我有一个WS2008r2域,其条件如下:
Domain functional level: WS2008r2Forest functional level: WS2003
我想在同一域中的远程站点中部署一个RODC,但在WS2019中。
当我在主域中执行" adprep/rodcprep "时,我有这个错误:
D:supportadprep>adprep /rodcprep
Adprep connected to the domain FSMO: XXX-DC01.XXX.XXX.
==============================================================================
Adprep found partition DC=DomainDnsZones,DC=XXX,DC=XXX, and is about to update the permissions.
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=XXX,DC=XXX.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=XXX,DC=XXX. Skipping to next partition.
==============================================================================
==============================================================================
Adprep found partition DC=ForestDnsZones,DC=XXX,DC=XXX, and is about to update the permissions.
Adprep could not contact a replica for partition DC=ForestDnsZones,DC=XXX,DC=XXX.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=ForestDnsZones,DC=XXX,DC=XXX. Skipping to next partition.
==============================================================================
Adprep detected the operation on partition DC=XXX,DC=XXX has been performed. Skipping to next partition.
==============================================================================
Adprep completed with errors. Not all partitions are updated. See the ADPrep.log
in the C:Windowsdebugadpreplogs20211020101000 directory for more information.
To successfully update all partitions, the currently logged-on user needs to be a member of the Enterprise Admins group. If that is not the case, please correct the problem, and then restart Adprep.
由于有应用程序在WS2003服务器上,因此目前无法提升森林功能级别。
有没有办法在WS2019上配置RODC ?
谢谢你。
•由于您的森林功能级别在Windows Server 2003上运行,Windows Server 2003已被微软主动退役,因此无法获得更新和支持。因此,鉴于此,我建议您将域功能级别升级到Windows Server 2012 R2,并将森林功能级别升级到Windows Server 2008兼容性级别。但是,由于一些与应用程序和过程相关的依赖性,许多组织继续工作并依赖于这些功能级别。
•因此,对于在Windows Server 2019操作系统上安装域控制器,环境中所需的最小森林功能级别是Windows Server 2008。此外,您可以将域功能级别设置为高于森林功能级别的值,但不能将域功能级别设置为低于森林功能级别的值,因此域功能级别的值始终设置为高于森林功能级别的值。
参考以下文章,您可以将环境中的森林功能级别从Windows Server 2003升级到Windows Server 2008,并将域功能级别从Windows Server 2008升级到Windows Server 2012: -
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/raise-active-directory-domain-forest-functional-levels
•尽管您收到的错误,您可以尝试将旧的sysvol FRS复制迁移到DFSR,并使用Dsmgmt工具的' remove nc '参数对孤立分区进行元数据清理。欲了解更多信息,请参考以下文档链接:-
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/error-run-adprep-rodcprep-command
https://learn.microsoft.com/en - us/previous versions/windows/it pro/windows - server - 2008 r2 -和- 2008/cc730970 (v = ws.10) ? redirectedfrom = MSDN