Ukubuyisela nokubuyisela isilawuli sesizinda sendawo esonakele

Uma isilawuli sesizinda sonakala noma sibuyiselwa ngendlela engafanele, ukwesaba kuba kukhulu kakhulu: Ukungena ngemvume kuyahluleka, ama-GPO ayayeka ukusebenzisa, futhi ukukopisha kuyaphela ngaphandle kwezinkomba.Izindaba ezinhle ukuthi kunezinqubo ezicacile zokuthola i-DC ebonakalayo noma ebonakalayo, uma nje izindlela zokusekela nokubuyisela ezamukelekile ziyahlonishwa.

Ezindaweni zesimanje ze-Windows Server, ukubuyisela isilawuli sesizinda kudinga ukuqonda okuhle kwemiqondo efana nokuthi isimo sesistimu, ukubuyiselwa okugunyaziwe/okungekona okugunyaziwe, i-SYSVOL, i-DFSR/FRS kanye ne-USN rollbacksUma lezi zinkinga zixazululwa ngokushesha noma ngamathuluzi okuthwebula izithombe angahambisani, umphumela ungaba ihlathi eligcwele ukungavumelani okuthule okunzima kakhulu ukukuthola.

Kungani kubalulekile ukuvikela nokubuyisela isilawuli sesizinda ngendlela efanele

I-Active Directory iyinhliziyo yokuqinisekisa nokugunyazwa esizindeni se-WindowsIgcina abasebenzisi, amakhompyutha, amaqembu, ubudlelwano bokuthembana, izinqubomgomo zamaqembu, izitifiketi, nezinye izinto ezibalulekile. Lolu lwazi luhlala kakhulu kudathabheyisi. I-Ntds.dit, amafayela elogi ahlobene kanye nefolda I-SYSVOL, phakathi kwezinye izingxenye ezakha lokho okubizwa ngokuthi “isimo sohlelo”.

Isimo sohlelo sihlanganisa, phakathi kwezinye izinto, Amafayela elogi ye-Active Directory kanye nedatha, i-Windows Registry, ivolumu yesistimu, i-SYSVOL, isizindalwazi sesitifiketi (uma kukhona i-CA), i-metabase ye-IIS, amafayela okuqalisa, kanye nezingxenye zesistimu yokusebenza ezivikelweNgakho-ke, noma yiliphi isu lokuqhubeka kwebhizinisi eliqinile kumele lifake phakathi ukugcinwa njalo kwesimo sesistimu sesikhungo ngasinye sedatha.

Uma kwenzeka ukonakala kwangempela kwesizindalwazi se-Active Directory, ukwehluleka okukhulu kokuphindaphinda, noma inkinga nge izimvume zivuliwe I-SYSVOLIsilawuli sesizinda singase siyeke ukucubungula imibuzo, sihluleke ukuqala izinsizakalo ze-Active Directory, noma sibangele amaphutha okusabalalisa kulo lonke ihlathi. Kulezi zimo, Ukululama okusheshayo nokufanelekile kwenza umehluko phakathi kwesigameko esingathi sína nenhlekelele ende..

Ngaphambi kokuzama ukubuyisela, kubalulekile ukuhlukanisa phakathi kwenkinga yangempela yedathabheyisi kanye nokwehluleka okuvamile. Kaningi, Imbangela ilele ku-DNS, izinguquko zenethiwekhi, ama-firewall, noma imizila eguqulwe ngamathuluzi afana nalawa netsh umyaloNgakho-ke, kuyalulekwa ukuthi ukhiphe lezi zici kuqala ngaphambi kokuthinta i-database ye-AD.

