Deploying additional domain controllers, Active directory family Four

Source: Internet
Author: User
Tags modify resource backup

In the previous blog, we introduced the core role of domain controllers in network resource allocation, and we analyzed the disaster scenarios that would result if a domain controller crashed, and in the previous blog we proposed using the method of AD data backup to perform a disaster reconstruction of the domain controller, Today we introduce the use of additional domain controllers to avoid domain crashes.

If there is only one domain controller in the domain, if there is a physical failure, even if we can restore ad from backup, we also pay the cost of downtime, which means that the company's business will stagnate. Deploying an additional domain controller means deploying a second or more domain controller in a domain, each with an Active Directory database. The benefits of using additional domain controllers are many, the first is to avoid domain controller damage caused by business stagnation, if a domain controller is corrupted, as long as the other domain controllers in the domain is working properly, domain users can continue to complete user login, access to network resources, such as a series of work, domain-based resource allocation will not stagnate. The use of domain controllers can also play a role in load balancing, if the company has only one domain controller, and the company users to tens of thousands of people, assuming that the domain controller processing a user logon time is 0.1 seconds, the last user login to enter the system must encounter a certain delay. If there is an additional domain controller, then each additional domain controller can handle the user's logon request, and the user will not have to wait that long. Especially if the geographic distribution of a domain spans a wide area network, for example, the computer in the domain some in Beijing, some in Shanghai, some in Guangzhou, then obviously the Shanghai user's login request through the Low speed WAN submitted to the Beijing domain controller for verification is not an efficient approach, the more ideal approach is in Beijing, Shanghai, Guangzhou has deployed additional domain controllers to facilitate users to log in nearby.

If you have more than one domain controller in a domain, you have an Active Directory database on each domain controller, and Active Directory content on a domain controller is dynamically synchronized, that is, any domain controller modifies Active Directory. Other domain controllers will be able to effect this modification on their Active Directory to ensure the integrity and uniqueness of Active Directory data. Otherwise, if the Active Directory content of each domain controller is inconsistent, the authority of the domain controller will be challenged.

Mention here, by the way the primary domain controller this term, many friends like to the domain of the first domain controller called the primary domain controller, the other additional domain controller is called as a secondary domain controller, strictly speaking this is not rigorous. The term primary domain controller is established in a NT4 environment because NT4 domains divide domain controllers into two classes, the primary domain controller and the backup domain controller. The difference is that only the primary domain controller can modify data within the domain, while the backup domain controller only reads the data within the domain, similar to the difference between the primary and secondary servers of DNS. This structure of NT4 is called single master replication, and since Win2000 uses Active Directory, all domain controllers can modify the contents of the Active Directory database autonomously, and now the domain structure is called multiple master replication. Therefore, the first domain controller in the Win2003 domain, which we call the primary domain controller, is less rigorous, although the first domain controller actually takes on more tasks than the other domain controllers.

In this experiment we are going to deploy an additional domain controller in the domain, the role of the additional domain controller is assumed by Firenze, as shown in the following figure, the DNS server is still 192.168.11.1 by a separate computer.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.