Active-Directory

從 Windows 2003 SBS 遷移域控制器

  • March 1, 2021

我正在嘗試將 DC 從 Windows Server 2003 SBS 遷移到 Windows Server 2016。當我嘗試將 Server 2016 提升為域控制器時,問題就開始了。我在“先決條件檢查”步驟中收到以下錯誤消息:

Verification of outbound replication failed. Error reading the NTDS settings on replication source domain controller server.mydomain.local. Domain controller data not found for the specified Active Directory domain controller

在森林中,那裡有一個空的子域和一個有故障的輔助 DC(安裝它的電腦很久以前就失去了)。我已經在 的幫助下清理了這些東西,ntdsutil但無濟於事。雖然dcdiag現在幾乎是乾淨的:

   Command Line: "dcdiag.exe /v /c /d /e"

Domain Controller Diagnosis

Performing initial setup:
  * Verifying that the local machine SERVER, is a DC. 
  * Connecting to directory service on server SERVER.
  SERVER.currentTime = 20201022103523.0Z
  SERVER.highestCommittedUSN = 12822731
  SERVER.isSynchronized = 1
  SERVER.isGlobalCatalogReady = 1
  * Collecting site info.
  * Identifying all servers.
  SERVER.currentTime = 20201022103523.0Z
  SERVER.highestCommittedUSN = 12822731
  SERVER.isSynchronized = 1
  SERVER.isGlobalCatalogReady = 1
  * Identifying all NC cross-refs.
  * Found 1 DC(s). Testing 1 of them.
  Done gathering initial info.


===============================================Printing out pDsInfo

GLOBAL:
   ulNumServers=1
   pszRootDomain=mcad.local
   pszNC=
   pszRootDomainFQDN=DC=mcad,DC=local
   pszConfigNc=CN=Configuration,DC=mcad,DC=local
   pszPartitionsDn=CN=Partitions,CN=Configuration,DC=mcad,DC=local
   iSiteOptions=0
   dwTombstoneLifeTimeDays=60

   dwForestBehaviorVersion=2

   HomeServer=0, SERVER

   SERVER: pServer[0].pszName=SERVER
       pServer[0].pszGuidDNSName=12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local
       pServer[0].pszDNSName=SERVER.mcad.local
       pServer[0].pszDn=CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
       pServer[0].pszComputerAccountDn=CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local
       pServer[0].uuidObjectGuid=12a36ed6-9156-4bb8-9d8a-f523bd78ff47
       pServer[0].uuidInvocationId=46209efa-f56d-4587-b190-36daf538829a
       pServer[0].iSite=0 (Default-First-Site-Name)
       pServer[0].iOptions=1
       pServer[0].ftLocalAcquireTime=0c27e930 01d6a85f 

       pServer[0].ftRemoteConnectTime=0bf56780 01d6a85f 

       pServer[0].ppszMasterNCs:
           ppszMasterNCs[0]=DC=ForestDnsZones,DC=mcad,DC=local
           ppszMasterNCs[1]=DC=DomainDnsZones,DC=mcad,DC=local
           ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=mcad,DC=local
           ppszMasterNCs[3]=CN=Configuration,DC=mcad,DC=local
           ppszMasterNCs[4]=DC=mcad,DC=local

   SITES:  pSites[0].pszName=Default-First-Site-Name
       pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
       pSites[0].pszISTG=CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
       pSites[0].iSiteOption=0

       pSites[0].cServers=1

   NC:     pNCs[0].pszName=ForestDnsZones
       pNCs[0].pszDn=DC=ForestDnsZones,DC=mcad,DC=local

           pNCs[0].aCrInfo[0].dwFlags=0x00000201
           pNCs[0].aCrInfo[0].pszDn=CN=053f2400-35fe-4529-a535-d8d649587484,CN=Partitions,CN=Configuration,DC=mcad,DC=local
           pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.mcad.local
           pNCs[0].aCrInfo[0].iSourceServer=0
           pNCs[0].aCrInfo[0].pszSourceServer=(null)
           pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
           pNCs[0].aCrInfo[0].bEnabled=TRUE
           pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
           pNCs[0].aCrInfo[0].pszNetBiosName=(null)
           pNCs[0].aCrInfo[0].cReplicas=-1
           pNCs[0].aCrInfo[0].aszReplicas=


