Activity Directory Series III: Implementation of a multi-domain environment (single site)

Here I only discuss the situation of single site, about multi-site next topic again discuss. The so-called single site, only the entire forest structure in a geographical location, such as in Beijing. The interior is connected by high-speed lines such as 100M. The default site name is Default-first-site-name. You can view it through the ad sites and services component.

First, why do you create multiple domains in a forest?

1. There are different password requirements between departments (or branch offices), and domains can be created for departments (or branch offices).

2. There are a large number of Active Directory objects that can be decomposed into multiple domains so that fewer Active Directory objects per domain.

3. Decentralized network management, rather than being managed by a domain administrator, multiple domains imply multiple Domain Admins.

4. More control over replication.

Second, create a child domain

First complete the company's first domain, using DCPROMO to complete the construction work. The concrete construction situation please refer to the Activity Directory series two: the Single domain environment realization (single site). Let me talk about the construction of subdomain: Here is the implementation step.

1. Set the IP address of the DNS for the computer that you want to do as a domain DC to point to forest root DNS.

2. Run Dcpromo installation complete.

* * If you want to make the DC as a child domain to do DNS, complete the resolution of the computer in this domain, you need to be in the parent domain DNS for subdomain delegation. The specific actions are as follows:

Open the DNS component of the root DC, delete the child domain, and then create a new child domain delegation and specify the FQDN of the delegate and the appropriate IP address.

Install the DNS service on the DC of the child domain, create a new DNS zone, and then point the DNS native to itself. Restart the Netlogon service.

Setting up child domain DNS for conditional forwarding points to forest root DNS.

Note: The client DNS for the child domain points to its own DNS.

* * If you want the parent domain DNS to be the name parsing work for a subdomain, you can not use it as an operation above.

It is also advisable to schedule multiple DCs for redundancy within a child domain.

Summary: Domain delegation on the forest root DNS, conditional forwarding to forest root DNS on child domain DNS.