Amathuluzi ayisisekelo okuxilonga nokulawula ukuphindaphinda

Uma kwenzeka izimpawu zokonakala noma ukwehluleka kokuphindaphinda, isinyathelo sokuqala esinengqondo ukuhlola isimo sendawo usebenzisa amathuluzi endabuko. I-DCDiag, i-Repadmin, i-ReplMon (ezinguqulweni ezindala) kanye ne-Event Viewer Bangabangane bakho abangcono kakhulu ngaphambi kokucabangela ukulungisa kabusha ngobudlova.

cunt I-DCDiag Kuhlolwa okuvamile kwabo bonke abalawuli besizinda, kutholakale izinkinga ngezinsizakalo zokukopisha, i-DNS, i-AD DS, njll. Ukulawula kabusha Ikuvumela ukuthi ubuke isimo sokuphindaphindwa, ozakwethu bokuphindaphindwa, ama-watermark e-USN, futhi uthole izinto eziqhubekayo. Ezinguqulweni ezindala ze-Windows, PhendulaMon Inikeze umbono ocacile wamaphutha okuphindaphinda ngaphakathi kwesizinda.

Ngaphezu kwala mathuluzi, kubalulekile ukubuyekeza i-Event Viewer ye-“Directory Services” kanye ne-“DFS Replication”. Imicimbi efana no-467 no-1018 ikhomba ekonakaleni kwangempela kwedatha, kuyilapho imicimbi 1113/1115/1114/1116 ihlobene nokunika amandla noma ukukhubaza ukukopisha okufakwayo/okukhiphayo.

Uma i-DC esolwayo idinga ukuhlukaniswa okwesikhashana ukuze ivimbele ukusabalalisa inkohlakalo, singakwazi Khubaza ukukopisha okungenayo nokuphumayo nge-Repadmin:

repadmin /options DCNAME +DISABLE_INBOUND_REPL
repadmin /options DCNAME +DISABLE_OUTBOUND_REPL

Futhi ukuze ubuyisele ukukopisha kube okuvamile, vele ususe lezo zinketho:

repadmin /options DCNAME -DISABLE_INBOUND_REPL
repadmin /options DCNAME -DISABLE_OUTBOUND_REPL

Ama-backup esistimu asekelwayo kubalawuli besizinda

Ukuze ukwazi ukubuyisa i-DC eneziqinisekiso, kubalulekile ukuba nayo Ukusekela ngokulondoloza isimo sesistimu kwenziwa kusetshenziswa amathuluzi ahambisana ne-Active DirectoryLawa mathuluzi asebenzisa ama-API e-Microsoft okusekelayo nokubuyisela kanye ne-Volume Shadow Copy Service (VSS) ngendlela esekelwayo.

Phakathi kwezixazululo ezivame kakhulu yilezi: I-Windows Server Backup, izixazululo zezinkampani zangaphandle ezihlanganiswe ne-VSS (njenge-NAKIVO, i-Backup Exec, nezinye)noma izinsiza ezindala ezifana I-Ntbackup ku-Windows 2000/2003. Kuzo zonke izimo, kumele bahloniphe ama-AD API ukuqinisekisa ukuvumelana kwedatha kanye namakhophi ayo ngemva kokulungiswa.

I-Windows Server 2012 kanye nezinguqulo zakamuva zinezici ezintsha ezibalulekile: I-ID Yesizukulwane Se-Hyper-V (i-GenID)Lesi sihlonzi sivumela isilawuli sesizinda esibonakalayo ukuthi sithole ukuthi idiski yaso ibuyiselwe emuva esikhathini esidlule. Uma lokhu kwenzeka, I-AD DS ikhiqiza i-InvocationID entsha futhi iphatha lesi simo njengokungathi sibuyiselwe emuva kokwenza isipele ngempumelelo.ukwazisa ozakwabo bokukopisha, ngaleyo ndlela kuvumela ukubhala kabusha okuphephile ngaphandle kokufaka i-USN rollback.

Kubalulekile ukuhlonipha impilo yamatshe ethuneniLokhu kubonisa ukuthi isipele sesimo sesistimu singasetshenziswa isikhathi esingakanani ngaphandle kokufaka engcupheni ukubuyiselwa kwezinto ezisusiwe kudala. Ngokuvamile kuba yizinsuku ezingu-180 ezinguqulweni zanamuhla, futhi kunconywa ukwenza izipele okungenani njalo ezinsukwini ezingu-90 ukuze kulondolozwe isilinganiso esanele sokuphepha.

