Lab environment: Hyper-V virtual machines
Machine: ad:server2003 192.168.1.254 255.255.255.0
Extra Ad:server R2 192.168.1.21 255.255.255.0
pc:win7 192.168.1.100 255.255.255.0
Deploy AD on 2003
Additional AD servers are first added to the domain for deployment
PC1 on the add domain. Authenticating the server with a command
650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/ Wkiom1xekftxivhkaabawy7zuj4435.jpg "" 342 "height="/>
The server2008 R2 is promoted to an additional domain control, but it prompts an error
650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M00/71/06/ Wkiol1xekloc7iqgaaduh8v6q38592.jpg "" 558 "height=" 278 "/>
This is due to the 2008 and 2003 of the ad schema differences caused by the only need to expand the 2003 AD schema to 2008 can be, first put 2008 of the CD into 2003 of the computer, open cmd use CD Boot Adprep32.exe ( If 2003 is 32 bits, use Adprep32.exe if 64 bits is used Adprep.exe)
650) this.width=650; "title=" clip_image006 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M01/71/06/ Wkiol1xeklrcax8yaailetqksou376.jpg "" 557 "height=" 363 "/>
It's a long waiting process to write down.
650) this.width=650; "title=" clip_image008 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/ Wkiom1xekglrwqigaac1fhqiieo903.jpg "" 532 "height=" 127 "/>
Next, raise the ad level. There is a default of 2000 mixed Mode Commission for 2003 mode.
650) this.width=650; "title=" clip_image010 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/M02/71/06/ Wkiol1xekmktra6faaejt9dptj0898.jpg "" 557 "height="/>
Then continue to promote DomainPrep
650) this.width=650; "title=" clip_image012 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xekgqhrlbeaacy89cuvis054.jpg "" 521 "height=" 168 "/>
Then continue to promote
650) this.width=650; "title=" clip_image014 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xekg3wommzaaecfq3k4ca430.jpg "" 557 "height=" 269 "/>
Continue to promote read-only domain controllers
650) this.width=650; "title=" clip_image016 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/M01/71/06/ Wkiol1xekm6swxibaab2ahgsg88246.jpg "502" height= "/>"
Now that all the improvements to the ad architecture are complete, the next step is to deploy an additional domain controller.
650) this.width=650; "title=" clip_image018 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image018 "src=" http://s3.51cto.com/wyfs02/M02/71/06/ Wkiol1xeknhhcocaaac5dwxmx5g424.jpg "" 491 "height=" 219 "/>
Additional domain control deployment OK, go ahead is the process of additional domain control of the main domain, the following will be divided into two ways to do an active passive style.
650) this.width=650; "title=" clip_image020 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image020 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xekhmgvzjyaacjmlzyqtc712.jpg "" 557 "height=" 161 "/>
Proactively complete the conversion of additional domain-to-primary domains:
Log in to the main domain run cmd at the prompt enter: ntdsutil enter and then input roles enter in the input connections return in the input connect to server ad.com, prompt for the binding after successful input quit
650) this.width=650; "title=" clip_image022 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xekh2bbuk3aaei7cvbsj0438.jpg "" 504 "height=" 261 "/>
Then in Famo maintenance: back input? See what you can do.
The next five major roles are transferred.
650) this.width=650; "title=" clip_image024 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image024 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/ Wkiom1xekikrx2v6aafy1zhtwyu234.jpg "" 557 "height=" 254 "/>
After the completion of the next step is the global directory transfer.
650) this.width=650; "title=" clip_image026 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image026 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xekibt24e9aaffl0aei1e277.jpg "" 557 "height=" 292 "/>
We need to remove 2003 of the global catalog to tick off the 2008 tick can be ...
The task for the additional domain to lift the primary domain is complete.
Finally, there is the need to swap the primary domain with the IP address of the additional domain, OK.
There is also a graphic transfer of the five main characters: you can refer to the personal feeling of the command is better.
First, run MMC, add/Remove Snap-in, and add the Active directory schema.
650) this.width=650; "title=" clip_image028 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image028 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xekivj0enraae-oiinkd4877.jpg "" 558 "height=" 419 "/>
Third, right-click Active Directory Schema and select Change Active Directory domain controller
650) this.width=650; "title=" clip_image030 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image030 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/wKiom1XEKI_ Tno7xaadvnxonf1s427.jpg "" 558 "height=" 419 "/>
Iv. in the "Change Directory Server" dialog box, select "DC2.book.com" (This is the PC domain name we need to upgrade to the primary domain), press "OK"
650) this.width=650; "title=" clip_image032 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image032 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xekjpha55eaadxg-7rh4a340.jpg "" 558 "height=" 419 "/>
Five, continue to press "OK".
650) this.width=650; "title=" clip_image034 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image034 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xekjjq6dmuaad75m6ci2o006.jpg "" 558 "height=" 419 "/>
Vi. continue to right-click Active directory Schema and select operations master.
650) this.width=650; "title=" clip_image036 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image036 "src=" http://s3.51cto.com/wyfs02/M00/71/07/ Wkiol1xekpnsck3baaejligahl4371.jpg "" 558 "height=" 419 "/>
Seven, click "Change" here to change the schema host name.
650) this.width=650; "title=" clip_image038 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image038 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/ Wkiom1xekkpcr4rhaaelfqpuo40067.jpg "" 558 "height=" 419 "/>
Eight, prompt confirm change operation master, point "yes".
