转自http://dadiwm.blog.51cto.com/1773851/1658882
因为主域控在没有任何保护的情况下,裸奔后感染病毒,直接垮掉了(无语),且无法恢复。希望能够对其进行完整功能的灾难恢复。
整个过程不难,但是大家在做这种操作的时候,思路一定要清晰,且操作的时候一定要仔细。
具体思路步骤:(可能不完善,欢迎大家补充)
1. 彻底检查主域控SRVDC01状态,这里主要包括是否彻底无法启动 or 只是功能故障
2. 如果主域控还能勉强单机登录的话,备份一切可以备份的有用文件资料或者应用配置,如CA证书服务器配置等。
3. 确保SRVDC02为全局编录服务器GC,并且将主DNS暂时指向自己。
4. 在辅助域控SRVDC02上使用 ntdsutil 命令抢夺FSMO五大角色。
5. 在辅助域控SRVDC02上删除故障主域控SRVDC01的全部数据信息及SRV记录。
6. 保证IP和机器名不变的情况下,重装SRVDC01成员服务器并加域,提升为域控。
7. 将FSMO五大角色从SRVDC02迁移回SRVDC01,提升为主域控。
下面我们来看看详细步骤及截图:
根据每个故障的不同背景,我以下的步骤和截图只有只有3、4、5,省略了上述的 1、2、6、7。
1. 首先使用管理员权限在辅助域控SRVDC02上打开CMD命令行,输入 netdom query fsmo进行查看目前五大角色的位置
2. 在辅助域控SRVDC02上打开AD站点和服务,检查辅助域控SRVDC02是否为全局编录服务器GC
3. 继续使用管理员权限在辅助域控SRVDC02上打开CMD命令行,输入 ntdsutil命令来抢夺FSMO五大角色。
注:这里在选择server connections服务器连接的时候,因为主域控SRVDC01已经离线,所以直接选择辅助域控SRVDC02
4. 在系统提示的 FSMO maintenance后面以此输入五条命令来抢夺对应的角色,分别是
抢夺结构主机 Seize infrastructure master
抢夺命名主机 Seize naming master
抢夺PDC Seize PDC
抢夺RID主机 Seize RID master
抢夺架构主机 Seize schema master
如果记不住也没关键,直接 fsmo maintenance:? 查询就好
5. 下面就是五个角色分别的抢夺步骤了
注:在抢夺过程中,系统会提示警告或者报错,这个是正常现象,因为SRVDC01主域控已经脱机,在第一时间没找到主域控之后,
会自动将角色覆盖在已连接的SRVDC02辅助域控上。
6. 在SRVDC02上通过netdom query fsmo命令查看抢夺角色的情况
7. 删除故障域控SRVDC01的残留信息
传统的方法我们也是通过命令行 metadata cleanup命令来进行逐一删除,但在这里我给大家介绍一个微软官方的VB脚本,非常好用!
名字叫做:Remove Active Directory Domain Controller Metadata
详细说明及下载地址: https://gallery.technet.microsoft.com/ScriptCenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3/
运行VB之后,会自动搜索出目前域环境内的所有域控,只需填入要清除的域控名即可,我们这里填入故障域控SRVDC01
8. 如果不想使用第7步中的这个VB脚本,要使用命令行删除的也可以,具体步骤如下。
首先绑定主域控,然后找到域中的站点,选定站点,找出站点中的域控,选定域控,最后使用 remove selected server进行残留信息删除。
9. 登录到新的“主域控”SRVDC02的DNS(SRV记录)、站点、AD用户和 计算机、ADSI上去检查一下是否老的SRVDC01信息已经被删除,
如果没删除的话,手动删除即可。
至此,故障域控基本上已经从域环境中被彻底删除。现在就可以在保证IP和机器名不变的情况下,重装SRVDC01成员服务器并加域,提升为域控,
再将FSMO五大角色从SRVDC02迁移回SRVDC01,提升为主域控即可。
续:恢复后运行组策略提示找不到路径,查看%systemroot%\sysvol\sysvol\domain.com目录下为空的,因为之前没有备份SYSVOL文件夹,所以只能重建组策略脚步。
先在sysvol\domain目录下新建两个文件夹,Policies和Scripts,然后用DcGPOFix /target:both重建组策略
整个步骤与思路:
1.如果SYSVOL缺少相关的目录,那我们就开始手动建立吧
2.特殊的文件,我们需要特别的工具来执行。
3.通过修改相关的注册表键值+重启ntfrs服务来实现自动完善文件。
4.修复SYSVOL与NETLOGON后,最容易出现组策略问题,所以做组策略备份是有必要的,实在不行你可以重置默认组策略。
附Remove Active Directory Domain Controller Metadata的VBS
REM ==========================================================
REM GUI Metadata Cleanup Utility
REM Written By Clay Perrine
REM Version 2.5
REM ==========================================================
REM This tool is furnished "AS IS". NO warranty is expressed or Implied.