Izindlela ezingagunyaziwe ezibangela ukuguqulwa kwe-USN

Esinye sezimbangela eziyingozi kakhulu zokungahambisani buthule ku-Active Directory yi- Ukubuyiselwa emuva kwe-USNLesi simo senzeka lapho okuqukethwe kwedatha ye-AD kubuyiselwa emuva kusetshenziswa indlela engasekelwa, ngaphandle kokuthi i-InvocationID ibuyiselwe noma ozakwethu bokukopisha baziswe.

Isimo esijwayelekile ukuqala i-DC kusuka ku- disk isithombe noma isithombe somshini obonakalayo esithathwe esikhathini esidlulengaphandle kokusebenzisa ukubuyiselwa kwesistimu okuhambisanayo. Noma kopisha ifayela le-Ntds.dit ngqo, sebenzisa izinhlelo zokuthwebula izithombe ezifana ne-Ghost, qalisa kusuka esibukweni sediski esiphukile, noma uphinde usebenzise isithombe sesitoreji ezingeni le-array.

Kulezi zimo, isilawuli sesizinda siyaqhubeka nokusebenzisa i-InvocationID efanayo njengangaphambili, kodwa Ikhawunta ye-USN yendawo ibuyela emuvaAmanye ama-DC akhumbula ukuthola izinguquko ezifika ku-USN ephezulu, ngakho-ke lapho i-DC ebuyiselwe emuva izama ukuthumela ama-USN aqashelwe kakade, Abalingani babo bakholelwa ukuthi banolwazi lwakamuva futhi bayayeka ukwamukela izinguquko eziqondile.

Umphumela uba ukuthi izinguquko ezithile (isibonelo, ukudalwa komsebenzisi, izinguquko zephasiwedi, ukubhaliswa kwedivayisi, izinguquko zobulungu beqembu, amarekhodi amasha e-DNSLa maphutha awalokothi aphindwe kusukela ku-DC evuselelwe kuya kulo lonke inethiwekhi, kodwa amathuluzi okuqapha angase angabonisi amaphutha acacile. Lokhu kuyingozi kakhulu ukwehluleka buthule.

Ukuze uthole lezi zimo, abashayeli be-Windows Server 2003 SP1 kanye nabakamuva bangena ngemvume ku- Umcimbi Wezinsizakalo Zesiqondisi 2095 Uma i-DC ekude itholakala ithumela ama-USN aqinisekisiwe kakade ngaphandle kokushintsha ku-InvocationID, uhlelo Ihlukanisa i-DC ethintekile, imise i-Netlogon, futhi ivimbele ezinye izinguquko ukuthi zenzeke. lokho bekungenakuphindwa ngendlela efanele.

Njengobufakazi obengeziwe bokucwaswa ngokomthetho, kungenza okufanele kuboniswe ku-Registry ukhiye I-HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters nenani I-Dsa AyibhalekiUma leli nani lisethiwe (isb., 0x4), libonisa ukuthi i-DC ifakwe esimweni sokungabhali ngokutholwa kokuguqulwa kwe-USN. Ukushintsha leli nani ngesandla ukuze "lilungiswe" akusekelwe nhlobo. futhi ishiya isizindalwazi sisesimweni esingaguquguquki unomphela.

Amasu ajwayelekile uma kwenzeka inkohlakalo noma ukuguqulwa kwesilawuli sesizinda

Inqubo okufanele ilandelwe lapho ubhekene ne-DC eyonakele noma evuselelwe ngendlela engafanele incike ezintweni eziningana: Inani labalawuli besizinda esizindeni/ehlathini, ukutholakala kwamakhophi asebenzayo esimo sesistimu, ukuba khona kwezinye izindima (i-FSMO, i-CA, ikhathalogi yomhlaba wonke), kanye nobubanzi besikhathi senkinga.

