参考资料:http://blog.163.com/mike_homis/blog/static/2010494820134233825839/
主控服务器从【物理机】迁移到【虚拟机】之后,发现无法添加新的用户。
以下方法可以解决
在虚拟化迁移AD服务器后,创建用户的最后一步,即点击“完成”按钮时,系统给出错误提示如下“windows无法创建,因为:目录服务无法分配相对标识号”,使用下列命令可以解决。 To run ntdsutil to grab roles; ---------------------------------------------------------------------------
C:\>ntdsutil
ntdsutil: help
? - Print this help information Authoritative restore - Authoritatively restore the DIT database Domain management - Prepare for new domain creation Files - Manage NTDS database files Help - Print this help information IPDeny List - Manage LDAP IP Deny List LDAP policies - Manage LDAP protocol policies Metadata cleanup - Clean up objects of decommissioned server Popups %s - (en/dis)able popups with "on" or "off" Quit - Quit the utility Roles - Manage NTDS role owner tokens Security account management - Manage Security Account Database - Duplic D Cleanup Semantic database analysis - Semantic Checker
ntdsutil: roles
fsmo maintenance: help
? - Print this help information Connections - Connect to a specific domain controller Help - Print this help information Quit - Return to the prior menu Seize domain naming master - Overwrite domain role on connected server Seize infrastructure master - Overwrite infrastructure role on connecte er Seize PDC - Overwrite PDC role on connected server Seize RID master - Overwrite RID role on connected server Seize schema master - Overwrite schema role on connected server Select operation target - Select sites, servers, domains, roles and g Contexts Transfer domain naming master - Make connected server the domain naming m Transfer infrastructure master - Make connected server the infrastructure r Transfer PDC - Make connected server the PDC Transfer RID master - Make connected server the RID master Transfer schema master - Make connected server the schema master
fsmo maintenance: connections
server connections: help
? - Print this help information Clear creds - Clear prior connection credentials Connect to domain %s - Connect to DNS domain name Connect to server %s - Connect to server, DNS name or IP address Help - Print this help information Info - Show connection information Quit - Return to the prior menu Set creds %s %s %s - Set connection creds as domain, user, pwd Use "NULL" for null password
server connections: connect to server SERVERA.AAA.COM(你的服务器完整的计算机名称)
Binding to SERVERA.AAA.COM ... Connected to SERVERA.AAA.COM using credentials of locally logged er
server connections: quit
fsmo maintenance: help
? - Print this help information Connections - Connect to a specific domain controller Help - Print this help information Quit - Return to the prior menu Seize domain naming master - Overwrite domain role on connected server Seize infrastructure master - Overwrite infrastructure role on connecte er Seize PDC - Overwrite PDC role on connected server Seize RID master - Overwrite RID role on connected server Seize schema master - Overwrite schema role on connected server Select operation target - Select sites, servers, domains, roles and Contexts Transfer domain naming master - Make connected server the domain naming m Transfer infrastructure master - Make connected server the infrastructurer Transfer PDC - Make connected server the PDC Transfer RID master - Make connected server the RID master Transfer schema master - Make connected server the schema master
fsmo maintenance: seize RID master
jump out a windows ,appear "Are you sure you want server 'SERVERA.AAA.COM' to seize the RID Master role with the value below? CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=AAA,DC=com",click ; Attempting safe transfer of RID FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-032104F7, problem 5002 AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The curr FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of RID FSMO failed, proceeding with seizure ... Jump out a windows ,appear "The selected server is not a direct replication partner of the previous RIDd master,It is recommended that only direct replication partners be promoted to be the RID master ,Do you want to proceed ahead? ",click ; Transfer of RID FSMO failed, proceeding with seizure ... Synchronizing server SERVERA.AAA.COM with its neighbours This operation may take a few minutes ..........Done. Server "SERVERA.AAA.COM" knows about 5 roles Schema - CN=NTDS Settings,CN=CSTMAINBAK,CN=Servers,CN=Default-First-Sit =Sites,CN=Configuration, DC=AAA,DC=com Domain - CN=NTDS Settings,CN=CSTMAINBAK,CN=Servers,CN=Default-First-Sit =Sites,CN=Configuration, DC=AAA,DC=com PDC - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name, CN=Configuration, DC=AAA,DC=com RID - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name, CN=Configuration, DC=AAA,DC=com Infrastructure - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First e,CN=Sites,CN=Configuration, DC=AAA,DC=com
fsmo maintenance:seize schema master
jump out a windows,appear :"Are you sure you want server 'SERVERA.AAA.COM' to seize the schema role with the value below? CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=AAA,DC=com" ,click ; ....
fsmo maintenance: seize domain naming master
jump out a windows,appear :"Are you sure you want server 'SERVERA.AAA.COM' to seize the domain naming role with the value below? CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=AAA,DC=com" ,click ; Attempting safe transfer of domain naming FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210194, problem 5002 (U AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of domain naming FSMO failed, proceeding with seizure ... Server "SERVERA.AAA.COM" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Si es,CN=Configuration, DC=AAA,DC=com Domain - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Si es,CN=Configuration, DC=AAA,DC=com PDC - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites CN=Configuration, DC=AAA,DC=com RID - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Name,CN=Sites CN=Configuration, DC=AAA,DC=com Infrastructure - CN=NTDS Settings,CN=SERVERA,CN=Servers,CN=Default-First-Site-Na e,CN=Sites,CN=Configuration, DC=AAA,DC=com
fsmo maintenance:
沪公网安备 31011502001064号