Active Directory - 几乎所有 DNS 区域和条目都未创建

Active Directory - 几乎所有 DNS 区域和条目都未创建

这个问题看起来和问题 73875尽管对于不同版本的 Windows,我已经尝试了接受的答案但无济于事,在我看来,问题不是暂时的,第二次创建域并没有改变任何事情。

除了域控制器的一个 ns 条目外,所有条目都缺失。这是一台新服务器,已更新。这也是我第一次尝试 AD、域等,但我确信我已经完全遵循了每个人发布的指南(包括在 technet 上)。

我提供一个DNS 管理器的屏幕截图

C:\Users\Administrator.PDC>dcdiag /test:registerindns /dnsdomain:xxx /v
Starting test: RegisterInDNS
  DNS configuration is sufficient to allow this domain controller to dynamically register the domain controller Locator records in DNS.

  The DNS configuration is sufficient to allow this computer to dynamically register the A record corresponding to its DNS name.

  ......................... PDC passed test RegisterInDNS

我无法正确理解 dcdiag DNS 测试的输出,除了委派似乎没问题,但我也将其包括在内。

C:\Users\Administrator.PDC>dcdiag /test:DNS /dnsdomain:mydomain /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine PDC, is a Directory Server.
Home Server = PDC
* Connecting to directory service on server PDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\PDC
  Starting test: Connectivity
     * Active Directory LDAP Services Check
     The host b144abfd-0418-478c-9056-b947bc9474ad._msdcs.mydomain could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.
     Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
     ......................... PDC failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\PDC
  Test omitted by user request: Advertising
  Test omitted by user request: CheckSecurityError
  Test omitted by user request: CutoffServers
  Test omitted by user request: FrsEvent
  Test omitted by user request: DFSREvent
  Test omitted by user request: SysVolCheck
  Test omitted by user request: KccEvent
  Test omitted by user request: KnowsOfRoleHolders
  Test omitted by user request: MachineAccount
  Test omitted by user request: NCSecDesc
  Test omitted by user request: NetLogons
  Test omitted by user request: ObjectsReplicated
  Test omitted by user request: OutboundSecureChannels
  Test omitted by user request: Replications
  Test omitted by user request: RidManager
  Test omitted by user request: Services
  Test omitted by user request: SystemLog
  Test omitted by user request: Topology
  Test omitted by user request: VerifyEnterpriseReferences
  Test omitted by user request: VerifyReferences
  Test omitted by user request: VerifyReplicas

  Starting test: DNS

     DNS Tests are running and not hung. Please wait a few minutes...
     See DNS test in enterprise tests section for results
     ......................... PDC passed test DNS

Running partition tests on : DomainDnsZones
  Test omitted by user request: CheckSDRefDom
  Test omitted by user request: CrossRefValidation

Running partition tests on : ForestDnsZones
  Test omitted by user request: CheckSDRefDom
  Test omitted by user request: CrossRefValidation

Running partition tests on : Schema
  Test omitted by user request: CheckSDRefDom
  Test omitted by user request: CrossRefValidation

Running partition tests on : Configuration
  Test omitted by user request: CheckSDRefDom
  Test omitted by user request: CrossRefValidation

Running partition tests on : bo
  Test omitted by user request: CheckSDRefDom
  Test omitted by user request: CrossRefValidation

Running enterprise tests on : mydomain
  Starting test: DNS
     Test results for domain controllers:

        DC: PDC.mydomain
        Domain: mydomain


           TEST: Authentication (Auth)
              Authentication test: Successfully completed

           TEST: Basic (Basc)
              Error: No LDAP connectivity
              The OS Microsoft Windows Server 2016 Standard (Service Pack level: 0.0) is supported.
              NETLOGON service is running
              kdc service is running
              DNSCACHE service is running
              DNS service is running
              DC is a DNS server
              Network adapters information:
              Adapter [00000000] Red Hat VirtIO Ethernet Adapter:
                 MAC address is 32:17:9C:64:E5:3A
                 IP Address is static
                 IP address: 123.456.789.16
                 DNS servers:
                    Warning:
                    127.0.0.1 (pdc.mydomain.) [Invalid]
                    Warning: adapter [00000000] Red Hat VirtIO Ethernet Adapter has invalid DNS server: 127.0.0.1 (pdc.mydomain.)
              Error: all DNS servers are invalid
              No host records (A or AAAA) were found for this DC
              The SOA record for the Active Directory zone was found
              The Active Directory zone on this DC/DNS server was found primary
              Root zone on this DC/DNS server was not found

           TEST: Forwarders/Root hints (Forw)
              Recursion is enabled
              Forwarders Information:
                 123.456.789.250 (<name unavailable>) [Valid]
                 123.456.789.4 (<name unavailable>) [Valid]

           TEST: Delegations (Del)
              Delegation information for the zone: mydomain.
                 Delegated domain name: _msdcs.mydomain.
                    DNS server: pdc.mydomain. IP:123.456.789.16 [Valid]

           TEST: Dynamic update (Dyn)
              Test record dcdiag-test-record added successfully in zone mydomain
              Test record dcdiag-test-record deleted successfully in zone mydomain

        TEST: Records registration (RReg)
           Error: Record registrations cannot be found for all the network adapters

     Summary of test results for DNS servers used by the above domain controllers:

        DNS server: 123.456.789.16 (pdc.mydomain.)
           1 test failure on this DNS server
           Name resolution is not functional. _ldap._tcp.mydomain. failed on the DNS server 123.456.789.16
           [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
           DNS delegation for the domain  _msdcs.mydomain. is operational on IP 123.456.789.16


        DNS server: 123.456.789.250 (<name unavailable>)
           All tests passed on this DNS server

        DNS server: 123.456.789.4 (<name unavailable>)
           All tests passed on this DNS server

     Summary of DNS test results:

                                        Auth Basc Forw Del  Dyn  RReg Ext
        _________________________________________________________________
        Domain: mydomain
           PDC                          PASS FAIL PASS PASS PASS FAIL n/a

     ......................... mydomain failed test DNS
  Test omitted by user request: LocatorCheck
  Test omitted by user request: Intersite

我补充说,这个域正在现有的 unix 基础架构中部署以进行测试/评估,因此向导抱怨无法获得委派。这是意料之中的,但是我已经在主 DNS(tinydns)中配置了委派,并且 dcdiag 对此没有异议。在我看来,这甚至还不是等式的一部分,因为区域必须首先存在于 pdc 中,但我当然可能是错的。

这是相关的tinydns配置。

&_udp.mydomain::pdc.mydomain:::
&_tcp.mydomain::pdc.mydomain:::
&_sites.mydomain::pdc.mydomain:::
&_msdcs.mydomain::pdc.mydomain:::
=pdc.mydomain:123.456.789.16:::
6pdc.mydomain:longipv6address:::

为了测试目的,我暂时禁用了 pdc 上的 ipv6,我还将其唯一的 DNS 服务器设置为 127.0.0.1,如多个指南中所示。防火墙允许出站流量和所有来自本地网络的入站流量(我也尝试过暂时禁用防火墙,但没有发现任何区别)。所有测试都在 pdc 本身上进行。

答案1

当您安装 Active Directory 集成 DNS 时,会自动创建区域。相反,当您安装基于文件的 DNS 时,不会自动创建区域和记录。在新安装的服务器中,您发现它没有记录和区域,这是很正常的,因为您必须开始创建它们。如果这将是一个复制服务器(您已经有另一个),那么情况就不同了。如果您需要问一个更具体的问题,请这样做。希望这对您有所帮助!

相关内容