Azure AD Connect:如何从 LocalDB 10 GB 的限制恢复Azure AD Connect: How to recover from LocalDB 10-GB limit

Azure AD Connect 要求使用 SQL Server 数据库来存储标识数据。Azure AD Connect requires a SQL Server database to store identity data. 可以使用随 Azure AD Connect 一起安装的默认 SQL Server 2012 Express LocalDB,也可以使用自己的完整 SQL。You can either use the default SQL Server 2012 Express LocalDB installed with Azure AD Connect or use your own full SQL. SQL Server Express 存在 10 GB 的大小限制。SQL Server Express imposes a 10-GB size limit. 使用 LocalDB 并达到此限制后,Azure AD Connect Synchronization Service 无法正常启动或同步。When using LocalDB and this limit is reached, Azure AD Connect Synchronization Service can no longer start or synchronize properly. 本文提供了恢复步骤。This article provides the recovery steps.

症状Symptoms

有两种常见的症状:There are two common symptoms:

  • Azure AD Connect Synchronization Service 可以运行但无法同步,并出现“stopped-database-disk-full”错误。Azure AD Connect Synchronization Service is running but fails to synchronize with “stopped-database-disk-full” error.

  • Azure AD Connect Synchronization Service 无法启动Azure AD Connect Synchronization Service is unable to start. 尝试启动该服务时失败且出现事件 6323 和错误消息“服务器遇到错误,因为 SQL Server 磁盘空间不足”。When you attempt to start the service, it fails with event 6323 and error message "The server encountered an error because SQL Server is out of disk space."

短期恢复步骤Short-term recovery steps

本部分提供的步骤用于回收 DB 空间,该空间是 Azure AD Connect Synchronization Service 恢复运行所必需的。This section provides the steps to reclaim DB space required for Azure AD Connect Synchronization Service to resume operation. 步骤包括:The steps include:

  1. 确定 Synchronization Service 状态Determine the Synchronization Service status
  2. 收缩数据库Shrink the database
  3. 删除运行历史记录数据Delete run history data
  4. 缩短运行历史记录数据的保留期Shorten retention period for run history data

确定同步服务状态 <a name="determine-the-synchronization-service-status"Determine the Synchronization Service status <a name="determine-the-synchronization-service-status"

首先,确定 Synchronization Service 是否仍在运行:First, determine whether the Synchronization Service is still running or not:

  1. 以管理员身份登录到 Azure AD Connect 服务器。Log in to your Azure AD Connect server as administrator.

  2. 转到“服务控制管理器”。Go to Service Control Manager.

  3. 检查 Azure AD Sync 的状态。Check the status of Azure AD Sync.

  4. 请勿停止或重新启动正在运行的服务。If it is running, do not stop or restart the service. 跳过收缩数据库步骤,转到删除运行历史记录数据步骤。Skip Shrink the database step and go to Delete run history data step.

  5. 如果服务未运行,请尝试启动服务。If it is not running, try to start the service. 如果服务成功启动,请跳过收缩数据库步骤,转到删除运行历史记录数据步骤。If the service starts successfully, skip Shrink the database step and go to Delete run history data step. 否则,请继续执行收缩数据库步骤。Otherwise, continue with Shrink the database step.

收缩数据库 Shrink the database

使用收缩操作可释放足够的 DB 空间,以便启动 Synchronization Service。Use the Shrink operation to free up enough DB space to start the Synchronization Service. 该操作释放 DB 空间的方式是删除数据库中的空格。It frees up DB space by removing whitespaces in the database. 此步骤只需尽力操作即可,因为无法保证总能恢复空间。This step is best-effort as it is not guaranteed that you can always recover space. 若要详细了解收缩操作,请阅读 Shrink a database(收缩数据库)一文。To learn more about Shrink operation, read this article Shrink a database.

Important

如果能够运行 Synchronization Service,请跳过此步骤。Skip this step if you can get the Synchronization Service to run. 建议不要收缩 SQL DB,因为随着碎片增加,可能会导致性能不佳。It is not recommended to shrink the SQL DB as it can lead to poor performance due to increased fragmentation.

为 Azure AD Connect 创建的数据库的名称为 ADSyncThe name of the database created for Azure AD Connect is ADSync. 若要执行收缩操作,必须以数据库的 sysadmin 或 DBO 身份登录。To perform a Shrink operation, you must log in either as the sysadmin or DBO of the database. 在 Azure AD Connect 安装过程中,为以下帐户授予了 sysadmin 权限:During Azure AD Connect installation, the following accounts are granted sysadmin rights:

  • 本地管理员Local Administrators
  • 曾用于运行 Azure AD Connect 安装的用户帐户。The user account that was used to run Azure AD Connect installation.
  • 用作 Azure AD Connect Synchronization Service 操作上下文的 Sync Service 帐户。The Sync Service account that is used as the operating context of Azure AD Connect Synchronization Service.
  • 安装期间创建的本地组 ADSyncAdmins。The local group ADSyncAdmins that was created during installation.
  1. 备份数据库,方法是将 %ProgramFiles%\Azure AD Sync\Data 下的 ADSync.mdfADSync_log.ldf 文件复制到安全位置。Back up the database by copying ADSync.mdf and ADSync_log.ldf files located under %ProgramFiles%\Azure AD Sync\Data to a safe location.