Uma kukhona amanye ama-DC anempilo kulesi sizinda futhi Akukho datha ebalulekile eyingqayizivele kusilawuli sesizinda esonakeleInketho esheshayo nehlanzekile kakhulu ngokuvamile ukususa leso silawuli sesizinda bese usakha kabusha. Kodwa-ke, uma kuyisona sodwa isilawuli sesizinda, noma uma siphethe izindima nedatha ebucayi, kuzodingeka ukulungiswa ngokucophelela (okugunyaziwe noma okungekho emthethweni).

Ngokuvamile, izinketho yilezi:

• Yehlisa ngenkani i-DC eyonakele bese uyisusa esizindeni, kulandelwe ukuhlanzwa kwemethadatha, futhi uma kusebenza, ukukhushulwa okusha.
• Buyisela kusuka kukhophi yasenqolobaneni yesimo sesistimu evumelekile, kungakhathaliseki ukuthi kusesimweni esinegunya noma esingesona esigunyazayo.
• Yakha kabusha i-DC kusuka kwenye usebenzisa i-IFM (Faka Kusuka Kumidiya), lapho kungekho ikhophi yakamuva kodwa kukhona amanye ama-DC afanele.
• Ukusebenzisa isithombe se-VHD se-DC ebonakalayo, kusetshenziswa izinyathelo ezengeziwe zokumaka isizindalwazi njengebuyiselwe kusuka kusipele (Isizindalwazi sibuyiselwe kusuka kusipele = 1) nokuqinisekisa ukuthi kukhiqizwa i-InvocationID entsha.

Uma ukugoqwa kwe-USN kusolwa ngokusobala (isibonelo, ngemva kokubuyisela i-VM kusuka esithombeni ngaphandle kokulandela imikhuba emihle kakhulu) futhi kuvela umcimbi 2095, isinyathelo esinengqondo kakhulu ngokuvamile uku Susa leyo DC kusevisi futhi ungazami "ukuyilungisa" lapho isebenza khona., ngaphandle kokuthi kungenzeka ukubuyela esisekelweni sesimo sesistimu esisekelwe esithathwe ngaphambi kokubuyiselwa emuva.

Ukukhushulwa kwesikhundla ngenkani kanye nokuhlanzwa kwemethadatha

Uma isilawuli sesizinda sonakele kangangokuthi asikwazi ukwehliswa ngokwejwayelekile, noma sibuyiselwe ngendlela engafanele futhi ufuna ukusivimbela ekusabalaliseni izinkinga, ungasebenzisa i- ukuphoqwa ukwehliswa esikhundleni.

Ezinguqulweni ezindala, lo msebenzi wenziwa nge i-dcpromo /ukususwa kwamandla, ini Susa indima ye-AD DS ngaphandle kokuzama ukuphinda izinguquko kulo lonke ihlathi.Ezindaweni zanamuhla umthakathi ushintshile, kodwa umqondo uyafana: ukususa i-DC eyinkinga ku-topology ye-AD ngaphandle kokuthi ihlanganyele ekuphindaphindweni okwengeziwe.

Ngemva kokwehliswa ngenkani, kuyimpoqo ukwenza umyalo ovela ku-DC ophilile. ukuhlanzwa kwemethadatha usebenzisa ithuluzi I-NtdsutilLe nqubo isusa zonke izinkomba ze-DC esusiwe (izinto zezilungiselelo ze-NTDS, izinkomba ze-DNS, njll.) kusizindalwazi se-AD, ukuze akukho zinsalela "zezipoki" ezisele ukuze kudideke ukuphindaphindwa.

Uma isilawuli esiwohlokile sinezindima ze-FSMO (i-PDC Emulator, i-RID Master, i-Schema Master, njll.), kuzodingeka ukuthi udlulisela noma uthatha lezo zindima kuya kwenye i-DC ngaphambi noma ngemva kokwehliswa kwesistimu, kuye ngesimo. Kamuva, uhlelo lokusebenza lungafakwa kabusha kuleyo seva futhi lungakhushulwa lubuyele ku-DC ehlanzekile.