   NC:     pNCs[1].pszName=DomainDnsZones
       pNCs[1].pszDn=DC=DomainDnsZones,DC=mcad,DC=local

           pNCs[1].aCrInfo[0].dwFlags=0x00000201
           pNCs[1].aCrInfo[0].pszDn=CN=fc0257f3-c228-4082-8647-08354ec0dd25,CN=Partitions,CN=Configuration,DC=mcad,DC=local
           pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.mcad.local
           pNCs[1].aCrInfo[0].iSourceServer=0
           pNCs[1].aCrInfo[0].pszSourceServer=(null)
           pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
           pNCs[1].aCrInfo[0].bEnabled=TRUE
           pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
           pNCs[1].aCrInfo[0].pszNetBiosName=(null)
           pNCs[1].aCrInfo[0].cReplicas=-1
           pNCs[1].aCrInfo[0].aszReplicas=


   NC:     pNCs[2].pszName=Schema
       pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=mcad,DC=local

           pNCs[2].aCrInfo[0].dwFlags=0x00000201
           pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=mcad,DC=local
           pNCs[2].aCrInfo[0].pszDnsRoot=mcad.local
           pNCs[2].aCrInfo[0].iSourceServer=0
           pNCs[2].aCrInfo[0].pszSourceServer=(null)
           pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
           pNCs[2].aCrInfo[0].bEnabled=TRUE
           pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
           pNCs[2].aCrInfo[0].pszNetBiosName=(null)
           pNCs[2].aCrInfo[0].cReplicas=-1
           pNCs[2].aCrInfo[0].aszReplicas=


   NC:     pNCs[3].pszName=Configuration
       pNCs[3].pszDn=CN=Configuration,DC=mcad,DC=local

           pNCs[3].aCrInfo[0].dwFlags=0x00000201
           pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=mcad,DC=local
           pNCs[3].aCrInfo[0].pszDnsRoot=mcad.local
           pNCs[3].aCrInfo[0].iSourceServer=0
           pNCs[3].aCrInfo[0].pszSourceServer=(null)
           pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
           pNCs[3].aCrInfo[0].bEnabled=TRUE
           pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
           pNCs[3].aCrInfo[0].pszNetBiosName=(null)
           pNCs[3].aCrInfo[0].cReplicas=-1
           pNCs[3].aCrInfo[0].aszReplicas=


   NC:     pNCs[4].pszName=mcad
       pNCs[4].pszDn=DC=mcad,DC=local

           pNCs[4].aCrInfo[0].dwFlags=0x00000201
           pNCs[4].aCrInfo[0].pszDn=CN=MCAD,CN=Partitions,CN=Configuration,DC=mcad,DC=local
           pNCs[4].aCrInfo[0].pszDnsRoot=mcad.local
           pNCs[4].aCrInfo[0].iSourceServer=0
           pNCs[4].aCrInfo[0].pszSourceServer=(null)
           pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
           pNCs[4].aCrInfo[0].bEnabled=TRUE
           pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000          pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
           pNCs[4].aCrInfo[0].pszNetBiosName=(null)
           pNCs[4].aCrInfo[0].cReplicas=-1
           pNCs[4].aCrInfo[0].aszReplicas=


   5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, mcad, 
   1 TARGETS: SERVER, 

=============================================Done Printing pDsInfo

Doing initial required tests
  
  Testing server: Default-First-Site-Name\SERVER
     Starting test: Connectivity
        * Active Directory LDAP Services Check
        Failure Analysis: SERVER ... OK.
        * Active Directory RPC Services Check
        ......................... SERVER passed test Connectivity

