none
建立一個複製自 production DC 的 AD 測試環境 RRS feed

  • 一般討論

  • Hi,
    公司所有的 DC(2012) 都在 Hyper-V 3.0 R2 上,我想建立一個測試環境,複製所有的 DC 到測試環境中,以模擬線有 production 環境。

    我將所有 DC export 後,複製到測試環境中。所有的 DC 都會有『VM-GenerationID 』改變事件。
    FSMO 擁有者出現 Even ID 2092:
    『This server is the owner of the following FSMO role, but does not consider it valid.......Operations which require contacting a FSMO operation master will fail until this condition is corrected.』

    擁有FSMO角色的 DC 也無法正常運作。其他 DC 有跟著有些問題。
    除了用 AD Restoret外,有更方便的方式來複製測試環境嗎?


    2014年4月27日 下午 03:15

所有回覆

  • 您好

    我之前也有和您一樣的需求,我也是將目前環境中的DC 匯出後,將所有檔案copy 至某一台hyper-v 主機後

    將DC匯入,並設定一組虛擬的交換器(私人),且所有DC網路卡連接至此交換器。

    DC匯入時,因為檔案都已經copy完成,選擇[就地登入虛擬機器,使用現有的唯一識別碼]

    運作上是沒有出現您提到的問題,以上提供您參考

    2014年4月28日 上午 12:16
  • 如 MIS 的背影所述,
    假使是為了要做測試環境,
    而且 DC 也已經是 VM 的狀況下,
    可以採用 MIS 的背影的方法,
    並且將該 VM 放在內部的虛擬網路環境中運作。

    蘇老碎碎念
    資訊無涯,回頭已不見岸
    Facebook - 微軟台灣官方論壇愛好者俱樂部
    如何在論壇正確發問,請參考iThome的文章: 如何問到我要的答案

    2014年4月28日 上午 01:50
    版主
  • 請問你們是 on-line export 還是 off-line?
    2014年4月28日 上午 10:57
  • 我習慣用 Off-line。

    蘇老碎碎念
    資訊無涯,回頭已不見岸
    Facebook - 微軟台灣官方論壇愛好者俱樂部
    如何在論壇正確發問,請參考iThome的文章: 如何問到我要的答案

    2014年4月28日 下午 02:15
    版主
  • 您好

    其實都是可以的

    2014年4月28日 下午 02:56
  • Hi 笨笨龍

    基本上這就要看你的習慣

    因為不管是online 或是 offline都一樣可以匯出的

    2014年4月30日 上午 08:51
    版主
  • Hi 笨笨龍

    歡迎您將後續測試結果回報至論壇, 或將對您有幫助的回覆標示為解答,

    以利討論的進行並幫助其他有類似問題的朋友. 謝謝您!

    2014年5月5日 上午 06:08
    版主
  • 我自己模擬一個 5 DC 的環境。 On-Line export 後,在其他台 Hyper-V 匯入,並不會有相同的問題。

    我又再試一次現有環境 on-line 匯出。匯入後未重開機的情況下,DC運作都正常。
    將 PDC(包含五大角色)這台重開機,也並無任何問題。
    但再將其他 DC 重開後,整個 AD 就掛了。

    2014年5月5日 上午 10:13
  • 我自己模擬一個 5 DC 的環境。 On-Line export 後,在其他台 Hyper-V 匯入,並不會有相同的問題。

    我又再試一次現有環境 on-line 匯出。匯入後未重開機的情況下,DC運作都正常。
    將 PDC(包含五大角色)這台重開機,也並無任何問題。
    但再將其他 DC 重開後,整個 AD 就掛了。

    如果五大角色都在五台 DC 中的某一台假設為 A 好了,
    正常狀況下,不致於其他 B、C、D、E 重開會導致整個 AD 掛掉,
    而且描述的 AD 掛掉是什麼樣的狀況?

    蘇老碎碎念
    資訊無涯,回頭已不見岸
    Facebook - 微軟台灣官方論壇愛好者俱樂部
    如何在論壇正確發問,請參考iThome的文章: 如何問到我要的答案

    2014年5月5日 下午 12:18
    版主
  • 環境分兩個 Site: HC(PDC,DC1) & TP(DC2)
    我再重新匯入一次,這次只匯入3台DC。
    啟動後,大部分的訊息都是 Generation ID 改變警告訊息。 Directory Service 沒有特別錯誤。
    這時候 [AD Users and Computers] 可以開啟,連三台 DC 都OK。

    但預設的 DC 都為同一台(DC2)。
    我發現這時候 [NETLOGON] & [SYSVOL] share 再 PDC & DC1 不存在。
    這時如果重開 PDC & DC1 後,AD 管理工具還是可以開啟。
    如果把 DC2 重開,則
    AD 管理工具就無法開啟。會出現[Naming information cannot be located........]
    過幾分鐘 DC2 的
     [NETLOGON] & [SYSVOL] share 也會消失。

    Directory Service Event 沒有錯誤訊息,有個訊息比較特別

    Event ID 1004 Active Directory Domain Services was shut down successfully.

