最後更新: 2023-08-18
目錄
- Test replication
- Force sysvol replication
- repadmin
Test replication
dcdiag /test:replications
Output
Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = exserver * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\EXSERVER Starting test: Connectivity ......................... YOUR_DOMAIN passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\EXSERVER Starting test: Replications ......................... YOUR_DOMAIN passed test Replications Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : YOUR_DOMAIN Running enterprise tests on : YOUR_DOMAIN.local
Force sysvol replication
Mothed 1: Restart the FRS service
- C:\>net stop ntfrs
- C:\>net start ntfrs
Mothed 2: repadmin
repadmin.exe /syncall
CALLBACK MESSAGE: The following replication is in progress: From: Source-UUID._msdcs.YOUR_DOMAIN.local To : Dest-UUID._msdcs.YOUR_DOMAIN.local CALLBACK MESSAGE: The following replication completed successfully: From: Source-UUID._msdcs.YOUR_DOMAIN.local To : Dest-UUID._msdcs.YOUR_DOMAIN.local CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors.
repadmin
# replications 的 summary
repadmin /replsum /sort:delta [AD_NAME]
Largest Delta: The longest replication gap amongst all site links for a particular domain controller. (對比當前時間)
Fail: The total number of replica links failing to replicate
Total: the replica links for a particular domain controller
* By default, the replication model is pull-based (Destination -- pull -- Source)
# Display the replication partners
repadmin /showrepl [partners]
# Initiate a replication event
# Sync from server1.microsoft.com to server2.microsoft.com completed successfully.
repadmin /replicate server2.microsoft.com server1.microsoft.com dc=microsoft,dc=com
# Display the context handles for the replication process
* show the open connections to the server that are established by remote servers.
repadmin /showctx
ntfrsutl
ntfrsutl forcerepl [computer] /r SetName /p DnsName
= Force FRS to start a replication cycle ignoring the schedule
.
= Specify the SetName and DnsName.
computer = talk to the NtFrs service on this machine.
SetName = Name of the replica set.
DnsName = DNS name of the inbound partner to force repl from.
# List roles for connected server
ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server <servername>
server connections: q
FSMO maintenance: select operation target
select operation target: list roles
Win2000
select operation target: list roles for connected server
Schema Master(forest) - One master role holder per forest. The schema master FSMO role holder is the domain controller responsible for performing updates to the directory schema.
Domain Naming Master(forest) - One master role holder per forest. The domain naming master FSMO role holder is the DC responsible for making changes to the forest-wide domain name space of the directory.
Infrastructure Master(domain) - One master role holder per domain. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference.
* responsible for updating an object's SID and distinguished name in a cross-domain object reference
RID Master (domain)- One master role holder per domain. The RID master FSMO role holder is the single DC responsible for processing RID Pool requests from all DCs within a given domain.
* responsible for processing RID pool requests from all domain controllers
PDC Emulator - One master role holder per domain. The PDC emulator FSMO role holder is a Windows 2000 DC that advertises itself as the primary domain controller (PDC) to earlier version workstations, member servers, and domain controllers. It is also the Domain Master Browser and handles password discrepancies.
* "synchronize time in an enterprise"
* Account lockout is processed on the PDC emulator.
* Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
* Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share
* performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC
================================================
# performs updates to certain objects in a single-master fashion.
# the last writer wins
元素
Schema
The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time.
Domain Naming
Unless you are going to run DCPROMO, then you will not miss this FSMO role.
RID
Chances are good that the existing DCs will have enough unused RIDs to last some time, unless you're building hundreds of users or computer object per week.
PDC Emulator
Will be missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time synchronization in the domain, you will probably not be able to change or troubleshoot group policies and password changes will become a problem.
Infrastructure
Group memberships may be incomplete. If you only have one domain, then there will be no impact.
================================================
The following table summarizes the FSMO seizing restrictions:
Original must be reinstalled ( GUI 已唔做到)
Schema
Domain Naming
RID
Can transfer back to original (可以在 GUI 做到)
PDC Emulator
Infrastructure
dcpromo
Actuve Durectiory database / log:
C:\winnt\ntds
c:\winnt\sysvol <--- ntfs v5
domain 's public file
Administrative Tools -> Active Directory Users and Computers
Administrative Tools -> Active Directory Domains and Trusts
Troubleshoot
AD Replication error 1722: The RPC server is unavailable
mismatch on the SRV records in the DNS for the two DCs.
A "dcdiag /fix" will re-register the DNS records for the DC and should fix that up.
You can adjust the RPC port in the registry then you have to restart it once done.
regedit->local machine->software->microsoft->rpc->internet then
change the port from default 5000-5002 to 5000-5200 (minimum adjustment is 200).