on error resume next
dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename
rem =======This gets the name of the computer that the script is run on ======
Set sh = CreateObject("WScript.Shell")
key= "HKEY_LOCAL_MACHINE"
computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")
rem === Get the default naming context of the domain====
set objRoot=GetObject("LDAP://RootDSE")
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
rem === Get the list of domain controllers====
Set objConfiguration = GetObject(sPath) For Each objContainer in objConfiguration
outval = outval & vbtab & objContainer.Name & VBCRLF Next
outval = Replace(outval, "CN=", "")
rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.===
oDCSelect= InputBox (outval," Enter the computer name to be removed","")
comparename = UCase(oDCSelect)
if comparename = computerName then
msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _
"You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error."
wscript.quit End If
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
Err.Clear
ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
set myObj=GetObject(ckdcPath)
If err.number <>0 Then
errval= 1
End If Next
If errval = 1 then
msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error."
wscript.quit End If
abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!")
if abort <> 6 then
msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error."
wscript.quit
end if
oDCSelect = "CN=" & oDCSelect
ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sSitelist) For Each objContainer in objConfiguration
Err.Clear
sitePath = "LDAP://" & oDCSelect & ",CN=Servers," & objContainer.Name & ",CN=Sites,CN=Configuration," & _
objRoot.Get("defaultNamingContext")
set myObj=GetObject(sitePath)
If err.number = 0 Then
siteval = sitePath
End If Next
sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sFRSSysvolList)
For Each objContainer in objConfiguration
Err.Clear
SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
objRoot.Get("defaultNamingContext")
set myObj=GetObject(SYSVOLPath)
If err.number = 0 Then
SYSVOLval = SYSVOLPath
End If Next
SiteList = Replace(sSitelist, "LDAP://", "")
VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") Set SiteConfiguration = GetObject(VarSitelist)
For Each SiteContainer in SiteConfiguration
Sitevar = SiteContainer.Name
VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set DCConfiguration = GetObject(VarPath)
For Each DomContainer in DCConfiguration
DCVar = DomContainer.Name
strFromServer = ""
NTDSPATH = DCVar & ",CN=Servers," & SiteVar & "," & SiteList
GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH
Set objCheck = GetObject(NTDSPATH)
For Each CheckContainer in objCheck
rem ====check for valid site paths =======================
ldapntdspath = "LDAP://" & NTDSPATH
Err.Clear
set exists=GetObject(ldapntdspath)
If err.number = 0 Then
Set oGuidGet = GetObject(GuidPath)
For Each objContainer in oGuidGet
oGuid = objContainer.Name
oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH
Set objSitelink = GetObject(oGuidPath)
objSiteLink.GetInfo
strFromServer = objSiteLink.Get("fromServer")
ispresent = Instr(1,strFromServer,oDCSelect,1)
if ispresent <> 0 then
Set objReplLinkVal = GetObject(oGuidPath)
objReplLinkVal.DeleteObject(0)
end if
next
sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList
if sitedelval = ntdspath then
Set objguidpath = GetObject(guidpath)
objguidpath.DeleteObject(0)
Set objntdspath = GetObject(ldapntdspath)
objntdspath.DeleteObject(0)
end if
End If
next
next
next Set AccountObject = GetObject(ckdcPath)
temp=Accountobject.Get ("userAccountControl")
AccountObject.Put "userAccountControl", "4096"
AccountObject.SetInfo Set objFRSSysvol = GetObject(SYSVOLval)
objFRSSysvol.DeleteObject(0) Set objComputer = GetObject(ckdcPath)
objComputer.DeleteObject(0) Set objConfig = GetObject(siteval)
objConfig.DeleteObject(0)
oDCSelect = Replace(oDCSelect, "CN=", "")
msgval = "Metadata Cleanup Completed for " & oDCSelect
msgbox msgval,,"Notice."
wscript.quit转载于:https://blog.51cto.com/windlin50/1676675
263
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
