This article from the "yue lei's Microsoft Network Classroom" blog, please be sure to keep this source http://yuelei.blog.51cto.com/202879/121735
In the previous article, we introduced the significance of deploying the out-of-charge Domain Controller and how to deploy the out-of-charge domain controller online, that is, the remote Domain Controller obtains active directory data from the replication partner online through the network. Online deployment of the out-of-scope controller is our first choice when deploying the out-of-scope controller. It is convenient and suitable for use in a fast network connection environment. However, we also need to consider another scenario where domain controllers are connected through low-speed networks! If the network quality between domain controllers is unsatisfactory, for example, if some domain controllers need to be deployed in Africa, we cannot expect a high-speed, stable, and reliable communication network. In this case, if we still deploy the out-of-the-box domain controller in the online mode, it may be worth the effort! How should we solve this problem? We can consider using offline deployment of the out-of-scope controller. That is to say, the out-of-scope controller copies offline files from Active Directory instead of from other domain controllers over the network when replicating Active Directory, this effectively avoids dependency on the network environment.
So how can we get the offline files of Active Directory? We can get it from the backup of Active Directory. Specifically, after we back up the Active Directory, we extract the files required by the offline deployment of the remote domain controller from the backup, then, it is transmitted to the computer where the extra-Domain Controller needs to be deployed through various means. For example, you can burn an offline file to a CD, and then bring it to the CD during a business trip. Alternatively, you can store the file on a server that supports resumable download to allow the other party to download it over the network. After obtaining the offline file of Active Directory, the other party can call the offline file through dcpromo to deploy the remote domain controller.
We use a specific example to describe the experiment topology, as shown in. Florence is the domain controller, and Firenze is the extra-Domain Controller that is prepared to be deployed offline.
The specific deployment process is divided into the following two phases:
- ObtainActive DirectoryOffline files
- Offline deploy a remote Domain Controller
I,
Obtain
Active Directory
Offline files
First, we back up active directory on the domain controller Florence. The backup tool uses the ntbackup that comes with the system. For detailed backup process, refer to the previous blog, which is not described here. The offline data of Active Directory comes from the backup of Active Directory. However, you must note that the granularity of ntbackup backup is not very detailed. Therefore, when backing up the system state, in addition to Active Directory, other contents are backed up. As shown in, the backup system state is divided into five parts: Active Directory, boot files, COM + class registration database, registry, and sysvol.In fact, we only need to deploy the out-of-quota Domain Controller in offline mode.Active Directory,RegistryAndSysvolThree parts.
It is the backup file generated after the system state is backed up. We can see that the size of the backup file is about mb. In fact, only a small part of the data is what we need.
We are going to extract the offline data of active directory from the backup. We use the ntbackup tool, as shown in. After we start ntbackup on Florence, select "Restore Files And Settings ".
Choose to restore the backup file of system state. From the catalog results, we can see that the backup file of System State contains five parts.
As shown in, do not select complete. Click "advanced" to set it. Otherwise, the system will restore the backup file to the original location.
Instead of restoring the backup to the original location, we should restore it to the backup location, as shown in. The backup location we selected is C:/adbak, this is to expand the contents of the backup file to C:/adbak.
Use the default value for the restore option.
Keep the default settings.
As shown in, the restoration is completed successfully.
See what the expanded backup file is, as shown in. We can see that the backup file is expanded into five directories, each storing part of the backup. Offline deployment only requires the content of the Active Directory, registry, and sysvol folders. The data in these three folders is about 40 MB. Compared with the backup file, the volume of MB has indeed shrunk a lot. We will transfer the contents of these three folders to the computer where the controller is to be deployed as an extra-Domain Controller. Now, the preparation of the Active Directory offline file is completed.
II,
Offline deploy a remote Domain Controller
After obtaining the offline file of Active Directory, we can deploy the extra-Domain Controller on Firenze, as shown in, we run dcpromo/adv on Firenze.
The Active Directory Installation Wizard appears. Click Next to continue.
Select to become an extra-Domain Controller.
Select to copy active directory from the backup file. The path of the backup file is C:/adbak, which contains three folders copied from Florence, Active Directory, registry, and sysvol.
Whether to set Firenze to a Global Catalog depends on actual requirements. In this experiment, we do not need to configure Firenze to a Global Catalog server.
Enter the domain administrator password to create active directory on Firenze.
Enter the restore mode password and continue.
As shown in, deploy the out-of-Domain Controller offline on Firenze.
After the active directory is created and restarted, you can find that Firenze has become a domain controller. At this point, the backup offline deployment quota of the external domain controller has been successfully completed!
This article from the "yue lei's Microsoft Network Classroom" blog, please be sure to keep this source http://yuelei.blog.51cto.com/202879/121735