  2. 启动新的 PowerShell 会话。Start a new PowerShell session.

  3. 导航到文件夹 %ProgramFiles%\Microsoft SQL Server\110\Tools\BinnNavigate to folder %ProgramFiles%\Microsoft SQL Server\110\Tools\Binn.

  4. 启动 sqlcmd 实用程序,方法是运行 ./SQLCMD.EXE -S "(localdb)\.\ADSync" -U <Username> -P <Password> 命令并使用 sysadmin 或数据库 DBO 的凭据。Start sqlcmd utility by running the command ./SQLCMD.EXE -S "(localdb)\.\ADSync" -U <Username> -P <Password>, using the credential of a sysadmin or the database DBO.

  5. 如果要收缩数据库,请在 sqlcmd 提示符 (1>) 处输入 DBCC Shrinkdatabase(ADSync,1);,并在下一行输入 GOTo shrink the database, at the sqlcmd prompt (1>), enter DBCC Shrinkdatabase(ADSync,1);, followed by GO in the next line.

  6. 如果操作成功,请尝试再次启动 Synchronization Service。If the operation is successful, try to start the Synchronization Service again. 如果可以启动 Synchronization Service,请转到删除运行历史记录数据步骤。If you can start the Synchronization Service, go to Delete run history data step. 否则,请联系支持部门。If not, contact Support.

删除运行历史记录数据 Delete run history data

默认情况下,Azure AD Connect 最多保留 7 天的运行历史记录数据。By default, Azure AD Connect retains up to seven days’ worth of run history data. 在此步骤中,我们会通过删除运行历史记录数据来回收 DB 空间,这样 Azure AD Connect Synchronization Service 就可以重新开始同步。In this step, we delete the run history data to reclaim DB space so that Azure AD Connect Synchronization Service can start syncing again.

  1. 转到“开始”→ Synchronization Service,以便启动 Synchronization Service ManagerStart Synchronization Service Manager by going to START → Synchronization Service.

  2. 转到“操作”选项卡。Go to the Operations tab.

  3. 在“操作”下面,选择“清除运行…”Under Actions, select Clear Runs

  4. 可以选择“清除所有运行”或“清除 <date> 之前的运行…”选项。You can either choose Clear all runs or Clear runs before… <date> option. 建议一开始清除超过两天的运行历史记录数据。It is recommended that you start by clearing run history data that are older than two days. 如果仍遇到 DB 大小问题,则选择“清除所有运行”选项。If you continue to run into DB size issue, then choose the Clear all runs option.

缩短运行历史记录数据的保留期 Shorten retention period for run history data

此步骤是为了在多次同步周期后降低遇到 10 GB 限制问题的可能性。This step is to reduce the likelihood of running into the 10-GB limit issue after multiple sync cycles.

  1. 打开新的 PowerShell 会话。Open a new PowerShell session.

  2. 运行 Get-ADSyncScheduler 并记下 PurgeRunHistoryInterval 属性,该属性指定当前的保留期。Run Get-ADSyncScheduler and take note of the PurgeRunHistoryInterval property, which specifies the current retention period.

  3. 运行 Set-ADSyncScheduler -PurgeRunHistoryInterval 2.00:00:00,将保留期设置为两天。Run Set-ADSyncScheduler -PurgeRunHistoryInterval 2.00:00:00 to set the retention period to two days. 根据需要调整保留期。Adjust the retention period as appropriate.

长期解决方案 - 迁移到完整的 SQLLong-term solution - Migrate to full SQL

通常情况下,此问题表示 10 GB 的数据库大小已经无法让 Azure AD Connect 将本地 Active Directory 同步到 Azure AD。In general, the issue is indicative that 10-GB database size is no longer sufficient for Azure AD Connect to synchronize your on-premises Active Directory to Azure AD. 建议改用完整版 SQL Server。It is recommended that you switch to using the full version of SQL server. 不能直接将现有 Azure AD Connect 部署的 LocalDB 替换为完整版 SQL 的数据库,You cannot directly replace the LocalDB of an existing Azure AD Connect deployment with the database of the full version of SQL. 而必须使用完整版 SQL 来部署新的 Azure AD Connect 服务器。Instead, you must deploy a new Azure AD Connect server with the full version of SQL. 建议执行交叉迁移,将新的 Azure AD Connect 服务器(装有 SQL DB)部署为过渡服务器,与现有的 Azure AD Connect 服务器(装有 LocalDB)并存。It is recommended that you do a swing migration where the new Azure AD Connect server (with SQL DB) is deployed as a staging server, next to the existing Azure AD Connect server (with LocalDB).

后续步骤Next steps

了解有关 将本地标识与 Azure Active Directory 集成的详细信息。Learn more about Integrating your on-premises identities with Azure Active Directory.