这个问题看起来和问题 73875尽管对于不同版本的 Windows,我已经尝试了接受的答案但无济于事,在我看来,问题不是暂时的,第二次创建域并没有改变任何事情。
除了域控制器的一个 ns 条目外,所有条目都缺失。这是一台新服务器,已更新。这也是我第一次尝试 AD、域等,但我确信我已经完全遵循了每个人发布的指南(包括在 technet 上)。
我提供一个DNS 管理器的屏幕截图。
C:\Users\Administrator.PDC>dcdiag /test:registerindns /dnsdomain:xxx /v
Starting test: RegisterInDNS
DNS configuration is sufficient to allow this domain controller to dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically register the A record corresponding to its DNS name.
......................... PDC passed test RegisterInDNS
我无法正确理解 dcdiag DNS 测试的输出,除了委派似乎没问题,但我也将其包括在内。
C:\Users\Administrator.PDC>dcdiag /test:DNS /dnsdomain:mydomain /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PDC, is a Directory Server.
Home Server = PDC
* Connecting to directory service on server PDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xx,DC=xx,DC=xx,DC=xx
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PDC
Starting test: Connectivity
* Active Directory LDAP Services Check
The host b144abfd-0418-478c-9056-b947bc9474ad._msdcs.mydomain could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... PDC failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PDC
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... PDC passed test DNS
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : bo
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : mydomain
Starting test: DNS
Test results for domain controllers:
DC: PDC.mydomain
Domain: mydomain
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS Microsoft Windows Server 2016 Standard (Service Pack level: 0.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000000] Red Hat VirtIO Ethernet Adapter:
MAC address is 32:17:9C:64:E5:3A
IP Address is static
IP address: 123.456.789.16
DNS servers:
Warning:
127.0.0.1 (pdc.mydomain.) [Invalid]
Warning: adapter [00000000] Red Hat VirtIO Ethernet Adapter has invalid DNS server: 127.0.0.1 (pdc.mydomain.)
Error: all DNS servers are invalid
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
123.456.789.250 (<name unavailable>) [Valid]
123.456.789.4 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: mydomain.
Delegated domain name: _msdcs.mydomain.
DNS server: pdc.mydomain. IP:123.456.789.16 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone mydomain
Test record dcdiag-test-record deleted successfully in zone mydomain
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network adapters
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 123.456.789.16 (pdc.mydomain.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.mydomain. failed on the DNS server 123.456.789.16
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS delegation for the domain _msdcs.mydomain. is operational on IP 123.456.789.16
DNS server: 123.456.789.250 (<name unavailable>)
All tests passed on this DNS server
DNS server: 123.456.789.4 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: mydomain
PDC PASS FAIL PASS PASS PASS FAIL n/a
......................... mydomain failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
我补充说,这个域正在现有的 unix 基础架构中部署以进行测试/评估,因此向导抱怨无法获得委派。这是意料之中的,但是我已经在主 DNS(tinydns)中配置了委派,并且 dcdiag 对此没有异议。在我看来,这甚至还不是等式的一部分,因为区域必须首先存在于 pdc 中,但我当然可能是错的。
这是相关的tinydns配置。
&_udp.mydomain::pdc.mydomain:::
&_tcp.mydomain::pdc.mydomain:::
&_sites.mydomain::pdc.mydomain:::
&_msdcs.mydomain::pdc.mydomain:::
=pdc.mydomain:123.456.789.16:::
6pdc.mydomain:longipv6address:::
为了测试目的,我暂时禁用了 pdc 上的 ipv6,我还将其唯一的 DNS 服务器设置为 127.0.0.1,如多个指南中所示。防火墙允许出站流量和所有来自本地网络的入站流量(我也尝试过暂时禁用防火墙,但没有发现任何区别)。所有测试都在 pdc 本身上进行。
答案1
当您安装 Active Directory 集成 DNS 时,会自动创建区域。相反,当您安装基于文件的 DNS 时,不会自动创建区域和记录。在新安装的服务器中,您发现它没有记录和区域,这是很正常的,因为您必须开始创建它们。如果这将是一个复制服务器(您已经有另一个),那么情况就不同了。如果您需要问一个更具体的问题,请这样做。希望这对您有所帮助!