Ukubuyiselwa okungekhona okugunyaziwe vs. okunegunya ku-Active Directory

Uma ikhophi evumelekile yesimo sesistimu itholakala, ukubuyiselwa kwe-AD kungenziwa ngezindlela ezimbili: okungewona onegunya futhi okunegunyaUkuqonda umehluko kubalulekile ekungaphuthelweni izinguquko zakamuva noma ukuphinda idatha esiphelelwe yisikhathi.

Ku-a ukubuyiselwa okungekho emthethweniI-DC ibuyiselwa endaweni yangaphambilini, kodwa uma isiqalile, Abanye abalawuli besizinda babhekwa njengereferensiNgamanye amazwi, ngemva kokuqalisa, i-DC ebuyiselwe icela ukukopishwa kwangaphakathi futhi ibuyekeza isizindalwazi sayo nganoma yiziphi izinguquko ezingekho kwamanye ama-DC. Le nketho ilungele uma i-PC iqalisa kabusha. Kukhona ezinye izilawuli eziphilile, futhi sifuna lezo ezilungisiwe zikwazi ukubhekana nazo..

Ku-a ukubuyiselwa kobushiqelaNokho, kushiwo ngokusobala ukuthi Idatha ebuyiselwe yiyo okufanele inqobe. ngaphezu kwalokho amanye ama-DC anakho. Lokhu kusho ukuthi, ngemva kokubuyiselwa, izinto ezitholiwe zizoba nenombolo yenguqulo ephezulu ukuze ziphoqelelwe ukuthi ziphindaphindwe kusukela kuleyo DC ziye kulo lonke isizinda. Kuyisinqumo esifanele lapho Sisuse izinto noma ama-OU ngephutha, noma sifuna ukubuyisela okuqukethwe yi-SYSVOL kanye ne-GPO esimweni sangaphambilini bese sikukopisha..

Imininingwane ebalulekile ukuthi ukubuyiselwa okugunyaziwe akudingeki kube yiyo yonke i-database. Nge-utility I-Ntdsutil Izinto ngazinye, izihlahla ezingaphansi (isb., i-OU), noma yonke isizinda kungaphawulwa njengegunya. Lokhu kunikeza ukuguquguquka okukhulu, isibonelo, thola kuphela umsebenzisi, iqembu, i-OU noma i-subtree dc=mycompany,dc=local.

Inqubo ejwayelekile yokubuyisela isimo sesistimu ku-DC

Uhlelo oluyisisekelo lokubuyisela isimo sesistimu se-DC (kungakhathaliseki ukuthi singokoqobo noma singokoqobo) ngamathuluzi ahambisanayo luhlala lufana: Vula i-Directory Services Restore Mode (DSRM), buyisela usebenzisa ithuluzi lokusekelayo, bese uqala kabusha.

Ngamafuphi, izinyathelo ezijwayelekile zesilawuli sesizinda esibonakalayo zizoba:

1. Qala umshini obonakalayo ku-Windows Boot Manager (ngokuvamile ngokucindezela i-F5/F8 ngesikhathi sokuqalisa). Uma i-VM ilawulwa yi-hypervisor, kungadingeka ukuthi umise umshini ukuze uthwebule inkinobho.
2. Kuzinketho zokuqalisa ezithuthukisiwe, khetha Imodi yokubuyisela amasevisi e-directory (Imodi Yokubuyisela Amasevisi Ohlu Lweziqondiso). Le modi iqala iseva ngaphandle kokufaka isizindalwazi se-Active Directory ngendlela esebenzayo.
3. Ngena ngemvume nge-akhawunti yomlawuli we-DSRM kuchazwe ngesikhathi sokukhushulwa kokuqala kwe-DC (hhayi nge-akhawunti ejwayelekile yomlawuli wesizinda).
4. Sebenzisa ithuluzi lokusekelayo kusetshenziswe (i-Windows Server Backup, i-NAKIVO noma enye ehambisanayo) bese ukhetha ukubuyisela isimo sesistimu endaweni yokusekela oyifunayo.
5. Qedela i-wizard yokubuyisela kanye Qala kabusha i-DC kwimodi evamileEkubuyiseleni okungagunyaziwe, iseva izoqala ukukopisha ukuze ihambisane namanye ama-DC.

