Four AD installation and configuration methods (1)

The article I wrote here does not detail how to implement DNS delegate. a dns server is used in all scenarios. For more details, refer to win2000 dns white paper, which has been downloaded from the Microsoft website. In addition, I personally suggest that if you want to manage AD well, you still need to make some efforts to figure out the DNS. Otherwise, even if it is installed, it is difficult to troubleshoot problems during management.

Environment: Two win2k servers. The configuration is as follows:

1: computer name: server1IP: 192.168.0.1
2: computer name: server2IP: 192.168.0.2

Scenario 1: single-domain, single-Domain Controller

Objective: To create server1 as a domain controller with the domain name test.com and server2 as the member server

AD requires DNS support. DNS can be installed before and after the Active Directory is installed. We recommend that you install and manually configure the Active Directory before the Active Directory is installed.

(1A)

Install DNS (on Server 1)

1: Install the DNS service. For forestroot DNS, we recommend that you first unload the original DNS on the machine, including deleting the DNS directory under system32. Install the service again)

2: Create a forward lookup zone named test.com. Reverse lookup zone enter network number 192.168.0

3: set two zones to allow dynamic update

4: point the DNS address to 192.168.0.1 in a local connection

5: Set primary dns suffix to test.com

6: restart as prompted.

7: After restarting, we found that test.com had A record of server1, which means everything is normal. Ptr records in the reverse zone

(Note that the first part of the domain name should not be the same as the computer name. If you do not use abc.com on the computer abc, otherwise, the netbios Name of the domain and the netbios Name of the computer will be the same by default)

(1B)

Select the domain controller, new tree, and new forest that is installed as the new domain according to the normal situation Dcpromo.

During installation, no information such as "DNS not found" should be prompted, which is normal.

After installing AD, check whether there are four directories in DNS test.com that contain the SRV records. The directories are TCP, UDP, MSDCS, and Sites. If one does not exist, restart the Net logon Service. If not, the installation is faulty. Generally, it is normal.

Check whether the Event Viewer contains any error logs about directory service.

(1C)

Set server2 to member server

Direct dns to server1 on server2, modify primary dns suffix to test.com, restart, add server2 to domian, and open ad user and computer on server1, the computer account of Server 2 is displayed in the computer container. DNS also has A server 2 A record. View the Event Viewer to ensure that no bad records exist.

Case 2: single domain, two Domain Controllers

Objective: server1 is the first domain controller, server2 is the second domain controller, and the installation of the domain name test. comserver1 is the same as that of 1a and 1b.

For Server 2.

2a)

1: before installation, this machine belongs to the domain or working group.

2: Direct dns to server1192.160.1)

3: changing primary suffix to test.com suffix can be automatically modified, but manual modification is always reassuring)

4: restart the machine. We recommend that you restart the machine.

5: Check the dns on Server 1. The a record of Server 2 will be found in the zone test.com. If not, you can use ipconfig/registerdns to manually register the instance.

If not, the dns is not set according to 1a ).

2b)

1: dcpromo, start the wizard

2: select and install it as another domain controller for an existing domain

3: Enter the identity as prompted. This identity is the enterprise admins identity, that is, the administrator and password of test.com.

4: select the domain to be added. Here is test.com.

5. Complete other options

3c)

1: After installation, you can view the Server 1 and Server 2 computer accounts in the domain controller ou in ad user and computer (ad u & c ).

2: The srv record of server2 can be found in the four directories tcp udp msdcs sites of dns test.com. If not, restart the netlogon service on Server 2 and try to use ipcpnfig/registerdns to register again.

3: You can add new objects to the two domain controllers and check whether the mutual replication is normal.

4: Of course, other tools, such as dcdiag and repmonitor, can be used to check some problems. However, this is a simple post.

5: view the Event Viewer to ensure that no bad records exist.