Disaster recovery with a sudden burst of primary domain controller

This experiment is in the context of a multi-domain controller environment, the primary domain controller due to hardware failure suddenly damaged, and did not do the primary domain controller backup, how to enable the additional domain controller to take over its work, so that active Directory operation, waiting for hardware repair, The function of restoring the primary domain controller.

Before the experiment, let me introduce the FSMO role, which is the five action roles defined by ad

Schema Master Schema master

Domain naming master domains naming master

Relative identification number host RID Master

Primary domain controller emulator (PDCE)

Infrastructure Master Infrastructure Master

And each role bears different jobs and has different functions:

Schema master: Update the directory schema, the schema master is forest based, and there is only one schema master in the entire forest

Domain naming master: Adding a new domain to the forest, removing an existing domain from the forest, and being a forest based, with only one domain naming master in the entire forest

Relative ID Host: Responsible for assigning RID pools to other DCs, combining the RID and domain identifiers to create a unique security identifier (SID), domain-based, and different domains in the forest with their own relative identifier hosts when creating users, groups, and adding computers

PDCE: Backward compatibility with low-level clients and servers, allowing previous versions of domain controllers to join an existing domain environment, validation of passwords, synchronization of time-ensure that the PDCE of each domain in the forest synchronizes with the PDCE of the root domain in the forest, PDCE is also domain-based, Each domain has its own pdce.

Infrastructure master: Ensures consistency among all domain action objects when referencing the globally unique identifier (GUID), security identifier (SID), and distinguished name (DN) of the object. If the referenced object moves, The DC acting as the infrastructure master role in the domain is responsible for updating the SID and DN in the Cross-domain object reference in the domain. is domain-based, and each domain in the forest has its own infrastructure master.

The default five kinds of FSMO exist on the first DC of the root domain in the forest, while the relative representation host, PDCE, infrastructure master in the child domain exists on the first DC in the child domain.

After the construction of the previous domain, we will perform a disaster recovery for the primary domain controller.

Step three: The transfer of FSMO roles

Step four: Recovery of primary domain controller functions

Before the FSMO role is transferred, the primary domain controller is corrupted, as shown in the following figure:

One clears the primary domain controller Florence object from the ad

Remove the primary domain controller Florence from the ad using the Ntdsutil.exe tool on the Berlin

The command is:

C:>ntdsutil

Ntdsutil:metadata cleanup

Metadata Cleanup:select operation target

Select Operation Target:connections

Server connections:connect to Domain adtest.com

Server Connections:quit

Select Operation Target:list Sites

Select Operation Target:select Site 0

Select operation target:list Domains in site

Select operation Target:select Domain 0