Uma sikhuluma ngemikhiqizo yokusekelayo evela eceleni, njenge I-NAKIVO Backup & ReplicationImodi yayo "yokuqaphela uhlelo lokusebenza" iyakwazi ukubona ukuthi umshini otholwa kabusha uyi-DC futhi lungisa inqubo ngokuzenzakalelayo ukuze kulondolozwe ukuvumelana kwe-ADEzimweni eziningi ezinabalawuli abaningi, ukululama okugcwele kwimodi engeyona eyogunyazayo kwanele.

Ukubuyiselwa okugunyaziwe nge-Ntdsutil

Uma ufuna izinguquko kusilawuli sesizinda esibuyiselwe zize kuqala kunezinye, udinga ukwengeza isinyathelo esengeziwe ngemuva kokubuyiselwa okungekho emthethweni: sebenzisa i-Ntdsutil ukumaka izinto njengezinegunya.

Ukugeleza okulula kungaba:

1. Buyisela isimo sesistimu ngendlela ejwayelekile bese ushiya iseva isasebenza Imodi ye-DSRM (Ungaqali kabusha kwimodi evamile okwamanje).
2. Vula a umyalo osheshayo onamalungelo aphezulu bese ugijima ntdsutil.
3. Sebenzisa i-instance ye-AD nge sebenzisa i-instance ntds.
4. Ukungena kumongo wokubuyiselwa okugunyaziwe nge ukubuyiselwa okugunyaziwe.
5. Sebenzisa imiyalo efana restore object <DN_objeto> o restore subtree <DN_subarbol>, lapho i-DN iyigama elihlukile lento noma umuthi ongaphansi okufanele ubuyiselwe ngegunya.
6. Qinisekisa ukuthengiselana futhi, uma sekuqediwe, Qala kabusha i-DC kwimodi evamile ukuze izinto ezimakiwe ziphindwe zibe zibalulekile kunezinye izingxenye zesizinda.

Lolu hlobo lokubuyiselwa ludinga ukuqaphela okukhulu. Uma yonke isizinda ibuyiselwe ngokugunyazwa futhi isipele sesidalaKukhona ingozi yokulahlekelwa izinguquko ezisemthethweni ezenziwe ngemuva kokwenza isipele (isibonelo, ukudalwa komsebenzisi, izinguquko zephasiwedi, noma ukuguqulwa kweqembu). Ngakho-ke, kuyinto evamile ukukhawulela ukubuyiselwa okugunyaziwe ezintweni noma ezihlahleni ezidingekayo kuphela.

Ukubuyiselwa kanye nokululama kwe-SYSVOL (FRS vs DFSR)

I-SYSVOL iyisici esibalulekile sesilawuli sesizinda: Igcina izikripthi zokuqala, izinqubomgomo zeqembu, amathempulethi okuphepha, kanye nezinye izinsiza ezibalulekile ezabiwe.Ukwehluleka kwezimvume zakho, ukonakala kwamafayela, noma izinkinga zokuphindaphinda kungenza ama-GPO angasebenzi noma kubangele ukuziphatha okungajwayelekile kumakhasimende.

Kuye ngenguqulo ye-Windows Server kanye nesimo sokufuduka, i-SYSVOL ingase iphindwe yi- I-FRS (Isevisi Yokukopisha Amafayela) noma nge I-DFSR (Ukukopishwa Kwesistimu Yefayela Esatshalaliswa)Inqubo yokubuyiselwa kwe-SYSVOL okugunyaziwe iyahlukahluka kuye ngokuthi iyiphi kokubili esetshenziswayo.

