is to install AD DS on all DCs that were present before the forest recovery took place. 如果網域控制站仍然存在,必須移除強制,AD DS 服務或網域控制站可以重新安裝。If the DCs still exist, the AD DS service will need to be removed forcibly, or the DCs can be reinstalled. 無法其他任何現有的備份的這些網域控制站,因為已樹系復原期間移除對應中繼資料。Any existing backups for these DCs cannot be reused, because the corresponding metadata has been removed during forest recovery. 簡單的環境中此重新部署程序可以重新連接復原網域控制站 production 網路,以及視升級新的網域控制站簡單。In an uncomplicated environment this redeployment process can be as simple as reconnecting the recovered DCs to the production network, and promoting new DCs as needed.

大型企業面臨世界各地的基礎結構,需要更複雜的計劃。In a large enterprise faced with a worldwide infrastructure, a more sophisticated plan is needed. 第一階段通常是還原 AD 即服務。這表示策略性安裝放網域控制站的所有重要的商業部門和應用程式可以再次開始工作。The first phase is usually to restore the AD as a service; this means to install strategically placed DCs such that all critical business divisions and applications can start working again. 可能可以接受分公司暫時減少根據這效能。It may be acceptable for branch offices to temporarily have reduced performance as a result of this. 為第二個階段所有剩餘和較不重要網域控制站的部署。As a second phase, all remaining and less critical DCs are redeployed.

有兩種方法可以安裝其他 Dc,會自動這兩種:There are two methods to install additional DCs, both of which can be automated:

  • 複製Cloning

    模擬環境中執行 Windows Server 2012,複製是復原大量的網域控制站的最快速、 最簡單的方式。For virtualized environments that run Windows Server 2012, cloning is the fastest and simplest way to recover a large number of DCs. 從備份還原單一模擬的 DC 之後,您就可以自動網域中的所有模擬 Dc 復原。You can automate the recovery of all virtualized DCs in a domain after you restore a single virtualized DC from backup.

    如需有關複製與必要條件的詳細資訊,請Active Directory Domain Services (AD DS) 模擬 (層級 100) 簡介For more information about cloning and prerequisites, see Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100).

  • 使用 Windows PowerShell 伺服器上執行 Windows Server 2012 (或執行舊版 Windows Server 的伺服器上 Dcpromo.exe) 或使用的使用者介面重新安裝 AD DSRe-install AD DS by using Windows PowerShell on servers that run Windows Server 2012 (or Dcpromo.exe on servers that run earlier versions of Windows Server) or by using the user interface

    若要加速重新安裝 AD DS,您可以使用安裝媒體 (IFM) 選項,在安裝期間減少複寫流量。To expedite re-installing AD DS, you can use Install from Media (IFM) option to reduce replication traffic during the installation. 如需有關使用ntdsutil ifm命令來建立安裝媒體,請查看從媒體安裝 AD DSFor more information about using the ntdsutil ifm command to create installation media, see Installing AD DS from Media.

    請考慮將模擬俠複製或安裝 (而不是從備份還原) AD DS 復原森林中每個複本俠下列其他點數︰Consider the following additional points for each replica DC that is recovered in the forest by virtualized DC cloning or by installing AD DS (as opposed to restoring from backup):

  • 在適用於複製做為來源網域控制站的所有軟體都必須複製。All software on a DC that is used as the source for cloning must be able to be cloned. 應用程式與服務無法複製應該先移除車載機起始 [複製。Applications and services that cannot be cloned should be removed before cloning is initiated. 如果不能,要尋找替代模擬的俠應該選擇做為來源。If that is not possible, an alternative virtualized DC should be chosen as the source.

  • 如果您要複製的第一次還原模擬 DC 其他模擬的 Dc,將需要來源 DC 關機時將其 VHDX 檔案複製。If you clone additional virtualized DCs from the first virtualized DC to be restored, the source DC will need to be shut down while its VHDX file is copied. 然後必須是執行,並提供 online 時複製 virtual 網域控制站的第一次開始。Then it will need to be running and available online when the clone virtual DCs are first started. 如果無法接受的第一個復原俠所需的關機當機,來安裝做為來源複製到 AD DS 部署其他模擬的俠。If the downtime required by the shutdown is not acceptable for the first recovered DC, deploy an additional virtualized DC by installing AD DS to act as the source for cloning.

