Home > Developer > Mobile Develop

Attack on Office Web apps deployment-Build a domain control server

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Start with the first note: I configured the environment to use three 2012server virtual machines, three virtual machines must be added domain control, and login operation must be logged in the domain account, otherwise the test does not pass! Two virtual machines (Window Server 2012) were built on the notebook, one as the ad server, the domain control server, and one as the Web Apps Server server, and the native as the Web application servers.

First, build a domain control server

  2. First, open Server Manager and click Add Features and Roles.

  4. Go to the Add Roles and Features Wizard, check that the static IP address (for 192.168.100.100) is configured to complete, the Administrator account is using a strong password and the latest security update can be ignored in the experiment, click "Next".

  6. We install on a physical computer that is running locally, so the installation type chooses the first "role-based or feature-based installation".
  8. The server selects the local server in the server pool.
  10. In the server role, make sure that "DNS server" is installed, and if it is not installed, check "DNS Server". Then tick "Active directory Domain Services" and install the Domain Services Administration tool on that server.

  12. The installation of Active Directory Domain Services on Windows Server R2 does not require the addition of additional features, just click "Next".

  14. Confirm that the selection is correct and click the "Install" button to start the installation.

  16. After the Active directory Domain Services installation is complete, click Promote this server to a domain controller. If you accidentally click the End button to close the wizard, you can also find it in Server Manager.

  18. Enter the Active directory Domain Services Configuration Wizard, the deployment action Select Add a New forest and enter the root domain name, and you must use the allowed DNS domain naming convention.

  20. Create a new forest, the Domain Controller Options page displays the following options.

    By default, the forest and domain functional levels are set to Windows Server 2012.

    Provides a new feature at the Windows Server 2012 domain functional level: The KDC Administrative Template policy that supports dynamic access control and Kerberos protection has two settings that require the Windows Server 2012 domain functional level ("always provide a claim "and" Failed to protect authentication requests "). The

    Windows Server 2012 forest functional level does not provide any new functionality, but ensures that any new domains created in the forest are automatically run at the Windows Server 2012 domain functional level. In addition to supporting dynamic access control and Kerberos protection, the Windows Server 2012 domain functional level does not provide any other new functionality, but it ensures that any domain controller in the domain can run Windows Server 2012. When

    Exceeds the functional level, a domain controller running Windows Server 2012 provides additional functionality that is not available to domain controllers that are running earlier versions of Windows Server. For example, a domain controller running Windows Server 2012 can be used for virtual domain controller cloning, while a domain controller that is running an earlier version of Windows Server cannot.

    When you create a new forest, the DNS server is selected by default. The first domain controller in a forest must be a global catalog (GC) server and cannot be a read-only domain controller (RODC).

    Requires a directory Service Restore Mode (DSRM) password to log on to a domain controller that is not running AD DS. The password specified must follow the password policy applied to the server, and no strong password is required by default, and only a non-blank password. Always select a complex strong password or a preferred password.

  22. When you install a DNS server, you should create a delegation record in the parent Domain Name System (DNS) zone that points to the DNS server and has zone permissions. Delegation records transfer name resolution authorities and provide the correct reference to other DNS servers and clients for new servers that are authorized to manage new zones. Because the native parent domain points to itself, the DNS server cannot be delegated without creating a DNS delegation.

  24. Ensure that the domain is assigned a NetBIOS name.

  26. The paths page can be used to override the default folder location for the AD DS database, the database transaction log, and the SYSVOL share. The default location is always in%systemroot% and remains the default.

  28. The Review Options page can be used to validate settings and ensure that requirements are met before starting the installation. This is not the last chance to stop using Server Manager installation. This page just lets you review and confirm the settings before continuing with the configuration.

  30. Some of the warnings shown on this page include:

    A domain controller running Windows Server 2008 or later has a default setting for Allow Windows NT 4 cryptographic algorithms to be enforced, which prevents the encryption algorithm from weakening when a secure channel session is established. Unable to create or update DNS delegation. Click the "Install" button to start the installation.

  32. After installation, the system will automatically restart (PS: Remember to change the computer name), after the restart will be logged in as a domain administrator, the domain controller configuration is complete.

Attack on Office Web apps deployment-Build a domain control server

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More