Ukuze unqume lokhu, ungahlola ukhiye ku-Registry. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Ukuthutha amaSyvols\LocalStateUma le subkey ikhona futhi inani layo lingu-3 (ISELETED), i-DFSR iyasetshenziswa. Uma ingekho noma inani layo lihlukile, sibhekene nendawo esasebenzisa i-FRS.

Ezindaweni ezine-FRS, ukubuyiselwa kwe-SYSVOL okugunyaziwe kuvame ukuhilela ukulungisa inani Ama-Burflags en HKLM\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process kunani elithile (isb., idesimali engu-212 / 0xD4 hex) ukukhombisa ukuthi le DC ingumthombo onegunya.

Uma i-SYSVOL iphindaphindwa yi-DFSR, inqubo iyinkimbinkimbi kakhulu: ihilela ukusebenzisa I-ADSIHlela ukuguqula izinto zokubhalisela ze-SYSVOL (izimfanelo Inikwe amandla yi-msDFSR y Izinketho ze-msDFSR) ku-DC enegunya kanye nakwabanye, phoqelela ukuphindaphindwa kwe-AD, sebenzisa i-dfsrdiag pollad futhi uqinisekise kulogi yomcimbi ukubonakala kwe imicimbi 4114, 4602, 4614 kanye no-4604 eziqinisekisa ukuthi i-SYSVOL iqaliswe futhi yakopishwa ngendlela efanele.

Ukuthola kabusha abalawuli besizinda esibonakalayo kusuka ku-VHD

Ezindaweni ezisebenza nge-inthanethi kuvamile kakhulu ukuba Amafayela e-VHD/VHDX abalawuli besizindaUma ungenayo i-backup yesimo sesistimu kodwa une-VHD "endala" esebenzayo, ungafaka i-DC entsha kuleyo diski, yize kufanele ukwenze ngokucophelela ukuze ugweme ukubangela i-USN rollback.

Isincomo sithi Ungayiqali leyo VM ngqo kwimodi evamileKunalokho, kufanele uqale kusukela ku-VHD yangaphambilini ku I-DSRMVula i-Registry Editor bese uzulazula uye ku- HKLM\SYSTEM\CurrentControlSet\Services\NTDS\ParametersLapho, kuyalulekwa ukuhlola inani Inani lokulungiswa kwe-DSA kwangaphambilini (uma ikhona) futhi, ngaphezu kwakho konke, dala inani elisha le-DWORD (32-bit) elibizwa ngokuthi Isizindalwazi sibuyiselwe kusukela ekusekeleni nge value 1.

Ngokukhetha leli nani, i-Active Directory itshelwa ukuthi i-database ibuyiselwe kusuka ku-backup, okuphoqa ukukhiqiza i-InvocationID entsha uma uqala kabusha kwimodi evamileNgale ndlela, amanye ama-DC ayichaza njengesibonelo esisha futhi alungise kahle ama-watermark awo okuphindaphinda, avimbele ukubuyiselwa emuva kwe-USN.

Ngemva kokuqala kabusha i-DC kwimodi evamile, kuyalulekwa ukuthi uhlole i-Event Viewer, ikakhulukazi i-log ye- Izinsizakalo zesikhombisi-ndlela, ngifuna umcimbi 1109Lo mcimbi uqinisekisa ukuthi isici se-InvocationID seseva sishintshile futhi sibonisa amanani amadala namasha, kanye ne-USN ephezulu kakhulu ngesikhathi sokwenza isipele. Ngaphezu kwalokho, inani le- Inani lokulungiswa kwe-DSA kwangaphambilini Bekufanele ngabe yandiswa ngeyodwa.

