도메인 컨트롤러와 가상 머신 - 반복 피하기
???? : DC’s and VM’s ? Avoiding the Do-Over
https://blogs.technet.com/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx
?????? ??(Mark)???. ?? ??? Microsoft Virtual Server, Server 2008 Hyper-V ?? VMWare? ?? ???? ?????, ?? ??? ??? ??? ?? ??? ?? ? ????.
1) ??? ??? ???? ?? ?????? ???? ?? ??? ??? ?? DC? ???? ????. ??? ??? ? ?? ??? ????? ??? ?? ?? ??? ???????. ? ?? ??? ????? Windows Server 2003 SP2?? ?????.
2) ???? ??? ?? ?? ??? ?? ?? ???? ?????.
3) ??? ?? ??? DC ??? ?????.
4) ??? ????.
??? ?? ?? ??? ?????.
1) Netlogon ???? ???????.
2) ???? ??? ?????? ?? ??? ????, ??? ID 2095? ?? ??? ??? NTDS ??? ?????.
3) ???? ??? ??? ??? ? ?? ??? ?????, ??? ??? NTDS General?? ??? ID? 1113? 1115???.
?? ??? ???? ??? ??? ??? ?? ?????.
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2095
Date:
Time:
User:
Computer:
Description: During an Active Directory replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC using already-acknowledged USN tracking numbers. Because the remote DC believes it is has a more up-to-date Active Directory database than the local DC, the remote DC will not apply future changes to its copy of the Active Directory database or replicate them to its direct and transitive replication partners that originate from this local DC. If not resolved immediately, this scenario will result in inconsistencies in the Active Directory databases of this source DC and one or more direct and transitive replication partners. Specifically the consistency of users, computers and trust relationships, their passwords, security groups, security group memberships and other Active Directory configuration data may vary, affecting the ability to log on, find objects of interest and perform other critical operations. To determine if this misconfiguration exists, query this event ID using https://support.microsoft.com or contact your Microsoft product support. The most probable cause of this situation is the improper restore of Active Directory on the local domain controller. User Actions: If this situation occurred because of an improper or unintended restore, forcibly demote the DC.
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1113
Date:
Time:
User:
Computer:
Description: Inbound replication has been disabled by the user.
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1115
Date:
Time:
User:
Computer:
Description: Outbound replication has been disabled by the user.
'repadmin /options <DC ??> ' ??? ???? ????(inbound) ???(outbound) ??? ?????? ?? ?? ??? ? ????. ??? ??? ?? ? ? ????.
Current DC Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
?? ??? ???? ?? ??? ????? ???? ??? ?? ???? ???? ???? ???, ?? ??? ?? ?? ?? ? ???? ????. ?? ??? "PtoV(physical to virtual)"? ???? ???? ????? ?? ???? ???? ???? ??? ? ????.
??? Active Directory (AD) ??? ?? ???? ?? ??? ??? ??? ????. ??? ????(DC)? ?? ????? ??? ????? ???? ??? USN(Update Sequence Numbers)? ?????. ???? ?? ???? ??? ?? ??? USN? ??? ??? ?? ???? ?? ?????. DC ???? ? ?????, USN? ? ?? ?? ?????? ?? ??? ????? ???? ??? ?????. ? DC? ???? ???? ???? ???? DC? ?? ?? USN? ?? ?? ???? ??? ????. ? DC? Invocation ID?? ??? NTDS ?? ??? ?? ??? ????. ? ?? ?? AD ??????? ??? ???? ?? ?????.
?? ?????? USN? ???? ? ?? ????. ??? Up-to-dateness vector ??, ?? ??? High water mark???. Up-to-dateness vector? ?? DC??? ?? ??? ????? ???? ??? ??? DC?? ???? ????. ??? DC? ???? ???? ?? ????? ??? ? ??? DC? ??? ?? ??? ??? ?? ????? ?? ???? ?? DC? Up-to-dateness? ?????. ?? DC? Up-to-dateness vector ?? ?? ??? ??? ? ?? DC? ????. High water mark? ?? ???? ???? ??? ?? ?? ?? DC??? ?? ??? ??? ???? ?? ??? DC? ???? ????. ? ?? ?? ??? DC? ??? ?? ?? DC?? ??? DC? ??? ?? ?????.