650) this.width=650; "title=" clip_image040 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image040 "src=" http://s3.51cto.com/wyfs02/M01/71/07/ Wkiol1xekqbaw3bxaaezrueay5w760.jpg "" 558 "height=" 419 "/>
Nine, prompt for successful changes, click "OK".
650) this.width=650; "title=" clip_image042 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image042 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xeklcinnctaaewatifmdi685.jpg "" 558 "height=" 419 "/>
X. Open "Active Directory Users and Computers", right-click on "Book.com" and select "Operations master"
650) this.width=650; "title=" clip_image044 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image044 "src=" http://s3.51cto.com/wyfs02/M00/71/07/ Wkiol1xekrowl6lgaaerfq_ft1u709.jpg "" 558 "height=" 419 "/>
XI. Click "Change" to change the host role.
650) this.width=650; "title=" clip_image046 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image046 "src=" http://s3.51cto.com/wyfs02/M01/71/07/ Wkiol1xekrigucz-aaecyn-eagi461.jpg "" 558 "height=" 419 "/>
12, ask whether to transfer "host role", select "Yes"
650) this.width=650; "title=" clip_image048 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image048 "src=" http://s3.51cto.com/wyfs02/M02/71/07/ Wkiol1xekryblt5taaesedyz78s241.jpg "" 558 "height=" 419 "/>
13. Click "PDC" to continue the change.
650) this.width=650; "title=" clip_image050 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image050 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xekmxahyafaaehalbfhbs820.jpg "" 558 "height=" 419 "/>
14. After the "infrastructure" changes, the following error message will appear, no need to ask me why.
650) this.width=650; "title=" clip_image052 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image052 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xekmua8rcdaaetcddknqo894.jpg "" 558 "height=" 419 "/>
16, to here continue to complete, but also the last step.
Open the Active Directory domain and trust relationship
650) this.width=650; "title=" clip_image054 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image054 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/ Wkiom1xekm-dpfd3aaebjefz6n4706.jpg "" 558 "height=" 419 "/>
17. Right-click Active Directory Domain and trust relationship and select operations master
650) this.width=650; "title=" clip_image056 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image056 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xeknpyccolaadmzorafbq009.jpg "" 558 "height=" 419 "/>
18. On the Operations master page, select Change.
650) this.width=650; "title=" clip_image058 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image058 "src=" http://s3.51cto.com/wyfs02/M01/71/0A/ Wkiom1xeknmbbo0gaaejhldnnps870.jpg "" 558 "height=" 419 "/>
19. Click "OK" to complete all operations.
650) this.width=650; "title=" clip_image060 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image060 "src=" http://s3.51cto.com/wyfs02/M00/71/07/ Wkiol1xektibgazmaaeonbrzeju363.jpg "" 558 "height=" 419 "/>
20, see below, DC2 whether to promote the primary domain controller.
650) this.width=650; "title=" clip_image062 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image062 "src=" http://s3.51cto.com/wyfs02/M00/71/07/wKioL1XEKtuB11_ Xaaeea5ldlyg166.jpg "" 558 "height=" 419 "/>
,
Here are five big roles to seize.
First of all clear our protagonist tool ntdsutil~
650) this.width=650; "title=" clip_image064 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image064 "src=" Http://s3.51cto.com/wyfs02/M01/71/07/wKioL1XEKt_D1aBoAAEje _9bmqe219.jpg "" 542 "height=" 208 "/>
And then? To see what features you can use, the first thing to do is to have the right to operate on five roles, which is called a token to have such a right to use the "roles" function
650) this.width=650; "title=" clip_image066 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image066 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/wKiom1XEKOuifOLUAAEY_ Svrnfs183.jpg "" 483 "height=" 192 "/>
There are also some other commands that you can see in the authorization restore.
650) this.width=650; "title=" clip_image068 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image068 "src=" http://s3.51cto.com/wyfs02/M02/71/0A/ Wkiom1xekppb299taajtdrq0rpu210.jpg "" 535 "height=" 311 "/>
Next you need to connect to the host to operate. After the connection is ready to use the attention to watch the command.
650) this.width=650; "title=" clip_image070 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; margin:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image070 "src=" http://s3.51cto.com/wyfs02/M00/71/0A/ Wkiom1xekpwyax7daacdb-c_kdq088.jpg "" 541 "height=" 118 "/>
After the connection is good, it is to transfer the feeling.
Where "seize" is the preemption role tool, the Ransfer is the delivery tool.
Note: Delivery does not need to say, to say a preemption. When using command preemption will appear error, this is very normal, is because, before preemption, will do a pre-existing AD connection verification, to determine the connection can not be used to preempt, so there will be error, do not worry.
650) this.width=650; "title=" clip_image072 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image072 "src=" Http://s3.51cto.com/wyfs02/M01/71/07/wKioL1XEKvjhFqbTAAGyC _eatky676.jpg "" 557 "height="/>
after five roles have been transferred, change the IP to the global directory Address Change OK ..
The last five major roles:
Domain naming Master Domain naming master
Infrastructure Master Infrastructure Master
PDC primary domain controller emulator
Rid Master Unique identifier Correspondence table (personal understanding)
Schema Master Schema Master
Tell me about the ad migration. The most complete migration mode
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
