DC降級失敗

DC降級失敗

將DC降級為member時發生錯誤,錯誤訊息如下:
作業失敗,因為:
Active Directory 網域服務無法傳輸目錄分割區中的剩餘資料
DC=DomainDNSZones,DC= < DNS domjain name > to Active Directory 網域 Controller
\\ < DNS 用於服務降級的協助程式 DC 名稱>
「目錄服務遺漏必要的設定資訊,無法判斷浮動單一主機作業角色的擁有權。」

建立 fixfsmo.vbs
‘——-fixfsmo.vbs——————
const ADS_NAME_INITTYPE_GC = 3
const ADS_NAME_TYPE_1779 = 1
const ADS_NAME_TYPE_CANONICAL = 2
set inArgs = WScript.Arguments
if (inArgs.Count = 1) then
‘ Assume the command line argument is the NDNC (in DN form) to use.
NdncDN = inArgs(0)
Else
Wscript.StdOut.Write “usage: cscript fixfsmo.vbs NdncDN”
End if
if (NdncDN <> “”) then
‘ Convert the DN form of the NDNC into DNS dotted form.
Set objTranslator = CreateObject(“NameTranslate”)
objTranslator.Init ADS_NAME_INITTYPE_GC, “”
objTranslator.Set ADS_NAME_TYPE_1779, NdncDN
strDomainDNS = objTranslator.Get(ADS_NAME_TYPE_CANONICAL)
strDomainDNS = Left(strDomainDNS, len(strDomainDNS)-1)
Wscript.Echo “DNS name: ” & strDomainDNS
‘ Find a domain controller that hosts this NDNC and that is online.
set objRootDSE = GetObject(“LDAP://” & strDomainDNS & “/RootDSE”)
strDnsHostName = objRootDSE.Get(“dnsHostName”)
strDsServiceName = objRootDSE.Get(“dsServiceName”)
Wscript.Echo “Using DC ” & strDnsHostName
‘ Get the current infrastructure fsmo.
strInfraDN = “CN=Infrastructure,” & NdncDN
set objInfra = GetObject(“LDAP://” & strInfraDN)
Wscript.Echo “infra fsmo is ” & objInfra.fsmoroleowner
‘ If the current fsmo holder is deleted, set the fsmo holder to this domain controller.
if (InStr(objInfra.fsmoroleowner, “\0ADEL:”) > 0) then
‘ Set the fsmo holder to this domain controller.
objInfra.Put “fSMORoleOwner”, strDsServiceName
objInfra.SetInfo
‘ Read the fsmo holder back.
set objInfra = GetObject(“LDAP://” & strInfraDN)
Wscript.Echo “infra fsmo changed to:” & objInfra.fsmoroleowner
End if
End if
執行
cscript fixfsmo.vbs DC=DomainDnsZones,DC=contoso,DC=com

ldifde -f Infra_DomainDNSZones.ldf -d “CN=Infrastructure,DC=DomainDnsZones,DC=domain,DC=com” -l fSMORoleOwner
執行下列指令確認結果
cat .\Infra_DomainDNSZones.ldf

測試後,仍然有錯誤,參考:Demoting a Domain Controller Error (microsoft.com)
將 DC=DomainDnsZones 改為 DC=ForestDnsZones,再次執行
cscript fixfsmo.vbs DC=ForestDnsZones,DC=contoso,DC=com

ldifde -f Infra_DomainDNSZones.ldf -d “CN=Infrastructure,DC=ForestDnsZones,DC=domain,DC=com” -l fSMORoleOwner
執行下列指令確認結果
cat .\Infra_ForestDNSZones.ldf

再次進行降級程序,順利完成

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *