|
|||||||||||
| Le Forum de Référence sur les Technologies Microsoft - http://www.forum-microsoft.org | |||||||||||
Modérateur: Modérateurs_Systèmes
par Sismic sur Lun 07 Juil 2008, 15:48
par BZP sur Lun 07 Juil 2008, 16:20
par thorvdr sur Lun 07 Juil 2008, 16:23
Sismic a écrit:
j'ai un souci sur un controleur de domaine 2003 dans une foret 2000: je n'ai pas de répertoire sysvol et netlogon partagé sur mo nserveur 2003 alors que sur le PDC 2000 oui.
Je présume que si je lance un transfert de roles je vais avoir qq soucis ?!
Vérifies les points ci-dessous 
How to Troubleshoot Missing SYSVOL and NETLOGON Shares
Missing SYSVOL and NETLOGON shares typically occur on replica domain controllers in an existing domain, but may also occur on the first domain controller in a new domain. You following these steps with the replica domain controllers, but you can also use them with the first domain controller in the domain by ignoring the replication-specific steps.
NTDS Connection objects exist in the DS of each replication partner.
NTDS Connections are one way connections. These connections are used by the Directory service to replicate the Active Directory and the File Replication Service (FRS) to replicate the file system portion of system policy in the SYSVOL folder. The Knowledge Consistency Checker (KCC) is responsible for building NTDS connection objects to form a well-connected topology between domain controllers in the domain and forest. If you do not have automatic connections, an administrator may also create manual connection objects.
Use the "Sites and Services" (Dssite.msc) snap-in to examine the connection objects that exist between the problem computer and existing domain controllers. For replication to occur between computer \\M1 and \\M2, \\M1 must have an inbound connection object from \\M2, and \\M2 must have an inbound connection object from \\M1. Use the Connect to Domain Controller command in Dssites.msc to view and compare each domain controller's perspective of the intra-domain connection objects.
If no connection objects exist for the new replica member, use the Check Replication Topology command in Dssites.msc to force KCC to build the automatic connection objects. After you do so, press F5 to refresh the view.
If KCC cannot build automatic connections, administrators must build manual connection objects for domain controllers with no inbound or outbound connections to or from other domain controllers in the domain. KCC may successfully build the automatic connection objects if you build a single working manual connection object. Delete duplicate manual or automatic connections from the same domain controller in the domain to avoid a replication-blocking configuration.For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:
251250 NTFRS Event ID 13557 Is Recorded When Duplicate NTDS Connection Objects Exist
Active Directory replication occurs between the new and existing domain controllers in the domain.
Use Repadmin.exe to confirm that Active Directory replication occurs between the source and destination domain controllers in the same domain in the scheduled replication interval. Default replication intervals are 5 minutes between domain controllers in the same site, and one time every 3 hours between domain controllers in different sites with a minimum of 15 minutes.
REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%
REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%
FRS replication is dependent on the Active Directory to replicate the configuration information between domain controllers in the domain. If you think that replication is the problem, examine replication events in Event Viewer. Do so after you set the "replication events" entry in the following registry key to 5 on potential source computers (\\M1) and the destination computer (\\M2):
HKEY_LOCAL_MACHINE\System\CCS\Services\NTDS\Diagnostics\
After you set this entry, force replication from \\M1 to \\M2 and \\M2 to \\M1 by using the replicate now command in Dssites.msc or its equivalent command in REPLMON.
The server that is used to source the Active Directory and SYSVOL folder should have created NETLOGON and SYSVOL shares itself.
After the Dcpromo.exe program has restarted the computer, FRS first tries to source the SYSVOL share from the computer that is identified in the following "Replica Set Parent" registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters\SysVol\ DomainName
NOTE: This key is temporary and is deleted after SYSVOL is sourced or the information under SYSVOL has been successfully replicated.
The 2195 release of Ntfrs.exe prevents replication from this initial source server. This delays SYSVOL replication until FRS can try replication from an inbound replication partner in the domain over an automatic or manual NTDS connection object.
All potential source domain controllers in the domain typically have already shared the NETLOGON and SYSVOL shares and applied default domain and domain controllers policy.
SYSVOL folder structure:
domain
DO_NOT_REMOVE_NtFrs_PreInstall_Directory
Policies
{GUID}
Adm
MACHINE
USER
{GUID}
Adm
MACHINE
USER
{etc.,}
scripts
staging
staging areas
MyDomainName.com
scripts
sysvol(sysvol share)
MyDomainName.com
DO_NOT_REMOVE_NtFrs_PreInstall_Directory
Policies
{GUID}
Adm
MACHINE
USER
{GUID}
Adm
MACHINE
USER
{etc.,}
scripts(NETLOGON share)
For additional information about the problem of sourcing from the initial replica, click the article number below to view the article in the Microsoft Knowledge Base:
250545 SYSVOL Directory Is Slow to Synchronize, Delays Creation of SYSVOL Share and Domain Controller Registration
The "Enterprise Domain Controllers" group must be granted the "access this computer from network" right in the default domain controllers policy on the domain controllers organizational unit.
Replication of the Active Directory during the use of the Dcpromo.exe program uses the credentials that are provided in the Active Directory Installation Wizard. Upon restart, replication occurs in the context of the domain controller's computer account. All source domain controllers in the domain must successfully replicate and apply the policy that gives the "Enterprise Domain Controllers" group the "Access this computer from network right. For quick verification, look for event 1704s in the Application log of potential source domain controllers. For detailed verification, run a security configuration analysis against the Basicdc.inf template and examine the log output. Note that this requires defining environment variables for SYSVOL, DSLOG and DSIT. For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base:
250454 Error Returned Importing Security Template
In Windows Server 2003, the Basicdc.inf template no longer exists. To reapply the default settings or to compare current settings with the default settings, use the "Setup security.inf" template.
Each domain controller must be able to resolve (ping) the fully qualified computer names of computers that are participating in the replica set.
For SYSVOL, this means pinging the fully qualified computer name of all domain controllers in the domain. Confirm that the address that is returned by the ping command matches the IP address that is returned by IPCONFIG at the console of each replica set partner.
The FRS service must have created an NTFRS jet database.
Run the DIR \\computername\Admin$\NTFRS\Jet command against each domain controller in the domain to confirm the existence of the Ntfrs.jdb file. The date and size of the jet database may be incorrect while the NTFRS service is running. This behavior is by design.
Each domain controller must be a member of the SYSVOL replica set.
Run the NTFRSUTL DS [computername] command on all replica set members. Confirm that all domain controllers in the domain show up under the "SET: DOMAIN SYSTEMVOLUME (SYSVOL SHARE)" portion of the NTFRSUTL output. The SYSVOL Replica set and its members can also be displayed under cn="domain system volume",cn=file replication service,cn=system,dc=FQDN in the User and Computers (Dsa.msc) snap-in when "Advanced Features" is turned on under the View menu.
Each domain controller must be a subscriber of the replica set.
Run the NTFRSUTL DS [computername] command on all replica set members. Subscriber objects appear in cn=domain system volume (SYSVOL share),cn=NTFRS Subscriptions,CN=DCNAME,OU=Domain Controllers,DC=FQDN. This requires that the machine object exists and has replicated in. NTFRSUTL generates the following message when the subscriber object is missing:
SUBSCRIPTION: NTFRS SUBSCRIPTIONS DN : cn=ntfrs
subscriptions,cn=W2KPDC,ou=domain controllers,dc=d... Guid :
5c44b60b-8f01-48c6-8604c630a695dcdd
Working : f:\winnt\ntfrs
Actual Working: f:\winnt\ntfrs
WIN2K-PDC IS NOT A MEMBER OF A REPLICA SET!
The Replication Schedule must be turned on.
The logical drive that is hosting the SYSVOL share and staging folder has plenty of available disk space on upstream and downstream partners. For example, 50 percent of the content that you are trying to replicate and three times the largest file size that is being replicated.
Check the destination folder and the staging folder (displayed in "NTFRSUTL DS") of the new replica to see if files are replicating. Files in the staging folder must be in the process of being moved to the final location. That the number of files in the staging or destination folder is constantly changing is a good sign as either files are being replicated in, or transitioned to the destination folder.
par Sismic sur Mar 08 Juil 2008, 12:59
par leboss38 sur Mer 09 Juil 2008, 10:02
, j'avais le même souci que toi, pas de netlogon et sysvol, du coup j'avais bien les 5 rôles FSMO, mais que ce soit mon ancien DC ou le nouveau, il n'était pas déclaré en DC primaire. Il m'a était donc impossible de désinstaller (dcpromo), l'ancien DC.
) :
par Sismic sur Mer 09 Juil 2008, 15:19
par le-novice sur Mer 09 Juil 2008, 16:08
Retourner vers Controleur de Domaine Et Roles AD
Utilisateurs parcourant actuellement ce forum : Aucun utilisateur inscrit et 0 invités