Doing primary tests
  
  Testing server: Default-First-Site-Name\SERVER
     Starting test: Replications
        * Replications Check
        DC=ForestDnsZones,DC=mcad,DC=local has 10 cursors.
        DC=DomainDnsZones,DC=mcad,DC=local has 9 cursors.
        CN=Schema,CN=Configuration,DC=mcad,DC=local has 10 cursors.
        CN=Configuration,DC=mcad,DC=local has 10 cursors.
        DC=mcad,DC=local has 9 cursors.
        * Replication Latency Check
           DC=ForestDnsZones,DC=mcad,DC=local
              Latency information for 9 entries in the vector were ignored.
                 9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
           DC=DomainDnsZones,DC=mcad,DC=local
              Latency information for 8 entries in the vector were ignored.
                 8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
           CN=Schema,CN=Configuration,DC=mcad,DC=local
              Latency information for 9 entries in the vector were ignored.
                 9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
           CN=Configuration,DC=mcad,DC=local
              Latency information for 9 entries in the vector were ignored.
                 9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
           DC=mcad,DC=local
              Latency information for 8 entries in the vector were ignored.
                 8 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
        ......................... SERVER passed test Replications
     Starting test: Topology
        * Configuration Topology Integrity Check
        * Analyzing the connection topology for DC=ForestDnsZones,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the connection topology for DC=DomainDnsZones,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the connection topology for CN=Configuration,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the connection topology for DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        ......................... SERVER passed test Topology
     Starting test: CutoffServers
        * Configuration Topology Aliveness Check
        * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the alive system replication topology for CN=Configuration,DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        * Analyzing the alive system replication topology for DC=mcad,DC=local.
        * Performing upstream (of target) analysis.
        * Performing downstream (of target) analysis.
        ......................... SERVER passed test CutoffServers
     Starting test: NCSecDesc
        * Security Permissions check for all NC's on DC SERVER.
        * Security Permissions Check for
          DC=ForestDnsZones,DC=mcad,DC=local
           (NDNC,Version 2)
        * Security Permissions Check for
          DC=DomainDnsZones,DC=mcad,DC=local
           (NDNC,Version 2)
        * Security Permissions Check for
          CN=Schema,CN=Configuration,DC=mcad,DC=local
           (Schema,Version 2)
        * Security Permissions Check for
          CN=Configuration,DC=mcad,DC=local
           (Configuration,Version 2)
        * Security Permissions Check for
          DC=mcad,DC=local
           (Domain,Version 2)
        ......................... SERVER passed test NCSecDesc
     Starting test: NetLogons
        * Network Logons Privileges Check
        Verified share \\SERVER\netlogon
        Verified share \\SERVER\sysvol
        ......................... SERVER passed test NetLogons
     Starting test: Advertising
        The DC SERVER is advertising itself as a DC and having a DS.
        The DC SERVER is advertising as an LDAP server
        The DC SERVER is advertising as having a writeable directory
        The DC SERVER is advertising as a Key Distribution Center
        The DC SERVER is advertising as a time server
        The DS SERVER is advertising as a GC.
        ......................... SERVER passed test Advertising
     Starting test: KnowsOfRoleHolders
        Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        ......................... SERVER passed test KnowsOfRoleHolders
     Starting test: RidManager
        ridManagerReference = CN=RID Manager$,CN=System,DC=mcad,DC=local
        * Available RID Pool for the Domain is 8109 to 1073741823
        fSMORoleOwner = CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local
        * SERVER.mcad.local is the RID Master
        * DsBind with RID Master was successful
        rIDSetReferences = CN=RID Set,CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local
        * rIDAllocationPool is 7609 to 8108
        * rIDPreviousAllocationPool is 5109 to 5608
        * rIDNextRID: 5461
        ......................... SERVER passed test RidManager
     Starting test: MachineAccount
        Checking machine account for DC SERVER on DC SERVER.
        * SPN found :LDAP/SERVER.mcad.local/mcad.local
        * SPN found :LDAP/SERVER.mcad.local
        * SPN found :LDAP/SERVER
        * SPN found :LDAP/SERVER.mcad.local/MCAD
        * SPN found :LDAP/12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local
        * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/12a36ed6-9156-4bb8-9d8a-f523bd78ff47/mcad.local
        * SPN found :HOST/SERVER.mcad.local/mcad.local
        * SPN found :HOST/SERVER.mcad.local
        * SPN found :HOST/SERVER
        * SPN found :HOST/SERVER.mcad.local/MCAD
        * SPN found :GC/SERVER.mcad.local/mcad.local
        ......................... SERVER passed test MachineAccount
     Starting test: Services
        * Checking Service: Dnscache
        * Checking Service: NtFrs
        * Checking Service: IsmServ
        * Checking Service: kdc
        * Checking Service: SamSs
        * Checking Service: LanmanServer
        * Checking Service: LanmanWorkstation
        * Checking Service: RpcSs
        * Checking Service: w32time
        * Checking Service: NETLOGON
        ......................... SERVER passed test Services
     Starting test: OutboundSecureChannels
        * The Outbound Secure Channels test
        ** Did not run Outbound Secure Channels test
        because /testdomain: was not entered
        ......................... SERVER passed test OutboundSecureChannels
     Starting test: ObjectsReplicated
        SERVER is in domain DC=mcad,DC=local
        Checking for CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local in domain DC=mcad,DC=local on 1 servers
           Object is up-to-date on all servers.
        Checking for CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local in domain CN=Configuration,DC=mcad,DC=local on 1 servers
           Object is up-to-date on all servers.
        ......................... SERVER passed test ObjectsReplicated
     Starting test: frssysvol
        * The File Replication Service SYSVOL ready test 
        File Replication Service's SYSVOL is ready 
        ......................... SERVER passed test frssysvol
     Starting test: frsevent
        * The File Replication Service Event log test 
        ......................... SERVER passed test frsevent
     Starting test: kccevent
        * The KCC Event log test
        Found no KCC errors in Directory Service Event log in the last 15 minutes.
        ......................... SERVER passed test kccevent
     Starting test: systemlog
        * The System Event log test
        Found no errors in System Event log in the last 60 minutes.
        ......................... SERVER passed test systemlog
     Starting test: VerifyReplicas
        ......................... SERVER passed test VerifyReplicas
     Starting test: VerifyReferences
        The system object reference (serverReference)

        CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local and backlink on

        CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local

        are correct. 
        The system object reference (frsComputerReferenceBL)

        CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mcad,DC=local

        and backlink on CN=SERVER,OU=Domain Controllers,DC=mcad,DC=local are

        correct. 
        The system object reference (serverReferenceBL)

        CN=SERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mcad,DC=local

        and backlink on

        CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mcad,DC=local

        are correct. 
        ......................... SERVER passed test VerifyReferences
     Starting test: VerifyEnterpriseReferences
        ......................... SERVER passed test VerifyEnterpriseReferences
     Starting test: CheckSecurityError
        * Dr Auth:  Beginning security errors check!
        Found KDC SERVER for domain mcad.local in site Default-First-Site-Name
        Checking machine account for DC SERVER on DC SERVER.
        * SPN found :LDAP/SERVER.mcad.local/mcad.local
        * SPN found :LDAP/SERVER.mcad.local
        * SPN found :LDAP/SERVER
        * SPN found :LDAP/SERVER.mcad.local/MCAD
        * SPN found :LDAP/12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local
        * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/12a36ed6-9156-4bb8-9d8a-f523bd78ff47/mcad.local
        * SPN found :HOST/SERVER.mcad.local/mcad.local
        * SPN found :HOST/SERVER.mcad.local
        * SPN found :HOST/SERVER
        * SPN found :HOST/SERVER.mcad.local/MCAD
        * SPN found :GC/SERVER.mcad.local/mcad.local
        [SERVER] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
        ......................... SERVER passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
  