Uma lezi zenzakalo zingaveli, noma inani lingakhuphuki, kufanele uhlole izinguqulo zesistimu yokusebenza kanye nama-Service Packs, njengoba Ukuziphatha okuthile kokubuyiselwa kuncike kuma-patches athileKunoma ikuphi, kuhlale kunconywa ukusebenza kukhophi ye-VHD yokuqala, ugcine inguqulo engashintshi uma kwenzeka inqubo idinga ukuphindwa.

Izimo ezisebenzayo kanye nezincomo ezengeziwe

Empeleni, izinkinga zenkohlakalo noma ukulungiswa okungafanele zivame ukuvela ezimweni zansuku zonke: Ukuguqulwa kwemvume ngesandla ku-SYSVOL, imizamo yokubuyekeza amathempulethi e-ADMX/ADML, izinguquko ze-GPO ezingaphindaphindwanjll. Kulula kakhulu ukubangela ukungalingani uma amafolda abiwe eguqulwa ngesandla, njengokuthi SYSVOL\Policies ngaphandle kokuhlonipha ukuphindaphindwa.

Uma kwenzeka i-DC eyinhloko ene-replication ephukile (kokubili idatha ye-AD kanye ne-SYSVOL) kanye nemiyalezo yokuqapha yohlobo "Isizindalwazi sibuyiselwe kusetshenziswa inqubo engasekelwa. Imbangela engaba khona: Ukubuyiselwa emuva kwe-USN", into ehlakaniphile okufanele uyenze yile:

• Hlola nge dcdiag y i-repadmin ubukhulu bamaphutha nokuthi ngabe kukhona “izinto eziqhubekayo”.
• Hlola umcimbi ka-2095 kanye nenani I-Dsa Ayibhaleki kuRegistry.
• Hlola ukuthi kungenzeka yini susa leyo DC bese uyakha kabusha (Uma kunezinye izinhlobo ezintathu noma ngaphezulu ze-DC ezinempilo, lokhu ngokuvamile kuyindlela engcono kakhulu).
• Uma kungukuphela kwe-DC noma umgxeki, phakamisa i-a ukubuyiselwa kwesimo sesistimu kusukela ekusekelweni okuhambisanayo, okungcono kakhulu kwakamuva futhi ngaphakathi kwesikhathi setshe lethuna.

Kuma-domain anabalawuli abaningi, kunconywa kakhulu ukuthi ama-DC abe "msulwa" ngangokunokwenzeka: ngaphandle kwezindima ezengeziwe noma idatha yomsebenzisi wendawoNgale ndlela, uma eyodwa yehluleka noma yonakala, entsha ingahlelwa futhi ikhuthazwe ngokusekelwe kwenye i-DC noma nge-IFM, okunciphisa kakhulu ubunzima bokululama.

Ngaphezu kwalokho, kufanelekile ukukhumbula imikhawulo enjalo Amakhophi esimo sesistimu asebenza kuphela ngesikhathi setshe lethuna (izinsuku ezingu-60, 90, 180 kuye ngokuthi zicushwa kanjani) ukuze kugwenywe ukuvuselelwa kwezinto ezisusiwe, nokuthi okhiye bomshini we-NTLM bashintshe njalo ezinsukwini ezingu-7. Ekubuyiseleni okudala kakhulu, kungadingeka ukuthi setha kabusha ama-akhawunti eqembu izinkinga ezivela ku-“Active Directory Users and Computers” noma ngisho nokuzisusa nokuzihlanganisa kabusha kusizinda.

Ukuba nezinqubo ezisetshenziswayo zokusekela njalo isimo sohlelo, Bhala phansi ngokucacile izindima ze-FSMO, ikhathalogi yomhlaba wonke, kanye ne-topology yokuphindaphindaFuthi ukuhlola izinyathelo zokuvuselela endaweni yelebhu kuwukutshalwa kwezimali kwesikhathi okusindisa amakhanda amaningi lapho kufika usuku lapho isilawuli sesizinda sonakala noma othile esebenzisa isithombe ngaphandle kokucabanga.