可以用repadmin /prp配置需要缓存在RODC中的账户
The following example lists the users whose passwords are currently cached on the domain controller named br1-rodc01:
repadmin /prp view br1-rodc01 reveal
The following command caches the password for the user account named MikeDan on the domain controller named br1-rodc1:
repadmin /prp add br1-rodc1 allow cn=MikeDan,ou=user-groups,dc=contoso,dc=com
参考链接:http://technet.microsoft.com/en-us/library/cc835090(v=ws.10).aspx
Your network contains an Active Directory domain named contoso.com. The domain contains a main officeand a branch office. An Active Directory site exists for each office.
All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. Thedomain controllers are configured as shown in the following table.
You add the DNS Server server role to DC2.
You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema,and configuration naming contexts replicate from DC1 to DC2.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
Which tool should you use?
A.Ntdsutil
B.DNS Manager
C.Active Directory Users and Computers
D.Active Directory Sites and Services
Correct Answer: B
释疑:因为题目中已经说明You verify that the domain, schema,and configuration naming contexts replicate from DC1 to DC2.,所以使用AD Sites and Services和repadmin命令是不能让DNS复制成功的。选择DNS Manager的主要用意是改变DNS的区域传送范围。
Your network contains an Active Directory domain named contoso.com. The domain contains a servernamed Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in theexhibit. (Click the Exhibit button.)
You need to configure Server1 as an enterprise subordinate certification authority (CA).
What should you do first?
A.Add RAM to the server.
B.Set the Startup Type of the Certificate Propagation service to Automatic.
C.Install the Certification Authority Web Enrollment role service.
D.Join Server1 to the contoso.com domain.
我认为正确答案应该是:D
参考链接:http://www.tinthuc.com/Microsoft/you-need-to-configure-server2-as-an-enterprise-subordinate-c/
Dcpromo会自动在DNS服务器建立一个名称为_msdcs.的区域。此区域配置为森林中复制到每个运行DNS的每一个域控制器上的应用目录区域。此复制使区域在森林的任何地方保持高可用性。
Changing the quorum configuration in a failover cluster for unequal node weight
In most failover clusters, each node gets one vote. In certain circumstances, you might want to install a hotfix that lets you select which nodes will have votes. This can be useful with certain multi-site clusters, for example, where you want one site to have more votes than other sites in a disaster recovery situation. Install the hotfix to all nodes (not just the node that will not have a vote). To download and install the hotfix, see http://support.microsoft.com/kb/2494036. To configure a node so that it does not have a vote, at the command prompt, type:
cluster . node <NodeName> /prop NodeWeight=0
This sets the NodeWeight property to 0. Similarly, to return the node to having a vote, set the NodeWeight property to 1.
After you have applied the hotfix described in this section, you might want to start a node but prevent it from achieving quorum and forming the cluster (to prevent a "split" situation with two competing instances of the cluster running). To do this, start the Cluster service with the /preventquorum option, which can be abbreviated as /pq, as shown in the following command:
net start clussvc /pq
防止群集节点进行仲裁投票,可以选择 NodeWeight=0
参考链接:http://technet.microsoft.com/en-us/library/cc770620(v=WS.10).aspx#BKMK_node_weight
-----------------------------------------------------------------------------------------------------------------------------------
站点间默认的复制频率是15分钟到一星期,但可以通过options选项来绕过该限制。
http://www.itgeared.com/articles/1091-modifying-behavior-of-inter-site/
-----------------------------------------------------------------------------------------------------------------------------------
在两个站点中的DC,在确认域,架构,配置命名空间上下文可以在两个DC间复制,但是在DC上的集成DNS区域,却没有成功复制,可以上有AD站点和服务管理器,在创建的站点链接上,点击立即复制即可。
-----------------------------------------------------------------------------------------------------------------------------------
set-gppermission -name "DAC Policy" -permissionlevel gporead -targetname user1 -targettype user -replace
该powershell命令是用来设置组策略对象的委派权限,委派权限有三种,分别为:gporead,gpoedit,GpoEditDeleteModifySecurity和none。其中的replace参数,举例来说,当用户user1拥有GpoEditDeleteModifySecurity权限,那么当使用set-gppermission更改权限为gporead时,user1的权限不会改变,因为原先的GpoEditDeleteModifySecurity权限比gporead要高。当加上replace参数时,user1的权限将会由原先的GpoEditDeleteModifySecurity,变更为gporead