  Running partition tests on : ForestDnsZones
     Starting test: CrossRefValidation
        ......................... ForestDnsZones passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... ForestDnsZones passed test CheckSDRefDom
  
  Running partition tests on : DomainDnsZones
     Starting test: CrossRefValidation
        ......................... DomainDnsZones passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... DomainDnsZones passed test CheckSDRefDom
  
  Running partition tests on : Schema
     Starting test: CrossRefValidation
        ......................... Schema passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... Schema passed test CheckSDRefDom
  
  Running partition tests on : Configuration
     Starting test: CrossRefValidation
        ......................... Configuration passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... Configuration passed test CheckSDRefDom
  
  Running partition tests on : mcad
     Starting test: CrossRefValidation
        ......................... mcad passed test CrossRefValidation
     Starting test: CheckSDRefDom
        ......................... mcad passed test CheckSDRefDom
  
  Running enterprise tests on : mcad.local
     Starting test: Intersite
        Skipping site Default-First-Site-Name, this site is outside the scope

        provided by the command line arguments provided. 
        ......................... mcad.local passed test Intersite
     Starting test: FsmoCheck
        GC Name: \\SERVER.mcad.local
        Locator Flags: 0xe00001fd
        PDC Name: \\SERVER.mcad.local
        Locator Flags: 0xe00001fd
        Time Server Name: \\SERVER.mcad.local
        Locator Flags: 0xe00001fd
        Preferred Time Server Name: \\SERVER.mcad.local
        Locator Flags: 0xe00001fd
        KDC Name: \\SERVER.mcad.local
        Locator Flags: 0xe00001fd
        ......................... mcad.local passed test FsmoCheck
     Starting test: DNS
        Test results for domain controllers:
           
           DC: SERVER.mcad.local
           Domain: mcad.local

                 
              TEST: Authentication (Auth)
                 Authentication test: Successfully completed
                 
              TEST: Basic (Basc)
                  Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 2.0) is supported
                 NETLOGON service is running
                 kdc service is running
                 DNSCACHE service is running
                 DNS service is running
                 DC is a DNS server
                 Network adapters information:
                 Adapter [00000010] Realtek RTL8139/810x Family Fast Ethernet NIC:
                    MAC address is 00:0E:0C:3E:56:EB
                    IP address is static
                    IP address: 192.168.1.1
                    DNS servers:
                       127.0.0.1 (server.mcad.local.) [Valid]
                 The A record for this DC was found
                 The SOA record for the Active Directory zone was found
                 The Active Directory zone on this DC/DNS server was found (primary)
                 Root zone on this DC/DNS server was not found
                 
              TEST: Forwarders/Root hints (Forw)
                 Recursion is enabled
                 Forwarders Information: 
                    195.162.32.5 (<name unavailable>) [Valid] 
                    217.25.208.6 (<name unavailable>) [Valid] 
                    217.25.209.2 (<name unavailable>) [Valid] 
                    77.88.8.1 (<name unavailable>) [Valid] 
                    77.88.8.8 (<name unavailable>) [Valid] 
                    8.8.8.8 (<name unavailable>) [Valid] 
                 
              TEST: Delegations (Del)
                 Delegation information for the zone: mcad.local.
                    Delegated domain name: _msdcs.mcad.local.
                       DNS server: server.mcad.local. IP:192.168.1.1 [Valid] 
                 
              TEST: Dynamic update (Dyn)
                 Dynamic update is enabled on the zone mcad.local.
                 Test record _dcdiag_test_record added successfully in zone mcad.local.
                 Test record _dcdiag_test_record deleted successfully in zone mcad.local.
                 
