迁移windows 2003AD 到 2008

1. 打开2003主控的“开始|管理工具|AD用户和计算机",右击AD,提升域功能级别
2. 2003主控上运行,2008 adprep.exe
    adprep.exe /forestPrep
    adprep.exe /domainPrep
    adprep.exe /domainPrep /gpPrep
    adprep.exe /rodcPrep
如果域已经使用了很长时间(意味着有一些垃圾数据时),adprep.exe /rodcPrep可能会出错,fix方法参照http://www.yshvili.com/active-directory-mainmenu-69/252-run-adprep-rodcprep-error-message-dc-domaindnszones-dc-uodomainname-dc-local,主要就是运行adsiedit.msc,分别打开出错的AD项,adsiedit内connect to ....到特定的AD项,手动修改fSMORoleOwner的值为主控的DistinguishedName属性值。
cdlcc02升级时遇到的问题(DomainDnsZones或ForestDnsZones),错误如下:
==============================================================================
Adprep found partition DC=ForestDnsZones,DC=cn,DC=ibm,DC=com, and is about to update the permissions.

Adprep could not contact a replica for partition DC=ForestDnsZones,DC=cn,DC=ibm,DC=com.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
 
Adprep failed the operation on partition DC=ForestDnsZones,DC=cn,DC=ibm,DC=com.
Skipping to next partition.
==============================================================================
打开adsiedit.msc,Configuration[cdlcc02.cn.ibm.com]|CN=Confiuration,DC=cn,DC=ibm,DC=com|CN=Sites|CN=Default-First-Site-Name|CN=Servers|CN=CDLCC02|CN=NTDS Settings,其DistinguishedName=CN=NTDS Settings,CN=CDLCC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cn,DC=ibm,DC=com
分别在adsiedit内connect to,DC=ForestDnsZones,DC=cn,DC=ibm,DC=com|DC=DomainDnsZones,DC=cn,DC=ibm,DC=com,修改期CN=Infrastructure的fSMORoleOwner属性为CN=NTDS Settings,CN=CDLCC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cn,DC=ibm,DC=com,之后re-run adprep.exe /rodcPrep成功

3. 2008上加入域,run adpromo.exe提升为域控成功
4. 2008域控上,regsvr32 schmmgmt.dll,run mmc打开控制台,加入"Schema,Users and Computers,Domain And Trust",先做Schema,切换控制器之后点Operation Master,更改架构主机为2008域控,然后Users and Computers,切换RID、PIC、Infrastructure为 2008域控,最后切换Domain and Trust为2008域控主机
5. 2008上运行netdom query fsmo查看fsmo的所有角色是不是全部转移到2008域控上
6. 2003主控运行dcpromo.exe降域
7. 2008上加入Wins等,并修改2008的网络设置,DNS、Wins等设定到自己IP上


ldapsearch on linux OS
ldapsearch -h dc.dc2012.com -D "CN=dcadmin,OU=dcusers,DC=dc2012,DC=com" -w Sodc11bld -b

"CN=dcadmin,OU=dcusers,DC=dc2012,DC=com"
上一篇:自娱小程序--超大文件topN


下一篇:阿里云网站备案-接入备案问题集锦