  • 還有複製模擬的俠或伺服器您想要安裝 AD DS 無限制的主機名稱。There is no restriction on the host name of the cloned virtualized DC or the server on which you want to install AD DS. 您可以使用新的主機名稱或之前所使用的主機名稱。You can use a new host name or the host name that was in use previously. 如需 DNS 名稱的主機語法的詳細資訊,請查看建立 DNS 名稱電腦(https://go.microsoft.com/fwlink/?LinkId=74564)。For more information about DNS host name syntax, see Creating DNS Computer Names (https://go.microsoft.com/fwlink/?LinkId=74564).

  • 將每個森林 (還原根網域中的第一個 DC) 中的第一個 DNS 伺服器的伺服器設定為慣用 DNS 伺服器中的 [網路介面卡 TCP/IP 屬性。Configure each server with the first DNS server in the forest (the first DC that was restored in the root domain) as the preferred DNS server in the TCP/IP properties of its network adapter. 如需詳細資訊,請查看設定 TCP/IP 使用 DNSFor more information, see Configure TCP/IP to use DNS.

  • 藉由模擬俠複製如果幾個 Rodc 中央位置,以部署或重新它們移除或重新安裝 AD DS,如果在隔離所在位置,例如分公司排列部署建置的傳統方法,重新網域中的所有 Rodc 都部署。Redeploy all RODCs in the domain, either by virtualized DC cloning if several RODCs are deployed in a central location, or by the traditional method of rebuilding them by removing and reinstalling AD DS if they are deployed individually in isolated located locations such as branch offices.

    重建 Rodc 確保它們不包含任何延遲物件,而且可協助避免發生稍後複寫衝突。Rebuilding RODCs ensures that they do not contain any lingering objects and can help prevent replication conflicts from occurring later. 當您移除 AD DS RODC,從選擇俠中繼資料的保留When you remove AD DS from an RODC, choose the option to retain DC metadata. 使用此選項的 RODC 保留 krbtgt account 保留的權限委派的 RODC 管理員和密碼複寫原則 (PRP),並避免您要移除 RODC 上重新安裝 AD DS 使用網域管理員認證。Using this option retains the krbtgt account for the RODC and retains the permissions for the delegated RODC administrator account and the Password Replication Policy (PRP), and prevents you from having to use Domain Admin credentials to remove and reinstall AD DS on an RODC. 它也會保留的 DNS 伺服器,與通用角色如果安裝它們的 RODC 原始。It also retains the DNS server and global catalog roles if they are installed on the RODC originally.

    當您重新建立網域控制站 (Rodc 或寫入網域控制站),可能會增加複寫資料傳輸期間它們重新安裝。When you rebuild DCs (RODCs or writeable DCs), there may be increased replication traffic during their reinstallation. 若要協助降低的影響,您可以交錯排程 RODC 安裝,而您可以使用的安裝的媒體 (IFM) 選項。To help reduce that impact, you can stagger the schedule of the RODC installations, and you can use the Install From Media (IFM) option. 如果您使用的 IFM 選項,請執行ntdsutil ifm在您信任為免費,損壞資料寫入網域控制站的命令。If you use the IFM option, run the ntdsutil ifm command on a writeable DC that you trust to be free of damaged data. 這有助於避免可能損壞 AD DS 重新安裝完成後,在 RODC 出現。This helps prevent possible corruption from appearing on the RODC after the AD DS reinstallation is complete. 如需 IFM 的詳細資訊,請查看從媒體安裝 AD DSFor more information about IFM, see Installing AD DS from Media.

    如需有關重建 Rodc 的詳細資訊,請查看RODC 移除並重新安裝For more information about rebuilding RODCs, see RODC Removal and Reinstallation.

  • 如果 DC 已執行 DNS 伺服器服務之前樹系發生問題,請安裝並 AD DS 在安裝期間設定 DNS 伺服器服務。If a DC was running the DNS Server service before the forest malfunction, install and configure the DNS Server service during the installation of AD DS. 否則,設定為先前的 DNS 用與其他 DNS 伺服器。Otherwise, configure its former DNS clients with other DNS servers.

  • 如果您需要額外的全球目錄分享驗證或查詢載入的使用者或應用程式,您可以加入通用來源擬化俠檔案之前,請先複製或可以 AD DS 在安裝期間使 DC 通用伺服器。If you require additional global catalogs to share authentication or query load for users or applications, you can either add the global catalog to the source virtualized DC before cloning or you can make a DC a global catalog server during the installation of AD DS.

