Reproduced http://yuelei.blog.51cto.com/202879/117599
Deploy a remote Domain ControllerIn the previous blog, we introduced the core role of the domain controller in allocating network resources, and analyzed the disaster scenarios caused by domain controller crash, in the previous blog, we proposed to use the AD data backup method for disaster reconstruction of the domain controller. Today we will introduce the use of the extra-Domain Controller to avoid domain crash. If there is only one domain controller in the domain, once a physical fault occurs, even if we can restore the Active Directory from the backup, we will have to pay the cost of downtime wait, which means that the company's business will be stuck. Deploying an out-of-scope domain controller refers to deploying a second or more domain controllers in the domain. Each domain controller has an active directory database. The external domain controller has many advantages. First, it avoids service stagnation caused by domain controller corruption. If a domain controller is damaged, as long as one of the other domain controllers in the domain works properly, Domain Users can continue to complete user logon, access network resources, and other work. Domain-based resource allocation will not be stagnant. The use of domain controller can also play a role in load balancing, if the company only has one domain controller, and the company's users reach tens of thousands of people, assume that the domain controller processes a user login time is 0.1 seconds, the last user must have a certain latency when logging on to the system. If there is an out-of-scope domain controller, each out-of-scope controller can process user login requests, and the user does not have to wait that long. In particular, if the geographic distribution of the domain is across the WAN, for example, some computers in the domain are in Beijing, some are in Shanghai, and some are in Guangzhou, therefore, it is clear that the login request of Shanghai users is submitted to the domain controller in Beijing through the low-speed Wan for verification. The ideal solution is in Beijing, Shanghai, A remote domain controller is deployed in Guangzhou to facilitate nearby login. If there are multiple domain controllers in the domain, each domain controller has an active directory database, and the Active Directory content on the domain controller is dynamically synchronized, that is, any domain controller modifies the Active Directory.
Directory, other domain controllers must apply this modification to their active directory to ensure the integrity and uniqueness of Active Directory data. Otherwise, if the active status of each Domain Controller
If the directory content is inconsistent, the authority of the domain controller will be questioned. Here, by the way, many friends like to refer to the first domain controller in the domain as the primary domain controller, and the others as the secondary domain controller, strictly speaking, this statement is not rigorous. The term "primary domain controller" is true in the NT4 environment, because NT4 domain divides domain controllers into two categories: primary domain controllers and backup domain controllers. The difference between the two is that only the primary domain controller can modify the data in the domain, while the backup Domain Controller only has the permission to read the data in the domain, similar to the difference between the primary DNS server and the secondary server. This structure of NT4 is called Single-master replication, and since Win2000 uses active
After directory, all domain controllers can independently modify the content of the Active Directory database. The current domain structure is called multi-master replication. Therefore, the first domain controller in the win2003 domain is not very rigorous, although in fact the first domain controller undertakes more tasks than other domain controllers. In this experiment, we plan to deploy an extra-Domain Controller in the domain. The role of the Extra-Domain Controller is assumed by Firenze. As shown in the topology, the DNS server is still assumed by a separate computer 192.168.11.1. First, set the TCP/IP attribute on Firenze, as shown in. Make sure that the DNS server used by Firenze is correct, because Firenze depends on the DNS server to locate the domain controller. Firenze does not need to be added to the domain first, and Firenze is an independent computer in the Working Group. Run dcpromo on Firenze, as shown in. The Installation Wizard for Active Directory appears. Click Next to continue. This time, we choose to create an out-of-quota Domain Controller for the existing domain and click Next to continue. Enter the domain administrator account to verify that you have the permission to complete the deployment of the external domain controller. Firenze will be the extra-Domain Controller of the adtest.com domain. Use the default value for the storage path of the Active Directory database. You can also use the default value for the storage path of the sysvol folder. Enter the administrator password in directory service recovery mode, which will be used in backup and recovery of Active Directory. Confirm that all settings are correct and click Next to continue. As shown in, Firenze copies active directory from the first domain controller Florence to the local machine through the network. After the Active Directory is installed, click "Firenze" to restart. At this point, the deployment of the remote domain controller is complete. After Firenze is deployed, open the Active Directory user and computer on Firenze, as shown in. We can see that Firenze has copied the Active Directory content of Florence. Check the DNS server and you can see that the DNS has a firneze SRV record.
