1. 打开2003主控的“开始|管理工具|ad用户和计算机",右击ad,提升域功能级别
2. 2003主控上运行,2008 adprep.exe
adprep.exe /forestprep
adprep.exe /domainprep
adprep.exe /domainprep /gpprep
adprep.exe /rodcprep
cdlcc02升级时遇到的问题(domaindnszones或forestdnszones),错误如下:
==============================================================================
adprep found partition dc=forestdnszones,dc=cn,dc=ibm,dc=com, and is about to update the permissions.
adprep could not contact a replica for partition dc=forestdnszones,dc=cn,dc=ibm,dc=com.
adprep encountered an ldap error.
error code: 0x0. server extended error code: 0x0, server error message: (null).
adprep failed the operation on partition dc=forestdnszones,dc=cn,dc=ibm,dc=com.
skipping to next partition.
打开adsiedit.msc,configuration[cdlcc02.cn.ibm.com]|cn=confiuration,dc=cn,dc=ibm,dc=com|cn=sites|cn=default-first-site-name|cn=servers|cn=cdlcc02|cn=ntds settings,其distinguishedname=cn=ntds settings,cn=cdlcc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=cn,dc=ibm,dc=com
分别在adsiedit内connect to,dc=forestdnszones,dc=cn,dc=ibm,dc=com|dc=domaindnszones,dc=cn,dc=ibm,dc=com,修改期cn=infrastructure的fsmoroleowner属性为cn=ntds settings,cn=cdlcc02,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=cn,dc=ibm,dc=com,之后re-run adprep.exe /rodcprep成功
3. 2008上加入域,run adpromo.exe提升为域控成功
4. 2008域控上,regsvr32 schmmgmt.dll,run mmc打开控制台,加入"schema,users and computers,domain and trust",先做schema,切换控制器之后点operation master,更改架构主机为2008域控,然后users and computers,切换rid、pic、infrastructure为 2008域控,最后切换domain and trust为2008域控主机
5. 2008上运行netdom query fsmo查看fsmo的所有角色是不是全部转移到2008域控上
6. 2003主控运行dcpromo.exe降域
7. 2008上加入wins等,并修改2008的网络设置,dns、wins等设定到自己ip上
ldapsearch on linux os
ldapsearch -h dc.dc2012.com -d "cn=dcadmin,ou=dcusers,dc=dc2012,dc=com" -w sodc11bld -b
"cn=dcadmin,ou=dcusers,dc=dc2012,dc=com"
![Windows系统下通过CMD命令行或运行窗口打开常用附件和功能[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)