我正在运行一个带有 2 个 Active Directory Windows2012 控制器的测试环境 - 它经常打开和关闭。然而,我很难破译repadmin /showrepl和repadmin/replsummary输出。输出显示由于 10 分钟前的问题而导致的错误,但根据事件日志,问题似乎已被清除。
下面是一个示例。目前,复制似乎只需手动添加对象即可工作,并且它们会显示在另一个 DC 中。事件日志错误和警告似乎已清除。但我主要关心的是能够实时检查 Active Directory 服务的运行状况,而无需参考过去的错误或一切恢复正常后不会立即清除错误。
C:\Users\administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\WIN2012-1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 4d0f615f-2568-4acb-a4d7-fda9e8c303ff
DSA invocationID: 4d0f615f-2568-4acb-a4d7-fda9e8c303ff
==== INBOUND NEIGHBORS ======================================
DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 13:16:30 was successful.
CN=Configuration,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:52:26 was successful.
CN=Schema,CN=Configuration,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:47:28 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
1 consecutive failure(s).
Last success @ 2016-11-30 22:45:07.
DC=DomainDnsZones,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 13:08:01 was successful.
DC=ForestDnsZones,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:47:28 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2016-11-30 22:45:07.
Source: Default-First-Site-Name\WIN-2012-2
******* 1 CONSECUTIVE FAILURES since 2016-11-30 22:45:07
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
repadmin /replsummary
Replication Summary Start Time: 2016-12-01 13:19:35
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
WIN-2012-2 14h:34m:28s 2 / 5 40 (8524) The DSA operation is
unable to proceed because of a DNS lookup failure.
WIN2012-1 14h:20m:18s 2 / 5 40 (1908) Could not find the do
main controller for this domain.
Destination DSA largest delta fails/total %% error
WIN-2012-2 14h:20m:18s 2 / 5 40 (1908) Could not find the do
main controller for this domain.
WIN2012-1 14h:34m:28s 2 / 5 40 (8524) The DSA operation is
unable to proceed because of a DNS lookup failure.
另外,showrepl 显示的以下 3 个测试有什么区别?:
DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 13:16:30 was successful.
CN=Configuration,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:52:26 was successful.
CN=Schema,CN=Configuration,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:47:28 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup
1 consecutive failure(s).
Last success @ 2016-11-30 22:45:07.
答案1
repadmin /replsummary必然会显示成功和失败的滚动缓存中的历史数据,因此/replsummary即使您确实已修复它,它仍会在一段时间内继续显示旧错误。我不喜欢它,/replsummary也从不使用它。
/showrepl另一方面,它是实时的。也许您仍然看到旧错误,/showrepl因为从那时起 DC 就没有尝试复制任何东西?
你repadmin /syncall /APed能从两个 DC 都无任何错误地执行吗?如果不能,则说明你尚未修复。
另外,showrepl 显示的以下 3 个测试有什么区别?:
DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 13:16:30 was successful.
CN=Configuration,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:52:26 was successful.
CN=Schema,CN=Configuration,DC=tom,DC=local
Default-First-Site-Name\WIN-2012-2 via RPC
DSA object GUID: 666eacaf-7bfd-428f-bc21-4bc067207f44
Last attempt @ 2016-12-01 12:47:28 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup
1 consecutive failure(s).
Last success @ 2016-11-30 22:45:07.
域控制器托管多个不同的命名上下文或分区。它们有点类似于数据库中的逻辑表或视图。每个分区都单独复制。第一个DC=tom,DC=local是您的域分区。它是属于该域的用户和组所在的位置。来自其他域(如果有)的用户和组不会位于该分区中。
CN=Configuration,DC=tom,DC=local是复制到林中所有 DC 的林范围命名上下文。它包含有关整个林的配置信息,如 AD 站点、PKI 信息等。
CN=Schema,CN=Configuration,DC=tom,DC=local也是全林命名上下文。整个林中只有一个版本的此分区。