部分的に名前が変更されたドメインコントローラーの後でActive Directoryをどのように修復しますか?
名前の変更中にクラッシュした2008サーバー(DCのみ))があります。その結果、システムの名前が半分変更されたままになりました。コンピュータ名はDC1に変更されましたが、まだ多数ありました。 DNSやActive DirectoryなどのDC2(古いコンピューター名)への参照。
その結果、Netlogonサービスが開始されず、Active Directoryにアクセスできません。約8時間のハードワークの後、私は手動でDNSレコードを編集し、ADSIEditを使用してActive Directoryレコードを更新することで、ある程度の進歩を遂げることにしました。
Netdiagを実行すると、次の出力が表示されます...
Computer Name: DC1
DNS Host Name: dc1.school.local
System info : Windows Server (R) 2008 Standard (Build 6002)
Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel
Hotfixes : none detected
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.
GetStats failed for 'isatap.{A9F5A39A-FD61-44C4-BE9F-1E4BD5A3B546}'. [ERROR_GEN_FAILURE]
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.1.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.3
127.0.0.1
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A9F5A39A-FD61-44C4-BE9F-1E4BD5A3B546}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[FATAL] File \config\netlogon.dns contains invalid DNS entries. [FATAL] File \config\netlogon.dns contains invalid DNS entries. [FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A9F5A39A-FD61-44C4-BE9F-1E4BD5A3B546}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A9F5A39A-FD61-44C4-BE9F-1E4BD5A3B546}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'SCHOOL'. [ERROR_NO_SUCH_DOMAIN]
DC list test . . . . . . . . . . . : Failed
'SCHOOL': Cannot find DC to get DC list from [test skipped].
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Skipped
'SCHOOL': Cannot find DC to get DC list from [test skipped].
LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The specified domain either does not exist or could not be contacted.
[WARNING] Cannot find DC in domain 'SCHOOL'. [ERROR_NO_SUCH_DOMAIN]
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
dcdiagが返されます...
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Replications
......................... DC1 passed test Replications
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\DC1\netlogon)
[DC1] An Net Use or LsaPolicy operation failed with error 67, Win32 Error 67.
......................... DC1 failed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (DC1) call failed, error 1355
The Locator could not find the server.
......................... DC1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
Failed with 8481: Win32 Error 8481
Could not get Rid set Reference :failed with 8481: Win32 Error 8481
......................... DC1 failed test RidManager
Starting test: MachineAccount
***Error: The server DC1 is missing its machine account. Try running
with the /repairmachineaccount option.
* The current DC is not in the domain controller's OU
......................... DC1 failed test MachineAccount
Starting test: Services
w32time Service is stopped on [DC1]
NETLOGON Service is stopped on [DC1]
......................... DC1 failed test Services
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x800004C8
Time Generated: 07/01/2009 09:42:01
Event String: An attempt by the local domain controller to
An Warning Event occured. EventID: 0x800004C8
Time Generated: 07/01/2009 09:47:01
Event String: An attempt by the local domain controller to
......................... DC1 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x000015E2
Time Generated: 07/01/2009 09:42:21
Event String: An internal error occurred while accessing the
An Error Event occured. EventID: 0xC25A002E
Time Generated: 07/01/2009 09:42:23
Event String: The time service encountered an error and was
An Error Event occured. EventID: 0xC0001B6F
Time Generated: 07/01/2009 09:43:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B6F
Time Generated: 07/01/2009 09:43:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B72
Time Generated: 07/01/2009 09:43:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000469
Time Generated: 07/01/2009 09:45:00
Event String: The processing of Group Policy failed because of
An Error Event occured. EventID: 0x00000456
Time Generated: 07/01/2009 09:45:43
Event String: The processing of Group Policy failed. Windows
An Error Event occured. EventID: 0xC000042B
Time Generated: 07/01/2009 09:49:19
Event String: The terminal server cannot register 'TERMSRV'
......................... DC1 failed test systemlog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : School
Starting test: CrossRefValidation
......................... School passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... School passed test CheckSDRefDom
Running enterprise tests on : School.local
Starting test: Intersite
......................... School.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... School.local failed test FsmoCheck
これらから、問題は依然としてDNSにあると確信していますが、どこにあるかはわかりません。誰かアドバイスはありますか?
名前を変更する前の状態に戻し、プロセスを最初からやり直してください。
うわー、それは混乱です。
さて、まず 'netdom query FSMO'を実行してFSMOの役割を確認し、古いサーバー名がFSMOの役割の所有者であるかどうかを確認します。これが当てはまる場合は、次のリンクの手順に従ってFSMOの役割を取得して取得します。それらを正しいサーバー名の下に置きます。すべてが新しい名前に転送されるわけではありません。メタデータを消去する必要があります。これはNTDSUTILを使用して行われます。
メタデータのクリーニング-> http://technet.Microsoft.com/en-us/library/cc736378%28WS.10%29.aspx
次に、dcdiag/repairmachineaccountを実行して、その結果が得られるかどうかを確認します。結果が得られる場合は、マシンアカウントを修正してドメインコントローラーOUに配置します。
次に、DCDIAGとNETDIAGを再度実行して、個々のエラーの処理を開始します。エラーをグーグルして、個々の原因を修正できるかどうかを確認します。
FSMOの役割の大部分を保持していた失敗したDCの観点からこれを見ていきます。古いサーバー名がRID、インフラストラクチャ、スキーマを保持しているように見えるエラーが表示されますdcdiagのノウノウホルダーテストでそのように表示されない場合でもマスターします。