1. 打開2003主要的“開始|管理工具|ad使用者和計算機",右擊ad,提升域功能級别
2. 2003主要上運作,2008 adprep.exe
adprep.exe /forestprep
adprep.exe /domainprep
adprep.exe /domainprep /gpprep
adprep.exe /rodcprep
cdlcc02更新時遇到的問題(domaindnszones或forestdnszones),錯誤如下:
==============================================================================
adprep found partition dc=forestdnszones,dc=cn,dc=ibm,dc=com, and is about to update the permissions.
adprep could not contact a replica for partition dc=forestdnszones,dc=cn,dc=ibm,dc=com.
adprep encountered an ldap error.
error code: 0x0. server extended error code: 0x0, server error message: (null).
adprep failed the operation on partition dc=forestdnszones,dc=cn,dc=ibm,dc=com.
skipping to next partition.
打開adsiedit.msc,configuration[cdlcc02.cn.ibm.com]|cn=confiuration,dc=cn,dc=ibm,dc=com|cn=sites|cn=default-first-site-name|cn=servers|cn=cdlcc02|cn=ntds settings,其distinguishedname=cn=ntds settings,cn=cdlcc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=cn,dc=ibm,dc=com
分别在adsiedit内connect to,dc=forestdnszones,dc=cn,dc=ibm,dc=com|dc=domaindnszones,dc=cn,dc=ibm,dc=com,修改期cn=infrastructure的fsmoroleowner屬性為cn=ntds settings,cn=cdlcc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=cn,dc=ibm,dc=com,之後re-run adprep.exe /rodcprep成功
3. 2008上加入域,run adpromo.exe提升為域控成功
4. 2008域控上,regsvr32 schmmgmt.dll,run mmc打開控制台,加入"schema,users and computers,domain and trust",先做schema,切換控制器之後點operation master,更改架構主機為2008域控,然後users and computers,切換rid、pic、infrastructure為 2008域控,最後切換domain and trust為2008域控主機
5. 2008上運作netdom query fsmo檢視fsmo的所有角色是不是全部轉移到2008域控上
6. 2003主要運作dcpromo.exe降域
7. 2008上加入wins等,并修改2008的網絡設定,dns、wins等設定到自己ip上
ldapsearch on linux os
ldapsearch -h dc.dc2012.com -d "cn=dcadmin,ou=dcusers,dc=dc2012,dc=com" -w sodc11bld -b
"cn=dcadmin,ou=dcusers,dc=dc2012,dc=com"
![Windows系統下通過CMD指令行或運作視窗打開常用附件和功能[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)