链接gpo的权限是属于域和ou的权限,是在域或OU的委派设置中进行更改的,使用Set-gppermission不能更改链接gpo权限。
-----------------------------------------------------------------------------------------------------------------------------------
windows数据重删支持条件:
1、不支持系统及启动卷。
2、支持MBR和GPT分区,分区格式必须是ntfs
3、支持共享存储,例如:FC和SAS阵列,iSCSI SAN和windows 故障转移集群。
4、支持在集群共享卷上启用数据重删,但是不能使用持续的数据重删方式来处理文件访问。
5、不支持弹性文件系统。
6、不支持可移动驱动器和远程映射驱动器。
-----------------------------------------------------------------------------------------------------------------------------------
AD RMS可以在“扩展的AD RMS策略模板”中,设置当用户离开公司网络是,依旧可以打开受RMS保护的文件
-----------------------------------------------------------------------------------------------------------------------------------
当在配置“访问拒绝帮助”时,如果组策略中,策略-->系统-->访问拒绝帮助中,自定义访问被拒绝是错误消息,设置成disable是,在文件服务器资源管理器中,“启用拒绝访问帮助”选项是灰色的。
-----------------------------------------------------------------------------------------------------------------------------------
DNS查询的顺序是先查询根提示,在去查询转发器的
参考链接:http://technet.microsoft.com/en-us/library/ee649221(v=ws.10).aspx
-----------------------------------------------------------------------------------------------------------------------------------
可以使用bootrec.exe /rebuildbcd 来修复双启动菜单丢失的情况。(需要用windows安装光盘启动,进入修复系统)
-----------------------------------------------------------------------------------------------------------------------------------
IPAM服务器的provisioning method,可以被配置成基于组策略或手动,只要一旦被配置完成,无法再将其更改,只有重新安装角色才能更改。
-----------------------------------------------------------------------------------------------------------------------------------
LUN的英文全称是Logical Unit Number
-----------------------------------------------------------------------------------------------------------------------------------
Virtual Machine Manager (VMM) supports the following types of migration:(虚拟机迁移速度由上至下,逐步加快)
-
Network migration—This is the slowest type of migration and performs a network copy of the virtual machine data using BITS. The amount of downtime is in direct proportion to the size of the data transfer.
-
Quick migration—This type of migration is also known as cluster transfer, and can be used to migrate a highly available virtual machine. It leverages Windows Failover Cluster to migrate virtual machines between cluster nodes. The running state of the virtual machine is saved to disk (the virtual machine is hibernated), the disk is failed over to the other cluster node, and then the saved state is loaded to wake up the virtual machine. Downtime is minimal because quick migration takes a snapshot of the virtual machine and transfers data without requiring the virtual machine to be turned off.
-
Quick storage migration—Quick storage migration allows you to move virtual machine storage from one location to another. For example, you can move the storage for a virtual machine from a Fibre Channel SAN to an iSCSI SAN. The virtual disks of a running virtual machine can be migrated independent of storage protocols (SCSI, Fibre Channel) or storage types (local, DAS, SAN). Downtime is minimal because quick storage migration takes a snapshot of the virtual machine and transfers data without requiring the virtual machine to be turned off.
-
SAN migration—This type of migration uses SAN transfer to migrate virtual machines, and highly available virtual machines, into and out of a cluster. It can be used when both the source and destination hosts have access to the same storage infrastructure (LUN), and the storage can be transferred from one host to another. For SAN migration, the files for a virtual machine are not copied from one server to another and thus downtime is minimized. SAN migration can be used to copy a virtual machine from one host to another, or copying a virtual machine to or from the library. Note the following:
-
When you migrate a virtual machine into a cluster by using a SAN transfer, VMM checks that each node in the cluster can see the LUN, and automatically creates a cluster disk resource for the LUN.
-
To migrate a virtual machine out of a cluster, the virtual machine must be on a dedicated LUN that is not using CSV.
-
The following SAN infrastructures are supported for migration: Fiber Channel; iSCSI SANs; N_Port ID Virtualization (NPID).
-
-
Live migration—This type of migration moves a virtual machine running as part of a failover cluster from one cluster to another with no noticeable downtime for users or network applications.