    再匯入後開機,執行 dcdiag
    DC2 :

    • Running enterprise tests on : xxx.com.tw
      Starting test: LocatorCheck : DcGetDcName(PDC_REQUIRED) fail. 找不到網域主控站。PDC角色伺服器已關閉。

    PDC 會有:

    • Testing server:ProHC\PDC,DsGetDcName returned infromation for \\PDC.xxx.com.tw when we were trying to reach PDC.
    • NETLOGON share fail

    DC1 會有:

    • Testing server:ProHC\DC1,DsGetDcName returned infromation for \\DC2.xxx.com.tw when we were trying to reach DC1.
    • NETLOGON share fail
    • Running enterprise tests on : xxx.com.tw
      Starting test: LocatorCheck : DcGetDcName(PDC_REQUIRED) fail. 找不到網域主控站。PDC角色伺服器已關閉。

    repadmin /showrepl 三台DC都只出現跟沒開的那兩台 DC 複寫錯誤
    repadmin /replsummary 三台DC都只出現跟沒開的那兩台 DC 複寫錯誤
    netdom query fsmo 三台DC都正常顯示 5 master

    DC2 重開機後:
    repadmin /showrepl 三台DC都只出現跟沒開的那兩台 DC 複寫錯誤
    repadmin /replsummary 三台DC都只出現跟沒開的那兩台 DC 複寫錯誤
    netdom query fsmo: [The specified domain either does not exist or could not be cntacted.]

    pdc dcdiag:

    Directory Server Diagnosis
    
    
    Performing initial setup:
    
       Trying to find home server...
    
       Home Server = HC-PDC
    
       * Identified AD Forest. 
       Done gathering initial info.
    
    
    Doing initial required tests
    
       
       Testing server: ProHC\HC-PDC
    
          Starting test: Connectivity
    
             ......................... HC-PDC passed test Connectivity
    
    
    
    Doing primary tests
    
       
       Testing server: ProHC\HC-PDC
    
          Starting test: Advertising
    
             Fatal Error:DsGetDcName (HC-PDC) call failed, error 1355
    
             The Locator could not find the server.
    
             ......................... HC-PDC failed test Advertising
    
          Starting test: FrsEvent
    
             There are warning or error events within the last 24 hours after the
    
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
    
             Group Policy problems. 
             ......................... HC-PDC passed test FrsEvent
    
          Starting test: DFSREvent
    
             ......................... HC-PDC passed test DFSREvent
    
          Starting test: SysVolCheck
    
             ......................... HC-PDC passed test SysVolCheck
    
          Starting test: KccEvent
    
             ......................... HC-PDC passed test KccEvent
    
          Starting test: KnowsOfRoleHolders
    
             ......................... HC-PDC passed test KnowsOfRoleHolders
    
          Starting test: MachineAccount
    
             ......................... HC-PDC passed test MachineAccount
    
          Starting test: NCSecDesc
    
             ......................... HC-PDC passed test NCSecDesc
    
          Starting test: NetLogons
    
             Unable to connect to the NETLOGON share! (\\HC-PDC\netlogon)
    
             [HC-PDC] An net use or LsaPolicy operation failed with error 67,
    
             The network name cannot be found..
    
             ......................... HC-PDC failed test NetLogons
    
          Starting test: ObjectsReplicated
    
             ......................... HC-PDC passed test ObjectsReplicated
    
    
          Starting test: RidManager
    
             ......................... HC-PDC passed test RidManager
    
          Starting test: Services
    
             ......................... HC-PDC passed test Services
    
          Starting test: SystemLog
    
             An error event occurred.  EventID: 0x00000422
    
                Time Generated: 05/04/2014   01:43:47
    
                Event String:
    
                The processing of Group Policy failed. Windows attempted to read the file \\xxx.com.tw\SysVol\xxx.com.tw\Policies\{448BDFD4-E538-44DD-B6F1-EBDDDBBCDC73}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 
    
    
             An error event occurred.  EventID: 0x40011006
    
                Time Generated: 05/04/2014   01:43:55
    
                Event String:
    
                The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server.
    
             An error event occurred.  EventID: 0x40011006
    
                Time Generated: 05/04/2014   01:43:55
    
                Event String:
    
                The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   01:48:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   01:53:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   01:58:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:03:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:08:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:13:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:18:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:23:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:28:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:33:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:34:40
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             An error event occurred.  EventID: 0x0000041E
    
                Time Generated: 05/04/2014   02:38:47
    
                Event String:
    
                The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    
             ......................... HC-PDC failed test SystemLog
    
          Starting test: VerifyReferences
    
             ......................... HC-PDC passed test VerifyReferences
    
       
       
       Running partition tests on : ForestDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... ForestDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... ForestDnsZones passed test
    
             CrossRefValidation
    
       
       Running partition tests on : DomainDnsZones
    
          Starting test: CheckSDRefDom
    
             ......................... DomainDnsZones passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... DomainDnsZones passed test
    
             CrossRefValidation
    
       
       Running partition tests on : Schema
    
          Starting test: CheckSDRefDom
    
             ......................... Schema passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Schema passed test CrossRefValidation
    
       
       Running partition tests on : Configuration
    
          Starting test: CheckSDRefDom
    
             ......................... Configuration passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... Configuration passed test CrossRefValidation
    
       
       Running partition tests on : xxx
    
          Starting test: CheckSDRefDom
    
             ......................... xxx passed test CheckSDRefDom
    
          Starting test: CrossRefValidation
    
             ......................... xxx passed test CrossRefValidation
    
       
       Running enterprise tests on : xxx.com.tw
    
          Starting test: LocatorCheck
    
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    
             A Global Catalog Server could not be located - All GC's are down.
    
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    
             A Time Server could not be located.
    
             The server holding the PDC role is down.
    
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
    
             1355
    
             A Good Time Server could not be located.
    
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
    
             A KDC could not be located - All the KDCs are down.
    
             ......................... xxx.com.tw failed test LocatorCheck
    
          Starting test: Intersite
    
             ......................... xxx.com.tw passed test Intersite
    

    2014年5月7日 上午 11:50
  • 由於在 2012、2012 R2 都會有問題。所以我嘗試在 2008 R2 上測試,在 2008 R2 的 Hyper-V 上則一切正常 ><
    2014年6月16日 上午 02:00