Azure Active Directory 域服务的副本集概念和功能Replica sets concepts and features for Azure Active Directory Domain Services

创建 Azure Active Directory 域服务 (Azure AD DS) 托管域时,需定义唯一的命名空间。When you create an Azure Active Directory Domain Services (Azure AD DS) managed domain, you define a unique namespace. 此命名空间是域名(如 aaddscontoso.com),两个域控制器 (DC) 随后会部署到所选 Azure 区域。This namespace is the domain name, such as aaddscontoso.com, and two domain controllers (DCs) are then deployed into your selected Azure region. DC 的这种部署称为副本集。This deployment of DCs is known as a replica set.

可以扩展托管域,使每个 Azure AD 租户具有多个副本集。You can expand a managed domain to have more than one replica set per Azure AD tenant. 可以将副本集添加到任何支持 Azure AD DS 的 Azure 区域中的任何对等互连虚拟网络。Replica sets can be added to any peered virtual network in any Azure region that supports Azure AD DS. 如果某个 Azure 区域处于离线状态,则不同 Azure 区域中的其他副本集可为旧版应用程序提供地理灾难恢复。Additional replica sets in different Azure regions provide geographical disaster recovery for legacy applications if an Azure region goes offline.

备注

副本集不允许在单个 Azure 租户中部署多个唯一托管域。Replica sets don't let you deploy multiple unique managed domains in a single Azure tenant. 每个副本集包含相同的数据。Each replica set contains the same data.

副本集的工作方式How replica sets work

创建托管域(如 aaddscontoso.com)时,将创建初始副本集。When you create a managed domain, such as aaddscontoso.com, an initial replica set is created. 其他副本集共享相同的命名空间和配置。Additional replica sets share the same namespace and configuration. 对 Azure AD DS 进行的更改(包括配置、用户标识和凭据、组、组策略对象、计算机对象以及其他更改)会应用于使用 AD DS 复制的托管域中的所有副本集。Changes to Azure AD DS, including configuration, user identity and credentials, groups, group policy objects, computer objects, and other changes are applied to all replica sets in the managed domain using AD DS replication.

在虚拟网络中创建每个副本集。You create each replica set in a virtual network. 每个虚拟网络都必须与托管域的副本集的每个其他虚拟网络对等互连。Each virtual network must be peered to every other virtual network that hosts a managed domain's replica set. 此配置将创建支持目录复制的网格网络拓扑。This configuration creates a mesh network topology that supports directory replication. 一个虚拟网络可以支持多个副本集,前提是每个副本集位于不同的虚拟子网中。A virtual network can support multiple replica sets, provided that each replica set is in a different virtual subnet.

所有副本集都放置在同一 Active Directory 站点中。All replica sets are placed in the same Active Directory site. 因此,所有更改都将使用站点内复制进行传播以实现快速聚合。As the result, all changes are propagated using intrasite replication for quick convergence.

备注

无法在副本集之间定义单独的站点以及定义复制设置。It's not possible to define separate sites and define replication settings between replica sets.

下图显示了具有两个副本集的托管域。The following diagram shows a managed domain with two replica sets. 第一个副本集使用域命名空间进行创建。The first replica set is created with the domain namespace. 第二个副本集在此之后创建:A second replica set is created after that:

具有两个副本集的示例托管域的示意图

备注

副本集可确保配置副本集的区域中的身份验证服务的可用性。Replica sets ensure availability of authentication services in regions where a replica set is configured. 若要使应用程序在发生区域性服务中断时具有地理冗余,依赖于托管域的应用程序平台也必须位于其他区域。For an application to have geographical redundancy if there's a regional outage, the application platform that relies on the managed domain must also reside in the other region.

副本集不会提供使应用程序正常运行所需的其他服务(如 Azure VM 或 Azure 应用服务)的复原能力。Resiliency of other services required for the application to function, such as Azure VMs or Azure App Services, isn't provided by replica sets. 其他应用程序组件的可用性设计需要考虑构成应用程序的服务的复原能力。Availability design of other application components needs to consider resiliency features for services that make up the application.

下面的示例显示了具有三个副本集的托管域,以便进一步提供复原能力并确保身份验证服务的可用性。The following example shows a managed domain with three replica sets to further provide resiliency and ensure availability of authentication services. 在这两个示例中,应用程序工作负载都与托管域副本集位于同一区域中:In both examples, application workloads exist in the same region as the managed domain replica set:

具有三个副本集的示例托管域的示意图

部署注意事项Deployment considerations

托管域的默认 SKU 为 Enterprise SKU,它支持多个副本集。The default SKU for a managed domain is the Enterprise SKU, which supports multiple replica sets. 如果更改为标准 SKU,则需创建其他副本集,请将托管域升级到 Enterprise 或 Premium 。To create additional replica sets if you changed to the Standard SKU, upgrade the managed domain to Enterprise or Premium.

支持的副本集的最大数量为四,包括创建托管域时所创建的第一个副本。The supported maximum number of replica sets is five, including the first replica created when you created the managed domain.

每个副本集的计费基于域配置 SKU。Billing for each replica set is based on the domain configuration SKU. 例如,如果你有一个使用 Enterprise SKU 的托管域,且有三个副本集,则对于三个副本集中的每个副本集,你的订阅都将按小时计费。For example, if you have a managed domain that uses the Enterprise SKU and you have three replica sets, your subscription is billed per hour for each of the three replica sets.

常见问题Frequently asked questions

能否在订阅中创建与托管域不同的副本集?Can I create a replica set in subscription different from my managed domain?

不是。No. 副本集必须与托管域位于同一订阅中。Replica sets must be in the same subscription as the managed domain.

可以创建多少个副本集?How many replica sets can I create?

最多可创建四个副本集 - 托管域的初始副本集,以及三个额外的副本集。You can create a maximum of five replica sets—the initial replica set for the managed domain, plus four additional replica sets.

如何将用户和组信息同步到我的副本集?How does user and group information get synchronized to my replica sets?

所有副本集都使用网格虚拟网络对等互联彼此连接。All replica sets are connected to each other using a mesh virtual network peering. 一个副本集接收来自 Azure AD 的用户和组更新。One replica set receives user and group updates from Azure AD. 然后,使用跨对等互连网络的站点内 AD DS 复制将这些更改复制到其他副本集。Those changes are then replicated to the other replica sets using intrasite AD DS replication over the peered network.

与本地 AD DS 一样,扩展的离线状态可能导致复制中断。Just like with on-premises AD DS, an extended disconnected state can cause disruption in replication. 由于对等互连虚拟网络不可传递,因此副本集的设计要求需要完全网格化的网络拓扑。As peered virtual networks aren't transitive, the design requirements for replica sets requires a fully meshed network topology.

拥有副本集后,如何在托管域中进行更改?How do I make changes in my managed domain after I have replica sets?

托管域中的更改会像其以前一样工作。Changes within the managed domain work just like they previously did. 你可以使用已加入托管域的 RSAT 工具创建和使用管理 VMYou create and use a management VM with the RSAT tools that is joined to the managed domain. 可以根据需要将任意数量的管理 VM 加入到托管域。You can join as many management VMs to the managed domain as you wish.

后续步骤Next steps

若要开始使用副本集,请创建并配置 Azure AD DS 托管域To get started with replica sets, create and configure an Azure AD DS managed domain. 部署后,创建并使用其他副本集When deployed, create and use additional replica sets.