Active Directory Series IV: Implementation of a single-domain environment (multi-site)-Basic configuration

In the last period we learned the Active Directory Series II: the implementation of a single domain environment (single site), when we achieved in a site case. Let's look at a scene like this:

* * A corporate headquarters in Beijing, Shanghai and Guangdong have their own office area, the requirements of the implementation of the Active Directory domain environment. **

First, Analysis:

For the current situation of the enterprise, the logical structure can be a multi-domain and a single domain, such as we first take a single domain (it depends on whether you are ready to centralize management or decentralized management, where I use centralized management, the next topic I will talk about Multi-domain multi-site).

If you do not use a site, domain users in Shanghai and Guangdong will be slow to log on to the domain at the client (whether you have a DC in Shanghai or Guangdong, the reason is that the client will query the DC in this domain through DNS, and the DC that is found may be Beijing's (if the multiple DC will be dynamically positioned), This will be done through the WAN connection to the DC in Beijing for authentication. Also, if you have a DC in every area, the replication between DCs is also uncontrollable and generates a lot of traffic (for replication issues, I'll explain them later). Concurrently, we must divide the site.

The benefits of dividing the site:

1. Optimize login for client. When a domain user logs on to a client in Shanghai or Guangdong, DNS will find the DC within the site for the client, speeding up the authentication process.

2. Optimize the replication of the ad. Each DC to synchronize the ad database, if not divided into sites, this synchronization is ongoing, and the data is not compressed. If the process of dividing the site is controllable, especially in the case of multi-site, the superiority is more outstanding, I will discuss in detail in later topic.

Attach: About what is the site, is actually from the physical location to distinguish, a group of high-speed reliable subnet or multiple subnets. That is two points: the first physical location is different (in a region and high-speed connected), followed by different sites must use the corresponding different subnets, that is, Beijing is a subnet, Shanghai is another subnet, Guangdong is the third subnet, of course, can also have more than a subnet in Beijing. The concept of specific ad please read one of the Active Directory series: Basic concepts.

Second, build the process:

Planned in advance each subnet, such as Beijing subnet 10.1.1.0/24, Shanghai subnet 172.16.1.0/24, Guangdong subnet: 192.168.1.0/24.

(a) First in Beijing to create a single domain, this process please refer to the series of activity Directory Two: the implementation of a single domain environment (single site).

(b) The use of DCPROMO/ADV in Shanghai and Guangdong to complete the second/three DC construction, (for the use of this parameter, please refer to the Active Directory series of two: the implementation of a single domain environment (single site)). Note that the installation is complete under the default site at this time.

(iii) Completion of the site division and settings:

Open the ad Sites and Services Administration tool (or use the command Dssite.msc), as shown in the following illustration: There are three servers under the Default-first-site-name (default site) and are currently on the same site. (n1--Beijing, n2--Shanghai, n3--Guangdong)

Use the following four operations to complete the configuration process: