主域控制器是在 CentOS 7 上使用 samba 4.3.4 制作的(名称=samba)。刚刚在 WinSrv2008R2Sp1 上制作了新的第二个域控制器(名称=dc)。
使用以下文章进行了 Sysvol 复制,并且每 5 分钟使用 robocopy 正确复制一次 Sysvol 文件夹(尽管服务文件复制无法以 1053 错误启动,并且所有依赖项都已启动且看起来正常):https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround
问题在于应该每 15 分钟发生一次的自动复制:它不起作用(例如我在 samba 和 dc 上创建了一个用户,但 15 分钟后它没有出现等等)。
复制在双方手动进行(并且新创建的用户确实出现):
关于桑巴:
[root@samba]# samba-tool drs replicate dc samba dc=xxxxx,dc=com --full-sync 从 samba 复制到 dc 成功。
在 dc:
Microsoft Windows [版本 6.1.7601] 版权所有 (c) 2009 Microsoft Corporation。保留所有权利。
C:\Windows\system32>repadmin /replicate dc samba dc=xxxxx,dc=com 从 samba 到 dc 的同步已成功完成。
角色:
NetDOM /query FSMO 架构主控 samba.xxxxx.com 域命名主控 samba.xxxxx.com PDC
samba.xxxxx.com RID 池管理器 samba.xxxxx.com 基础设施主控 samba.xxxxx.com 命令已成功完成。
如何使正常的自动 15 分钟 AD 复制工作而不在调度程序等中创建作业?我计划将 Windows DC=dc 作为主 DC,将 CentOS=samba 作为辅助 DC,所以我希望一切尽可能正常工作 :)
这是来自 dc 的 dcdiag(WinSrv2008R2SP1):
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup: Trying to find home server... Home Server = DC * Identified AD Forest. Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: Advertising
Warning: DC is not advertising as a time server.
......................... DC failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... DC failed test FrsEvent
Starting test: DFSREvent
......................... DC passed test DFSREvent
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Starting test: KccEvent
......................... DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC passed test MachineAccount
Starting test: NCSecDesc
......................... DC passed test NCSecDesc
Starting test: NetLogons
......................... DC passed test NetLogons
Starting test: ObjectsReplicated
......................... DC passed test ObjectsReplicated
Starting test: Replications
......................... DC passed test Replications
Starting test: RidManager
......................... DC passed test RidManager
Starting test: Services
......................... DC passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0001B61
Time Generated: 04/25/2017 13:34:13
Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0xC0001B61
Time Generated: 04/25/2017 13:34:24
Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0xC0001B61
Time Generated: 04/25/2017 13:37:59
Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0x0000165B
Time Generated: 04/25/2017 13:38:16
Event String:
The session setup from computer 'XXNODE-16-PC' failed because the security database does not contain a trust account 'XXNODE-16-PC$' referenced by the specified computer.
An error event occurred. EventID: 0xC0001B61
Time Generated: 04/25/2017 13:41:07
Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0xC0001B61
Time Generated: 04/25/2017 13:41:18
Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0xC0001B61
Time Generated: 04/25/2017 13:41:37
Event String: A timeout was reached (30000 milliseconds) while waiting for the File Replication service to connect.
An error event occurred. EventID: 0x000016AD
Time Generated: 04/25/2017 13:43:03
Event String: The session setup from the computer XXNODE-16-PC failed to authenticate. The following error occurred:
......................... DC failed test SystemLog
Starting test: VerifyReferences
Some objects relating to the DC DC have problems:
[1] Problem: Missing Expected Value
Base Object: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxxxx,DC=com
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object: CN=DC,OU=Domain Controllers,DC=xxxxx,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... DC failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
The application directory partition DC=ForestDnsZones,DC=xxxxx,DC=com is missing a security descriptor reference domain. The administrator should set the msDS-SD-Reference-Domain
attribute on the cross reference object CN=5cb6f429-dfba-45e5-914f-82a6b2a10fb4,CN=Partitions,CN=Configuration,DC=xxxxx,DC=com to the DN of a domain.
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
The application directory partition DC=DomainDnsZones,DC=xxxxx,DC=com is missing a security descriptor reference domain. The administrator should set the msDS-SD-Reference-Domain
attribute on the cross reference object CN=fb322730-c969-4fa2-8ba8-cff0ac78969d,CN=Partitions,CN=Configuration,DC=xxxxx,DC=com to the DN of a domain.
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : xxxxx
Starting test: CheckSDRefDom
......................... xxxxx passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... xxxxx passed test CrossRefValidation
Running enterprise tests on : xxxxx.com
Starting test: LocatorCheck
......................... xxxxx.com passed test LocatorCheck
Starting test: Intersite
......................... xxxxx.com passed test Intersite