              TEST: Records registration (RReg)
                 Network Adapter [00000010] Realtek RTL8139/810x Family Fast Ethernet NIC:
                    Matching A record found at DNS server 192.168.1.1:
                    SERVER.mcad.local

                    Matching CNAME record found at DNS server 192.168.1.1:
                    12a36ed6-9156-4bb8-9d8a-f523bd78ff47._msdcs.mcad.local

                    Matching DC SRV record found at DNS server 192.168.1.1:
                    _ldap._tcp.dc._msdcs.mcad.local

                    Matching GC SRV record found at DNS server 192.168.1.1:
                    _ldap._tcp.gc._msdcs.mcad.local

                    Matching PDC SRV record found at DNS server 192.168.1.1:
                    _ldap._tcp.pdc._msdcs.mcad.local

              Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec.
              Total WMI connection time:4 min. 11 sec. Total Netuse connection time:0 min. 0 sec.
        
        Summary of test results for DNS servers used by the above domain controllers:

           DNS server: 192.168.1.1 (server.mcad.local.)
              All tests passed on this DNS server
              This is a valid DNS server 
              Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
              Delegation to the domain _msdcs.mcad.local. is operational
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec.
              
           DNS server: 195.162.32.5 (<name unavailable>)
              All tests passed on this DNS server
              This is a valid DNS server 
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
              
           DNS server: 217.25.208.6 (<name unavailable>)
              All tests passed on this DNS server
              This is a valid DNS server 
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 42 sec.
              
           DNS server: 217.25.209.2 (<name unavailable>)
              All tests passed on this DNS server
              This is a valid DNS server 
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 42 sec.
              
           DNS server: 77.88.8.1 (<name unavailable>)
              All tests passed on this DNS server
              This is a valid DNS server 
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
              
           DNS server: 77.88.8.8 (<name unavailable>)
              All tests passed on this DNS server
              This is a valid DNS server 
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
              
           DNS server: 8.8.8.8 (<name unavailable>)
              All tests passed on this DNS server
              This is a valid DNS server 
              Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.
              
        Summary of DNS test results:
        
                                           Auth Basc Forw Del  Dyn  RReg Ext  
              ________________________________________________________________
           Domain: mcad.local
              SERVER                       PASS PASS PASS PASS PASS PASS n/a  
        
        Total Time taken to test all the DCs:4 min. 12 sec.
        ......................... mcad.local passed test DNS

除了具有複製測試的部分:

     Starting test: Replications
        * Replications Check
        DC=ForestDnsZones,DC=mcad,DC=local has 10 cursors.
        DC=DomainDnsZones,DC=mcad,DC=local has 9 cursors.
        CN=Schema,CN=Configuration,DC=mcad,DC=local has 10 cursors.
        CN=Configuration,DC=mcad,DC=local has 10 cursors.
        DC=mcad,DC=local has 9 cursors.
        * Replication Latency Check
           DC=ForestDnsZones,DC=mcad,DC=local
              Latency information for 9 entries in the vector were ignored.
                 9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
        ......................... SERVER passed test Replications

但我不知道如何解釋這些結果以及這些是否是錯誤。歡迎任何幫助!

雖然可以直接從 2003 遷移到 2016(但不是 2019,因為它需要Windows Server 2008 功能級別),但我記得Small Business Server (SBS) 是完全不同的野獸,進行一些調整可能會導致一些不必要的負擔. 使用 SBS 許可,您只能在您的環境中擁有一台 Windows Server,這違反了所有其他至少擁有兩個域控制器的建議,這也可能是您的遷移未按預期進行的原因。

您目前的環境和方法至少面臨三個挑戰:

  1. 從 2003 年到 2016 年是一個飛躍。
  2. 從SBS搬出去。
  3. 您正在使用.local域,不建議這樣做。

除非絕對不可能從頭開始創建新的 Windows AD 並遷移數據而不是目前的 AD 域,否則我建議安裝具有公開註冊ad.example.com子域的新 AD。由於 SBS 是為擁有 25 到 50 個工作站的小公司設計的,因此在這樣的小型環境中,它不應該是一個毫無疑問的任務。

很可能是由複制目標上的 RPC 埠關閉引起的。確保埠已打開/未過濾。

引用自:https://serverfault.com/questions/1039794