管理多 Active Directory 森林中的資源Manage Resources in Multiple Active Directory Forests

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用本主題以了解如何使用 IPAM 管理網域控制站、DHCP 伺服器,並在多個 Active Directory 樹系的 DNS 伺服器。You can use this topic to learn how to use IPAM to manage domain controllers, DHCP servers, and DNS servers in multiple Active Directory forests.

若要使用 IPAM 管理遠端 Active Directory 森林中的資源,每個您想要管理樹系必須兩種方式信任的樹系安裝 IPAM 的位置。To use IPAM to manage resources in remote Active Directory forests, each forest that you want to manage must have a two way trust with the forest where IPAM is installed.

若要探索不同的 Active Directory 樹系的程序,請打開伺服器管理員並按一下 IPAM。To start the discovery process for different Active Directory forests, open Server Manager and click IPAM. 在 IPAM client 主控台中,按一下 [設定伺服器探索,然後按一下 [取得森林In the IPAM client console, click Configure Server Discovery, and then click Get forests. 在這樣的背景工作探索受信任的樹系與他們的網域。This initiates a background task that discovers trusted forests and their domains. 探索程序完成之後,請按一下設定伺服器探索,這會下列。After the discovery process completes, click Configure Server Discovery, which opens the following dialog box.

設定伺服器探索

注意

適用於群組 Policy\ 型提供 Active Directory 跨樹系案例,確保您執行下列 Windows PowerShell cmdlet IPAM 伺服器上,而不是在 Dc 信任的網域。For Group Policy-based provisioning for an Active Directory Cross Forest scenario, ensure that you run the following Windows PowerShell cmdlet on the IPAM server and not on the trusting domain DCs. 做為範例,如果 IPAM 伺服器樹系 corp.contoso.com 所加入,且信任的樹系 fabrikam.com,您可以執行下列 Windows PowerShell cmdlet IPAM 在伺服器上的群組 Policy\ 型提供 fabrikam.com 樹 corp.contoso.com。As an example, if your IPAM server is joined to the forest corp.contoso.com and the trusting forest is fabrikam.com, you can run the following Windows PowerShell cmdlet on the IPAM server in corp.contoso.com for Group Policy-based provisioning on the fabrikam.com forest. 若要執行下列 cmdlet,您必須是 fabrikam.com 森林中網域管理群組成員。To run this cmdlet, you must be a member of the Domain Admins group in the fabrikam.com forest.

Invoke-IpamGpoProvisioning -Domain fabrikam.COM -GpoPrefixName IPAMSERVER -IpamServerFqdn IPAM.CORP.CONTOSO.COM

設定伺服器探索對話方塊中,按一下 [選取樹系,然後選擇您想要管理 IPAM 的樹系。In the Configure Server Discovery dialog box, click Select the forest, and then choose the forest that you want to manage with IPAM. 也選取您想要管理,然後按一下 [網域新增Also select the domains that you want to manage, and then click Add.

選擇要探索伺服器角色,為您想要管理每個網域,指定的伺服器來探索類型。In Select the server roles to discover, for each domain that you want to manage, specify the type of servers to discover. 這些選項網域控制站DHCP 伺服器,並的 DNS 伺服器The options are Domain controller, DHCP server, and DNS server.

根據預設,發現網域控制站、DHCP 伺服器和 DNS 伺服器-,如果您不想要找出這類的伺服器的其中一個,請確定您取消選取核取方塊,該選項。By default, domain controllers, DHCP servers, and DNS servers are discovered - so if you do not want to discover one of these types of servers, ensure that you deselect the checkbox for that option.

範例圖例上述 contoso.com、樹系會安裝 IPAM 伺服器,並根 fabrikam.com 樹系的網域新增 IPAM 管理。In the example illustration above, the IPAM server is installed in the contoso.com forest, and the root domain of the fabrikam.com forest is added for IPAM management. 選取的伺服器角色允許 IPAM 探索及管理網域控制站、DHCP 伺服器及 fabrikam.com 根網域 contoso.com 根網域中的 DNS 伺服器。The selected server roles allow IPAM to discover and manage domain controllers, DHCP servers, and DNS servers in the fabrikam.com root domain and the contoso.com root domain.

森林、網域及伺服器角色指定您之後,請按[確定]After you have specified forests, domains, and server roles, click OK. IPAM 執行探索並探索完成時,您可以管理本機和遠端森林中的資源。IPAM performs discovery, and when discovery completes, you can manage resources in both the local and remote forest.