Invocation ID? DC?? ???? ???? ??????? ???? GUID ??? ?? ??? ID??? ???? ?????. ?? ??? ID? ??? ??? ???? ??????? ID(Invocation ID)? ??? ??? ??????? API? ???? ??? ? ?????. ?? ??? ????? ??? ?? ?? ???? ???? ??????? ??? ?????. Up-to-dateness vector? High water mark? Invocation ID? ???? DC? AD ??? ???? ????? ??? ?? ???.
?? ???? ??? ??? ? ? ???? ??? ??? ?? ????? ??. DC1? DC2? ? ?? ??? ????? ????. ? ?? ??? ????? ??? ????? ??? ??? ? ?? ???? ???? ????. ??? ??? ??? ??? ????? ???? ? ?? ??? ????? ???? ?????? ???. ???? ??, DC1? "???"? ????. DC1?? ??? ???? "Jeff Smith"? ??? ?? ? ? ????. ??? DC1?? USN? 4710?? 4711? ?????.
?? ??? ???? DC2? ?????. DC1? DC2? ??? ?? ??? ????? ?????. DC2? ??? ???? DC1?? DC1? high water mark? ???? ????. ? ??? DC2? ? ?? 4710??? ???? ????. ??? ??? ? DC1? DC2? up-to-dateness vector? ??? DC2? ??? ?? ??? ???.
? ???? ?? ??? ??? ??? ????? ??????. "Jeff"? ????? ????? ?????. ?? ??? ? DC2? ??? ??? DC? ???. ??? DC2?? 2453?? USN? 2453?? ??????.
???? DC1? ???? ????? ?????. DC2? DC1?? ????? ??? ???? ???. DC1? DC2?? DC2? USN? ????, ? ??? DC1? DC2? 2452?? ?????.
??? ???? DC1? USN? 5040? ? ??? DC2? DC1? 5040??? ?? ?????. DC2? 2453?? DC1? ? ?? ?????.
?? ??? DC? ???? ????. ?? ???? DC? ???? ?????. ? ??? ??, invocation ID? ?? ?????, USN? ???? ?? ???? "???"???. ?? ????? "???"? ??? ? DC? ??? ?? DC? ??? ???? DC? ?? DC? Up-to-dateness vector? ????. ?? DC? ? ?? ?? ? ?? ???? ?? ?? ???. ??? ?? ?? DC? ??? DC? ?? ??? ?? ????? ?? ?? ??? ???. ?? DC? ????? ?? DC? ??????? ?????? ??? ????. ?? ?? ??? ? ??? ????? ??? ??? DC? ?? ?? ???? ???? ?????. ??? "USN rollback" ?????.
USN ?? ???? ????? ??? ?? ?? ?????.
1) Netlogon ???? ?????.
2) ????(inbound) ???(outbound) ??? ?????.
? ??? ?????? ?? ??? ?? DC?? ??? ?? ???? ???.
1) 'dcpromo /forceremoval' ? ???? DC? ????? ?????. ??? ??? ?? ??? ???? ?? ???? AD? ?????. ??? ???? ??? ?? ???? workgroup? ?? ??? ? ????.
2) DC?? KB216498? ?? ????? ???? ???? ?? ???? ?????.
3) ?? ??? ??? FSMO ??? ????? ?? DC?? ??? ???? ??? KB255504? ?????.
4) ? ???? ??? ?? ???? ??? ??? ???? ???? DC? ??????.
?? ?? ?? ???? ???? ??? ?? ??? ??? ???.
1) DC ???? ???? ??? ??? ?????? ???? ???.
2) DC? ???? ???? ???? ???.
3) ?? ??? ?? ?? ?? ???? ???? ?????.
4) ?? "Virtual Server 2005 R2"? ???? "discard changes" ??? ?????, DC ?????? ? ??? ???????.
5) NTBACKUP.EXE, WBADMIN.EXE, ?? ?? 3rd party ?????? ??? ?? ??? ??? AD? ??? ??? ??? ?????.
6) DC? ??? ???? ????? ?? ? ??? ?????.
???? :
875495 How to detect and recover from a USN rollback in Windows Server 2003
https://support.microsoft.com/default.aspx?scid=kb;EN-US;875495
Appendix A: Virtualized Domain Controllers and Replication Issues
https://technet.microsoft.com/en-us/library/dd348479.aspx
Backup and Restore Considerations for Virtualized Domain Controllers
https://technet.microsoft.com/en-us/library/dd363545.aspx
- Mark Ramey